diff --git a/.github/workflows/ci-image-dev.yml b/.github/workflows/ci-image-dev.yml index 4ac3ab237..e812ee7ea 100644 --- a/.github/workflows/ci-image-dev.yml +++ b/.github/workflows/ci-image-dev.yml @@ -18,6 +18,9 @@ jobs: contents: write name: build runs-on: docker + env: + GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev + GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_STG_REGISTRY_PROJECT_ID }}/zilliqa-private steps: - name: Clean environment # Prune the Docker resources created over 10 days before the current execution (change the value for a more/less aggressive cleanup). @@ -36,10 +39,9 @@ jobs: with: file: docker/Dockerfile push: true - tag: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com/scilla + tag: ${{ env.GCP_REGISTRY }}/scilla tag-length: 8 - registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com - aws-region: ${{ secrets.AWS_REGION_ZILLIQA }} - role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }} - oidc-role: ${{ secrets.OIDC_ROLE }} + registry: ${{ env.GCP_REGISTRY_DOMAIN }} + workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" cache-key: ${{ github.event.repository.name }} diff --git a/.github/workflows/ci-image-release.yml b/.github/workflows/ci-image-release.yml index 0b3cf335a..8ae6c9c7f 100644 --- a/.github/workflows/ci-image-release.yml +++ b/.github/workflows/ci-image-release.yml @@ -17,6 +17,9 @@ jobs: id-token: write contents: write runs-on: docker + env: + GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev + GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_PRD_REGISTRY_PROJECT_ID }}/zilliqa-private steps: - name: 'Checkout scm ${{ inputs.commitOrTag }}' uses: actions/checkout@v3 @@ -42,17 +45,16 @@ jobs: echo "latest=false" >> $GITHUB_OUTPUT fi shell: bash - - name: Docker build and push + - name: Docker build and push (GCP) uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v1 with: file: docker/Dockerfile push: true - tag: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com/scilla:${{ steps.set-tag.outputs.tag }} + tag: ${{ env.GCP_REGISTRY }}/scilla:${{ steps.set-tag.outputs.tag }} tag-latest: ${{ steps.check-latest.outputs.latest }} - registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com - aws-region: ${{ secrets.AWS_REGION_ZILLIQA }} - role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }} - oidc-role: ${{ secrets.OIDC_ROLE }} + registry: ${{ env.GCP_REGISTRY_DOMAIN }} + workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service-account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}" cache-key: ${{ github.event.repository.name }} - name: Docker build and push (Dockerhub) uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v1 diff --git a/.github/workflows/ci-image-test.yml b/.github/workflows/ci-image-test.yml index b7ad91119..6d60ae902 100644 --- a/.github/workflows/ci-image-test.yml +++ b/.github/workflows/ci-image-test.yml @@ -10,6 +10,7 @@ on: pull_request: branches: - 'master' + push: jobs: run-tests: @@ -18,6 +19,9 @@ jobs: contents: write name: tests runs-on: docker + env: + GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev + GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_STG_REGISTRY_PROJECT_ID }}/zilliqa-private steps: - name: Clean environment # Prune the Docker resources created over 10 days before the current execution (change the value for a more/less aggressive cleanup). @@ -31,19 +35,23 @@ jobs: with: fetch-depth: 0 ref: ${{ inputs.commitOrTag }} - - name: Configure AWS Credentials - uses: Zilliqa/gh-actions-workflows/actions/configure-aws-credentials@v1 + - name: "Configure GCP Credentials" + id: google-auth + uses: "google-github-actions/auth@v1" with: - role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }} - oidc-role: ${{ secrets.OIDC_ROLE }} - aws-region: ${{ secrets.AWS_REGION_ZILLIQA }} - - name: Login to the registry + token_format: "access_token" + workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" + create_credentials_file: true + - name: Login to the GCP registry uses: docker/login-action@v2 with: - registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com + registry: ${{ env.GCP_REGISTRY_DOMAIN }} + username: "oauth2accesstoken" + password: "${{ steps.google-auth.outputs.access_token }}" - name: Build Docker images run: | - DOCKER_BUILDKIT=1 docker build -t scilla:tests --build-arg ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }} -f docker/Dockerfile.test . + DOCKER_BUILDKIT=1 docker build -t scilla:tests --build-arg REGISTRY=${{ env.GCP_REGISTRY }} -f docker/Dockerfile.test . shell: bash - name: Run make test run: | diff --git a/docker/Dockerfile.test b/docker/Dockerfile.test index f1e533cb7..984abbcd2 100644 --- a/docker/Dockerfile.test +++ b/docker/Dockerfile.test @@ -1,6 +1,6 @@ -ARG ACCOUNT_ID +ARG REGISTRY -FROM ${ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/scilla:429e2f9 +FROM ${REGISTRY}/scilla:69dbcd05 ENV VCPKG_ROOT="/vcpkg" ENV SCILLA_REPO_ROOT="/scilla/0"