build(deps): bump docker/build-push-action from 5.4.0 to 6.3.0 (#214) #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Images to GitHub Registry | |
on: | |
push: | |
# `main` tag is used for integration environment | |
branches: [ main ] | |
# `v*` tags are used for production environment | |
tags: [ v* ] | |
# Manual trigger with custom release tag | |
workflow_dispatch: | |
inputs: | |
version: | |
description: "Release tag:" | |
type: string | |
required: true | |
env: | |
OWNER: hashgraph | |
REGISTRY: ghcr.io | |
jobs: | |
docker-image-publish: | |
runs-on: [self-hosted, Linux, large, ephemeral] | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- name: Checkout repository | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
submodules: true | |
- name: Setup Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 18 | |
- name: Install make | |
run: sudo apt-get update; sudo apt-get install build-essential -y | |
- name: Apply Sourcify server patch customizations | |
run: npm run server:patch | |
- name: Get tag | |
run: | | |
if [[ "${{ github.event.inputs.version }}" ]]; then | |
echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV | |
elif [[ "$GITHUB_REF_TYPE" == "tag" ]]; then | |
echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV | |
else | |
echo "TAG=main" >> $GITHUB_ENV | |
fi | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Qemu | |
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Build and push UI image | |
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 | |
with: | |
cache-from: type=gha,scope=build-ui | |
cache-to: type=gha,mode=max,scope=build-ui | |
context: ./ui | |
file: ./ui/Dockerfile | |
platforms: linux/amd64, linux/arm64 | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ github.repository }}/ui:${{env.TAG}} | |
- name: Build and push SERVER image | |
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 | |
with: | |
cache-from: type=gha,scope=build-server | |
cache-to: type=gha,mode=max,scope=build-server | |
context: ./sourcify | |
# The `scripts` context is used to `COPY` the reset network script into the `server` container. | |
# Use `additional_contexts` to access the `scripts` folder outside main context. | |
# See https://docs.docker.com/compose/compose-file/build/#additional_contexts for more details. | |
build-contexts: | | |
scripts=./scripts | |
# The `Dockerfile.server` used here is basically the same as the one provided by Sourcify. | |
# It adds instructions to include the reset network script into the container. | |
file: ./Dockerfile.server | |
platforms: linux/amd64, linux/arm64 | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ github.repository }}/server:${{env.TAG}} | |
- name: Build and Push REPOSITORY Image | |
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 | |
with: | |
cache-from: type=gha,scope=build-repository | |
cache-to: type=gha,mode=max,scope=build-repository | |
context: ./h5ai-nginx | |
# From https://github.com/ethereum/sourcify/issues/1385 | |
# | |
# The `repository` service provides a link to open each verified contract in Remix. | |
# However, for public self-hosted Sourcify instances (like in the case of Hedera) the _Open repo in Remix_ link does not work, | |
# given the Remix plugin only fetches contracts from https://repo.sourcify.dev. | |
# | |
# When `HIDE_OPEN_IN_REMIX` is set to 1, a patch to remove the link is applied. | |
# See https://github.com/sourcifyeth/h5ai-nginx/pull/5 for more details. | |
build-args: | | |
HIDE_OPEN_IN_REMIX=1 | |
file: ./h5ai-nginx/Dockerfile | |
platforms: linux/amd64, linux/arm64 | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ github.repository }}/repository:${{env.TAG}} |