forked from paritytech/polkadot
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Publish RC container images (paritytech#7556)
* WIP * Add missing checkout * Add debuggin * Fix VAR name * Bug fix * Rework jobs * Revert "Rework jobs" This reverts commit 2bfa79f. * Add cache * Add temp default for testing * Add missing checkout * Fix patch * Comment out the GPG check for now * Rename polkadot_injected_release into a more appropriate polkadot_injected_debian * Refactoring / renaming * Introduce a generic image for binary injection * Flag files to be deleted and changes to be done * WIP * Fix multi binaries images * Add test build scripts * Remove old file, add polkadot build-injected script * Fix doc * Fix tagging * Add build of the injected container * Fix for docker * Remove the need for TTY * Handling container publishing * Fix owner and registry * Fix vars * Fix repo * Fix var naming * Fix case when there is no tag * Fix case with no tag * Handle error * Fix spacings * Fix tags * Remove unnecessary grep that may fail * Add final check * Clean up and introduce GPG check * Add doc * Add doc * Update doc/docker.md Co-authored-by: Mira Ressel <mira@parity.io> * type Co-authored-by: Mira Ressel <mira@parity.io> * Fix used VAR * Improve doc * ci: Update .build-push-image jobs to use the new build-injected.sh * ci: fix path to build-injected.sh script * Rename the release artifacts folder to prevent confusion due to a similar folder in the gitlab CI * ci: check out polkadot repo in .build-push-image This seems far cleaner than copying the entire scripts/ folder into our job artifacts. * feat(build-injected.sh): make PROJECT_ROOT configurable This lets us avoid a dependency on git in our CI image. * ci: build injected images with buildah * ci: pass full image names to zombienet * Add missing ignore --------- Co-authored-by: Mira Ressel <mira@parity.io>
- Loading branch information
Showing
35 changed files
with
661 additions
and
323 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
name: Release - Publish RC Container image | ||
# see https://github.com/paritytech/release-engineering/issues/97#issuecomment-1651372277 | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
release_id: | ||
description: | | ||
Release ID. | ||
You can find it using the command: | ||
curl -s \ | ||
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \ | ||
jq '.[] | { name: .name, id: .id }' | ||
required: true | ||
type: string | ||
registry: | ||
description: "Container registry" | ||
required: true | ||
type: string | ||
default: docker.io | ||
owner: | ||
description: Owner of the container image repo | ||
required: true | ||
type: string | ||
default: parity | ||
|
||
env: | ||
RELEASE_ID: ${{ inputs.release_id }} | ||
ENGINE: docker | ||
REGISTRY: ${{ inputs.registry }} | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }} | ||
REPO: ${{ github.repository }} | ||
ARTIFACT_FOLDER: release-artifacts | ||
|
||
jobs: | ||
fetch-artifacts: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout sources | ||
uses: actions/checkout@v3 | ||
|
||
- name: Fetch all artifacts | ||
run: | | ||
. ./scripts/ci/common/lib.sh | ||
fetch_release_artifacts | ||
- name: Cache the artifacts | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
key: artifacts-${{ github.sha }} | ||
path: | | ||
${ARTIFACT_FOLDER}/**/* | ||
build-container: | ||
runs-on: ubuntu-latest | ||
needs: fetch-artifacts | ||
|
||
strategy: | ||
matrix: | ||
binary: ["polkadot", "staking-miner"] | ||
|
||
steps: | ||
- name: Checkout sources | ||
uses: actions/checkout@v3 | ||
|
||
- name: Get artifacts from cache | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
key: artifacts-${{ github.sha }} | ||
path: | | ||
${ARTIFACT_FOLDER}/**/* | ||
- name: Check sha256 ${{ matrix.binary }} | ||
working-directory: ${ARTIFACT_FOLDER} | ||
run: | | ||
. ../scripts/ci/common/lib.sh | ||
echo "Checking binary ${{ matrix.binary }}" | ||
check_sha256 ${{ matrix.binary }} && echo "OK" || echo "ERR" | ||
- name: Check GPG ${{ matrix.binary }} | ||
working-directory: ${ARTIFACT_FOLDER} | ||
run: | | ||
. ../scripts/ci/common/lib.sh | ||
import_gpg_keys | ||
check_gpg ${{ matrix.binary }} | ||
- name: Fetch commit and tag | ||
id: fetch_refs | ||
run: | | ||
release=release-${{ inputs.release_id }} && \ | ||
echo "release=${release}" >> $GITHUB_OUTPUT | ||
commit=$(git rev-parse --short HEAD) && \ | ||
echo "commit=${commit}" >> $GITHUB_OUTPUT | ||
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \ | ||
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \ | ||
echo "No tag, doing without" | ||
- name: Build Injected Container image for ${{ matrix.binary }} | ||
env: | ||
BIN_FOLDER: ${ARTIFACT_FOLDER} | ||
BINARY: ${{ matrix.binary }} | ||
TAGS: ${{join(steps.fetch_refs.outputs.*, ',')}} | ||
run: | | ||
echo "Building container for ${{ matrix.binary }}" | ||
./scripts/ci/dockerfiles/build-injected.sh | ||
- name: Login to Dockerhub | ||
uses: docker/login-action@v2 | ||
with: | ||
username: ${{ inputs.owner }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Push Container image for ${{ matrix.binary }} | ||
id: docker_push | ||
env: | ||
BINARY: ${{ matrix.binary }} | ||
run: | | ||
$ENGINE images | grep ${BINARY} | ||
$ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY} | ||
- name: Check version for the published image for ${{ matrix.binary }} | ||
env: | ||
BINARY: ${{ matrix.binary }} | ||
RELEASE_TAG: ${{ steps.fetch_refs.outputs.release }} | ||
run: | | ||
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}" | ||
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,3 +10,7 @@ polkadot.* | |
!polkadot.service | ||
.DS_Store | ||
.env | ||
|
||
artifacts | ||
release-artifacts | ||
release.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.