-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (103 loc) · 5.22 KB
/
docker-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: docker-publish.yml
on:
push:
branches: [main, master, release-*]
jobs:
build-images:
runs-on: ubuntu-latest-xl
continue-on-error: false
env:
TAG: github-1
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 #get all the history!!!
- id: changes
name: determine changes
uses: ./.github/actions/changes
with:
workflow-file: docker-publish.yml
- name: setup_aws_ecr_login
run: |
echo 'AWS_ECR_ACCOUNT_URL=${{ secrets.AWS_ECR_ACCOUNT_NUM }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com' >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Sign in to dockerhub, install image signing cert.
uses: ./.github/actions/dockerhub_login
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
key_material: ${{ secrets.DOCKERHUB_KEY_MATERIAL }}
key_name: ${{ secrets.DOCKERHUB_KEY_NAME }}
key_password: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
- name: should pre build docker images (targeting a release branch)?
if: ${{ github.ref == 'refs/heads/auto' }}
run: |
if [[ ! "$CHANGES_TARGET_BRANCH" =~ "^release-[0-9|.]+$" ]] && [[ ! "$CHANGES_TARGET_BRANCH" =~ "^gha-test-[0-9|.]+$" ]] ; then
echo Targeting branch $CHANGES_TARGET_BRANCH will not pre-publish docker images.
fi
- name: pre-release docker images
if: ${{ github.ref == 'refs/heads/auto' }}
run: |
BRANCH="$CHANGES_TARGET_BRANCH"
success=0
tmpfile=$(mktemp)
echo "Failed to push:" > "${tmpfile}"
docker/build_push.sh -u -p -b ${BRANCH} -n client || success=$(echo "client" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n init || success=$(echo "init" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n faucet || success=$(echo "faucet" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n tools || success=$(echo "tools" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n validator || success=$(echo "validator" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n validator-tcb || success=$(echo "validator-tcb" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -p -b ${BRANCH} -n cluster-test || success=$(echo "cluster-test" >> "${tmpfile}"; echo 1)
if [[ "$success" == "1" ]]; then
cat "${tmpfile}"
fi
exit $success
env:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
- name: pull pre images (or build if not pullable) and push release docker images if not on auto branch.
if: ${{ github.ref != 'refs/heads/auto' }}
run: |
set -x
BRANCH=$(echo "$GITHUB_REF" | sed 's|.*/||' )
success=0
tmpfile=$(mktemp)
echo "Failed to push:" >> "${tmpfile}"
docker/build_push.sh -u -b ${BRANCH} -n client || success=$(echo "client" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n init || success=$(echo "init" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n faucet || success=$(echo "faucet" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n tools || success=$(echo "tools" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n validator || success=$(echo "validator" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n validator-tcb || success=$(echo "validator-tcb" >> "${tmpfile}"; echo 1)
docker/build_push.sh -u -b ${BRANCH} -n cluster-test || success=$(echo "cluster-test" >> "${tmpfile}"; echo 1)
if [[ "$success" == "1" ]]; then
cat "${tmpfile}"
fi
exit $success
env:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
- name: Republish to libra.
if: ${{ always() && github.ref != 'refs/heads/auto' }}
run: |
GIT_REV=$(git rev-parse --short=8 HEAD)
BRANCH=$(echo "$GITHUB_REF" | sed 's|.*/||' )
docker/docker_republish.sh -t ${BRANCH}_${GIT_REV} -g libra
env:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
- name: push to novi ecr
if: ${{ always() && github.ref != 'refs/heads/auto' }}
run: |
#push to novi ecr with standard names
BRANCH=$(echo "$GITHUB_REF" | sed 's|.*/||' )
GIT_REV=$(git rev-parse --short=8 HEAD)
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | \
docker login --username AWS --password-stdin "${AWS_ECR_ACCOUNT_URL}"
docker/docker_republish.sh -t ${BRANCH}_${GIT_REV} -r ${AWS_ECR_ACCOUNT_URL} -d