feat: update docker builds to publish to ECR #252
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| release: | |
| types: [published] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| DASEL_VERSION: https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64 | |
| RUST_VERSION: 1.79 | |
| FUEL_CORE_VERSION: 0.31.0 | |
| IMAGE_NAME: ${{ github.repository }} | |
| REPO_NAME: ${{ github.event.repository.name }} | |
| AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-block-committer | |
| AWS_ECR_ORG: fuellabs | |
| REGISTRY: ghcr.io | |
| ECR_BUILD_CACHE_REPO: fuel-block-committer-cache | |
| jobs: | |
| verify-rust-version: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Ensure CI is using the same minimum toolchain specified in fuels Cargo.toml | |
| - run: | | |
| curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel | |
| mv ./dasel /usr/local/bin/dasel | |
| MIN_VERSION=$(cat Cargo.toml | dasel -r toml 'workspace.package.rust-version') | |
| RUST_VERSION="${{ env.RUST_VERSION }}" | |
| echo "Comparing minimum supported toolchain ($MIN_VERSION) with ci toolchain (RUST_VERSION)" | |
| test "$MIN_VERSION" == "$RUST_VERSION" | |
| verify-helm-chart: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: alexellis/setup-arkade@v1 | |
| - uses: alexellis/arkade-get@master | |
| with: | |
| helm: latest | |
| - name: Lint helm chart | |
| run: helm lint helm/fuel-block-committer | |
| - name: Verify helm chart version matches crate | |
| run: | | |
| ./.github/scripts/verify_chart_version.sh | |
| cargo-verifications: | |
| needs: | |
| - verify-rust-version | |
| runs-on: buildjet-4vcpu-ubuntu-2204 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check for typos | |
| uses: crate-ci/[email protected] | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| components: clippy,rustfmt | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| - name: Build cache | |
| uses: buildjet/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Run cargo check with all features | |
| run: cargo check --all-features | |
| - name: Run cargo fmt --check | |
| run: cargo fmt --all --verbose -- --check | |
| - name: Run cargo clippy | |
| run: cargo clippy --all-targets | |
| - name: Install Fuel Core | |
| run: | | |
| curl -sSLf https://github.com/FuelLabs/fuel-core/releases/download/v${{ env.FUEL_CORE_VERSION }}/fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz -L -o fuel-core.tar.gz | |
| tar -xvf fuel-core.tar.gz | |
| chmod +x fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core | |
| mv fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core /usr/local/bin/fuel-core | |
| - name: Run tests | |
| run: ./run_tests.sh | |
| publish-crates-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - name: Publish crate check | |
| uses: katyo/publish-crates@v2 | |
| with: | |
| dry-run: true | |
| check-repo: false | |
| ignore-unpublished-changes: true | |
| publish-crates: | |
| needs: | |
| - cargo-verifications | |
| - publish-crates-check | |
| # Only do this job if publishing a release | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - name: Verify tag version | |
| run: | | |
| curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel | |
| mv ./dasel /usr/local/bin/dasel | |
| ./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml | |
| - name: Publish crate | |
| uses: katyo/publish-crates@v2 | |
| with: | |
| publish-delay: 30000 | |
| registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| build-docker-images: | |
| needs: | |
| - cargo-verifications | |
| strategy: | |
| matrix: | |
| arch: [ | |
| {platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204}, | |
| {platform: linux/arm64, runner: buildjet-8vcpu-ubuntu-2204-arm} | |
| ] | |
| runs-on: ${{ matrix.arch.runner }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Configure AWS credentials for ECR cache | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Log in to the ghcr.io registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log in to the docker.io registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: fuellabs | |
| password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v3 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=semver,pattern={{raw}} | |
| type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
| flavor: | | |
| latest=${{ github.ref == 'refs/heads/master' }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.arch.platform }} | |
| file: Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_BUILD_CACHE_REPO }}:latest-${{ matrix.arch.runner }} | |
| cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_BUILD_CACHE_REPO }}:latest-${{ matrix.arch.runner }},mode=max | |
| outputs: type=docker,dest=/tmp/img-${{ matrix.arch.runner }}.tar | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: docker-${{ matrix.arch.runner }} | |
| path: /tmp/img-${{ matrix.arch.runner }}.tar | |
| publish-docker-images: | |
| needs: | |
| - build-docker-images | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Download Docker images | |
| id: download-files | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: docker-* | |
| merge-multiple: false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Load Docker images | |
| run: | | |
| ls -al ${{ steps.download-files.outputs.download-path }} | |
| for f in ${{ steps.download-files.outputs.download-path }}/*; do docker load --input $f; done | |
| docker image ls | |
| - name: Configure AWS credentials for ECR publishing | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
| aws-region: us-east-1 # ecr public is only in us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Log in to the ghcr.io registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log in to the docker.io registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: fuellabs | |
| password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
| # - name: Docker metadata | |
| # id: meta | |
| # uses: docker/metadata-action@v3 | |
| # with: | |
| # images: | | |
| # ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # ${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }} | |
| # tags: | | |
| # type=sha | |
| # type=ref,event=branch | |
| # type=ref,event=tag | |
| # type=semver,pattern={{raw}} | |
| # type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
| # flavor: | | |
| # latest=${{ github.ref == 'refs/heads/master' }} | |
| # - name: Build and publish Docker images | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # platforms: ${{ matrix.arch.platform }} | |
| # file: Dockerfile | |
| # push: true | |
| # tags: ${{ steps.meta.outputs.tags }} | |
| # labels: ${{ steps.meta.outputs.labels }} | |
| # cache-from: type=registry,ref=${{ env.REGISTRY }}/fuellabs/fuel-block-committer-build-cache:latest | |
| # cache-to: type=registry,ref=${{ env.REGISTRY }}/fuellabs/fuel-block-committer-build-cache:latest,mode=max | |
| # - uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
| # if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
| # with: | |
| # github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} |