Skip to content

Docker Images

Docker Images #5

Workflow file for this run

name: Docker Images
on:
workflow_dispatch:
env:
GIT_BRANCH: ${{ github.head_ref || github.ref_name }}
GIT_REPO_OWNER: ${{ github.repository_owner }}
GIT_REPO: ${{ github.repository }}
GIT_REPO_NAME: ${{ github.event.repository.name }}
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
AWS_ECR_ORG: fuellabs
CARGO_TERM_COLOR: always
RUST_VERSION: 1.79.0
RUST_VERSION_FMT: nightly-2023-10-29
RUST_VERSION_COV: nightly-2024-06-05
RUSTFLAGS: -D warnings
REGISTRY: ghcr.io
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
jobs:
build-docker-images:
strategy:
matrix:
arch: [
# build on native runners instead of using emulation
{ platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204 },
{ platform: linux/arm64, runner: buildjet-16vcpu-ubuntu-2204-arm }
]
runs-on: ${{ matrix.arch.runner }}
permissions:
contents: read
packages: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_URL }}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: ${{ env.PLATFORM_PAIR }}-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/[email protected]
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.arch.platform }}
file: deployment/Dockerfile
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }}
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true
outputs: |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
publish-docker-image:
needs:
- build-docker-images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Create manifest list and push to all registries
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_URL }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_URL }}:${{ steps.meta.outputs.version }}
# duplicate of publish-docker-image, but with profiling features enabled
# this is split into a separate action since it takes longer to build
publish-docker-image-profiling:
runs-on: buildjet-16vcpu-ubuntu-2204
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}-debug
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-debug
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: publish-docker-image-profiling-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/[email protected]
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build & push Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
file: deployment/Dockerfile
build-args: "DEBUG_SYMBOLS=true"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest,mode=max,image-manifest=true,oci-mediatypes=true
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-e2e-client-docker-image:
runs-on: buildjet-4vcpu-ubuntu-2204
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}-e2e-client
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-e2e-client
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: publish-e2e-client-docker-image-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/[email protected]
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build & push Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
file: deployment/e2e-client.Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest,mode=max,image-manifest=true,oci-mediatypes=true
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
# Deploy Fuel Core Ephemeral Developer Environment
deploy-eph-env:
if: startsWith(github.head_ref, 'preview/')
needs:
- publish-docker-image
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Set Environment Variables
run: |
tag=(`echo $GITHUB_SHA | cut -c1-7`)
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV
echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV
- name: Deploy Fuel Core Ephemeral Developer Environment
uses: benc-uk/workflow-dispatch@v1
with:
workflow: Deploy Fuel-Core on k8s
repo: FuelLabs/fuel-deployment
ref: refs/heads/master
token: ${{ secrets.REPO_TOKEN }}
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }'
env:
K8S: 'eks'
CONFIG: 'fuel-dev1'
ENV: 'fueldevsway.env'
DELETE_INFRA: true