Docker Images #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Images | |
on: | |
workflow_dispatch: | |
env: | |
GIT_BRANCH: ${{ github.head_ref || github.ref_name }} | |
GIT_REPO_OWNER: ${{ github.repository_owner }} | |
GIT_REPO: ${{ github.repository }} | |
GIT_REPO_NAME: ${{ github.event.repository.name }} | |
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core | |
AWS_ECR_ORG: fuellabs | |
CARGO_TERM_COLOR: always | |
RUST_VERSION: 1.79.0 | |
RUST_VERSION_FMT: nightly-2023-10-29 | |
RUST_VERSION_COV: nightly-2024-06-05 | |
RUSTFLAGS: -D warnings | |
REGISTRY: ghcr.io | |
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 | |
jobs: | |
build-docker-images: | |
strategy: | |
matrix: | |
arch: [ | |
# build on native runners instead of using emulation | |
{ platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204 }, | |
{ platform: linux/arm64, runner: buildjet-16vcpu-ubuntu-2204-arm } | |
] | |
runs-on: ${{ matrix.arch.runner }} | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
platform=${{ matrix.arch.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_URL }} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: ${{ env.PLATFORM_PAIR }}-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/[email protected] | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: ${{ matrix.arch.platform }} | |
file: deployment/Dockerfile | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }} | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true | |
outputs: | | |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
publish-docker-image: | |
needs: | |
- build-docker-images | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }} | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }} | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Create manifest list and push to all registries | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_URL }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_URL }}:${{ steps.meta.outputs.version }} | |
# duplicate of publish-docker-image, but with profiling features enabled | |
# this is split into a separate action since it takes longer to build | |
publish-docker-image-profiling: | |
runs-on: buildjet-16vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }}-debug | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-debug | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: publish-docker-image-profiling-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/[email protected] | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build & push Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: deployment/Dockerfile | |
build-args: "DEBUG_SYMBOLS=true" | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest,mode=max,image-manifest=true,oci-mediatypes=true | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-e2e-client-docker-image: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }}-e2e-client | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-e2e-client | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: publish-e2e-client-docker-image-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/[email protected] | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build & push Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: deployment/e2e-client.Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest,mode=max,image-manifest=true,oci-mediatypes=true | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
# Deploy Fuel Core Ephemeral Developer Environment | |
deploy-eph-env: | |
if: startsWith(github.head_ref, 'preview/') | |
needs: | |
- publish-docker-image | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Set Environment Variables | |
run: | | |
tag=(`echo $GITHUB_SHA | cut -c1-7`) | |
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV | |
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV | |
echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV | |
- name: Deploy Fuel Core Ephemeral Developer Environment | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: Deploy Fuel-Core on k8s | |
repo: FuelLabs/fuel-deployment | |
ref: refs/heads/master | |
token: ${{ secrets.REPO_TOKEN }} | |
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }' | |
env: | |
K8S: 'eks' | |
CONFIG: 'fuel-dev1' | |
ENV: 'fueldevsway.env' | |
DELETE_INFRA: true |