130 lines (115 loc) · 3.99 KB
/
container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Publish docker container snapshot
on:
workflow_call:
inputs:
ref:
description: "git ref to checkout to"
type: string
default: "master"
image-name:
description: "Docker image name"
type: string
default: "docker.fluence.dev/nox"
flavour:
# not used, here for compatibility
description: "nox flavour"
type: string
default: "minimal"
nox-sha:
# not used, here for compatibility
description: "sha256 hash of nox binary"
type: string
outputs:
nox-image:
description: "nox snapshot image"
value: ${{ jobs.publish.outputs.image }}
jobs:
publish:
name: "Publish snapshot"
runs-on: builder
timeout-minutes: 60
outputs:
image: "${{ inputs.image-name }}@${{ steps.docker.outputs.digest }}"
permissions:
contents: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: fluencelabs/nox
ref: ${{ inputs.ref }}
- name: Import secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: https://vault.fluence.dev
path: jwt/github
role: ci
method: jwt
jwtGithubAudience: "https://github.com/fluencelabs"
jwtTtl: 300
secrets: |
kv/hub.docker.com/fluencebot username | DOCKER_HUB_USERNAME ;
kv/hub.docker.com/fluencebot password | DOCKER_HUB_PASSWORD ;
kv/docker-registry/basicauth/ci username | DOCKER_USERNAME ;
kv/docker-registry/basicauth/ci password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_HUB_USERNAME }}
password: ${{ env.DOCKER_HUB_PASSWORD }}
- name: Login to private docker registry
uses: docker/login-action@v3
with:
registry: docker.fluence.dev
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Download nox binary
uses: actions/download-artifact@v4
with:
path: docker/binaries
- name: Generate snapshot version
id: version
uses: fluencelabs/github-actions/generate-snapshot-id@main
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Build and push container snapshot image
id: docker
uses: docker/build-push-action@v5
with:
context: ./docker
push: true
platforms: linux/amd64,linux/arm64
tags: |
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}_${{ github.run_number }}_${{ github.run_attempt }}
labels: |
branch=${{ steps.version.outputs.branch }}
sha=${{ steps.version.outputs.sha }}
run_number=${{ github.run_number }}
run_attempt=${{ github.run_attempt }}
cache-from: type=gha
# github allows only 10GB of cache
# so save cache only on merge to master
# to use less space and speed up CI
cache-to: ${{ github.event == 'push' && 'type=gha,mode=max' || '' }}
- name: Print results to check summary
if: always()
run: |
cat <<'SNAPSHOT' >> $GITHUB_STEP_SUMMARY
## nox
digest: `${{ steps.docker.outputs.digest }}`
```
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}_${{ github.run_number }}_${{ github.run_attempt }}
```
### Access to Fluence docker registry
```
vault read kv/basicauth/dev
docker login docker.fluence.dev
```
SNAPSHOT