Skip to content

feat: update docker builds to publish to ECR #276

feat: update docker builds to publish to ECR

feat: update docker builds to publish to ECR #276

Workflow file for this run

name: CI
on:
push:
branches:
- master
pull_request:
release:
types: [published]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
DASEL_VERSION: https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64
RUST_VERSION: 1.79
FUEL_CORE_VERSION: 0.31.0
IMAGE_NAME: ${{ github.repository }}
REPO_NAME: ${{ github.event.repository.name }}
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-block-committer
AWS_ECR_ORG: fuellabs
REGISTRY: ghcr.io
ECR_BUILD_CACHE_REPO: fuel-block-committer-cache
jobs:
verify-rust-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Ensure CI is using the same minimum toolchain specified in fuels Cargo.toml
- run: |
curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel
mv ./dasel /usr/local/bin/dasel
MIN_VERSION=$(cat Cargo.toml | dasel -r toml 'workspace.package.rust-version')
RUST_VERSION="${{ env.RUST_VERSION }}"
echo "Comparing minimum supported toolchain ($MIN_VERSION) with ci toolchain (RUST_VERSION)"
test "$MIN_VERSION" == "$RUST_VERSION"
verify-helm-chart:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: alexellis/setup-arkade@v1
- uses: alexellis/arkade-get@master
with:
helm: latest
- name: Lint helm chart
run: helm lint helm/fuel-block-committer
- name: Verify helm chart version matches crate
run: |
./.github/scripts/verify_chart_version.sh
cargo-verifications:
needs:
- verify-rust-version
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Check for typos
uses: crate-ci/[email protected]
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
components: clippy,rustfmt
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Build cache
uses: buildjet/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Run cargo check with all features
run: cargo check --all-features
- name: Run cargo fmt --check
run: cargo fmt --all --verbose -- --check
- name: Run cargo clippy
run: cargo clippy --all-targets
- name: Install Fuel Core
run: |
curl -sSLf https://github.com/FuelLabs/fuel-core/releases/download/v${{ env.FUEL_CORE_VERSION }}/fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz -L -o fuel-core.tar.gz
tar -xvf fuel-core.tar.gz
chmod +x fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core
mv fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core /usr/local/bin/fuel-core
- name: Run tests
run: ./run_tests.sh
publish-crates-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Publish crate check
uses: katyo/publish-crates@v2
with:
dry-run: true
check-repo: false
ignore-unpublished-changes: true
publish-crates:
needs:
- cargo-verifications
- publish-crates-check
# Only do this job if publishing a release
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Verify tag version
run: |
curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel
mv ./dasel /usr/local/bin/dasel
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml
- name: Publish crate
uses: katyo/publish-crates@v2
with:
publish-delay: 30000
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
build-docker-images:
needs:
- cargo-verifications
strategy:
matrix:
arch: [
{platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204},
{platform: linux/arm64, runner: buildjet-8vcpu-ubuntu-2204-arm}
]
runs-on: ${{ matrix.arch.runner }}
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${IMAGE_NAME@L}" >>${GITHUB_ENV}
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR cache
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_URL }}
- name: Build Docker image
uses: docker/build-push-action@v4
id: build
with:
context: .
platforms: ${{ matrix.arch.platform }}
file: Dockerfile
#tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_BUILD_CACHE_REPO }}:latest-${{ matrix.arch.runner }}
cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_BUILD_CACHE_REPO }}:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true
#outputs: type=docker,dest=/tmp/img-${{ matrix.arch.runner }}.tar
outputs: |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
publish-docker-images:
needs:
- build-docker-images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
flavor: |
latest=${{ github.ref == 'refs/heads/master' }}
- name: Debug
run: |
echo $DOCKER_METADATA_OUTPUT_JSON
jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON"
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }}:${{ steps.meta.outputs.version }}
# - name: Docker metadata
# id: meta
# uses: docker/metadata-action@v3
# with:
# images: |
# ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# ${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }}
# tags: |
# type=sha
# type=ref,event=branch
# type=ref,event=tag
# type=semver,pattern={{raw}}
# type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
# flavor: |
# latest=${{ github.ref == 'refs/heads/master' }}
# - name: Build and publish Docker images
# uses: docker/build-push-action@v4
# with:
# context: .
# platforms: ${{ matrix.arch.platform }}
# file: Dockerfile
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# cache-from: type=registry,ref=${{ env.REGISTRY }}/fuellabs/fuel-block-committer-build-cache:latest
# cache-to: type=registry,ref=${{ env.REGISTRY }}/fuellabs/fuel-block-committer-build-cache:latest,mode=max
# - uses: FuelLabs/.github/.github/actions/slack-notify-template@master
# if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
# with:
# github_token: ${{ secrets.GITHUB_TOKEN }}
# slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}