-
Notifications
You must be signed in to change notification settings - Fork 3
182 lines (169 loc) · 5.88 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: Build and Publish Docker Images
on:
push:
tags:
- '**'
branches:
- main
- holesky
- mainnet
- docker
- hack-merge-table
pull_request:
branches:
- '**'
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
base:
name: build base
runs-on: ['hostname:hetzner-dedicated-6']
outputs:
RUNNER: ${{ steps.get-label.outputs.runner_name }}
steps:
- name: Get Runner Label
id: get-label
run: |
if [[ "${{ runner.name }}" == *"@hetzner-dedicated-6" ]]; then
echo "runner_name=hostname:hetzner-dedicated-6" >> $GITHUB_OUTPUT
else
echo "runner_name=nix-128g" >> $GITHUB_OUTPUT
fi
- name: Cleanup docker build cache
run: |
docker system prune --force
docker builder prune --all --force
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: "recursive"
- name: Build base
env:
DOCKER_BUILDKIT: 1
run: |
docker build --tag base:${{ github.sha }} --file docker/base/Dockerfile . --platform linux/amd64 --build-arg INSTRUCTION_SET="x86-64-v3"
build:
needs: base
runs-on: ${{needs.base.outputs.RUNNER}}
strategy:
fail-fast: false
matrix:
image: [worker]
include:
- image: worker
docker_file: docker/worker/Dockerfile
platform: linux/amd64
steps:
- name: Get Runner Label
id: get-label
run: |
if [[ "${{ runner.name }}" == *"@hetzner-dedicated-6" ]]; then
echo "runner_name=hostname:hetzner-dedicated-6" >> $GITHUB_OUTPUT
else
echo "runner_name=nix-128g" >> $GITHUB_OUTPUT
fi
- name: Cleanup docker build cache
run: |
docker system prune --force
docker builder prune --all --force
- name: Checkout code
uses: actions/checkout@v4
- name: Build and push images
env:
DOCKER_BUILDKIT: 1
run: |
TAG=$(echo ${{ github.ref_name }} | tr "[]/" -)
docker build \
-t ${{ matrix.image }}:${{ github.sha }} \
-f ${{ matrix.docker_file }} . \
--platform ${{ matrix.platform }} \
--build-arg INSTRUCTION_SET="x86-64-v3" \
--build-arg BASE_IMAGE_TAG=${{ github.sha }}
lint:
needs: base
runs-on: ${{needs.base.outputs.RUNNER}}
steps:
- name: clippy
run: |
docker run --rm base:${{ github.sha }} cargo clippy --all-targets --all -- -D warnings -A incomplete-features -A clippy::needless_return -A unused
- name: fmt
run: |
docker run --rm base:${{ github.sha }} cargo fmt --all -- --check
test:
needs: base
runs-on: ${{needs.base.outputs.RUNNER}}
steps:
- name: test
run: |
docker run --rm base:${{ github.sha }} cargo test
private-push:
name: Push Docker Images to AWS
runs-on: ${{needs.base.outputs.RUNNER}}
needs:
- build
- base
strategy:
fail-fast: false
matrix:
environment: [dev, test, prod]
image: [worker]
include:
- environment: dev
aws_account_id: ${{ vars.ZKMR_DEV_AWS_ACCOUNT_ID }}
- environment: test
aws_account_id: ${{ vars.ZKMR_TEST_AWS_ACCOUNT_ID }}
- environment: prod
aws_account_id: ${{ vars.ZKMR_PROD_AWS_ACCOUNT_ID }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ matrix.aws_account_id }}:role/github-actions-ecr-access-role
role-session-name: github-actions-ecr-access-role
aws-region: ${{ vars.ZKMR_AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Push to ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
TAG=$(echo ${{ github.ref_name }} | tr "[]/" -)
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${{ github.sha }}
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${TAG}
docker push $ECR_REGISTRY/${{ matrix.image }}:${{ github.sha }}
docker push $ECR_REGISTRY/${{ matrix.image }}:${TAG}
if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:latest
docker push $ECR_REGISTRY/${{ matrix.image }}:latest
fi
if [[ ${{ github.ref }} == 'refs/tags/v'* ]]; then
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${TAG}
docker push $ECR_REGISTRY/${{ matrix.image }}:${TAG}
fi
public-push:
name: Push Docker Images to Docker hub
if: contains('main holesky mainnet hack-merge-table v1_base', github.ref_name) || startsWith(github.ref, 'refs/tags/')
runs-on: ${{needs.base.outputs.RUNNER}}
needs:
- build
- base
steps:
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push to public repo
run: |
if [[ ${{ github.ref_name }} == 'main' ]]; then
tag=latest
else
tag=${{ github.ref_name }}
fi
docker tag worker:${{ github.sha }} lagrangelabs/worker:${tag}
docker push lagrangelabs/worker:${tag}