Skip to content

build(deps): bump docker/build-push-action from 5.4.0 to 6.3.0 (#214) #59

build(deps): bump docker/build-push-action from 5.4.0 to 6.3.0 (#214)

build(deps): bump docker/build-push-action from 5.4.0 to 6.3.0 (#214) #59

Workflow file for this run

name: Publish Images to GitHub Registry
on:
push:
# `main` tag is used for integration environment
branches: [ main ]
# `v*` tags are used for production environment
tags: [ v* ]
# Manual trigger with custom release tag
workflow_dispatch:
inputs:
version:
description: "Release tag:"
type: string
required: true
env:
OWNER: hashgraph
REGISTRY: ghcr.io
jobs:
docker-image-publish:
runs-on: [self-hosted, Linux, large, ephemeral]
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
submodules: true
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
- name: Install make
run: sudo apt-get update; sudo apt-get install build-essential -y
- name: Apply Sourcify server patch customizations
run: npm run server:patch
- name: Get tag
run: |
if [[ "${{ github.event.inputs.version }}" ]]; then
echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV
elif [[ "$GITHUB_REF_TYPE" == "tag" ]]; then
echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
else
echo "TAG=main" >> $GITHUB_ENV
fi
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Qemu
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Build and push UI image
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
cache-from: type=gha,scope=build-ui
cache-to: type=gha,mode=max,scope=build-ui
context: ./ui
file: ./ui/Dockerfile
platforms: linux/amd64, linux/arm64
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}/ui:${{env.TAG}}
- name: Build and push SERVER image
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
cache-from: type=gha,scope=build-server
cache-to: type=gha,mode=max,scope=build-server
context: ./sourcify
# The `scripts` context is used to `COPY` the reset network script into the `server` container.
# Use `additional_contexts` to access the `scripts` folder outside main context.
# See https://docs.docker.com/compose/compose-file/build/#additional_contexts for more details.
build-contexts: |
scripts=./scripts
# The `Dockerfile.server` used here is basically the same as the one provided by Sourcify.
# It adds instructions to include the reset network script into the container.
file: ./Dockerfile.server
platforms: linux/amd64, linux/arm64
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}/server:${{env.TAG}}
- name: Build and Push REPOSITORY Image
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
cache-from: type=gha,scope=build-repository
cache-to: type=gha,mode=max,scope=build-repository
context: ./h5ai-nginx
# From https://github.com/ethereum/sourcify/issues/1385
#
# The `repository` service provides a link to open each verified contract in Remix.
# However, for public self-hosted Sourcify instances (like in the case of Hedera) the _Open repo in Remix_ link does not work,
# given the Remix plugin only fetches contracts from https://repo.sourcify.dev.
#
# When `HIDE_OPEN_IN_REMIX` is set to 1, a patch to remove the link is applied.
# See https://github.com/sourcifyeth/h5ai-nginx/pull/5 for more details.
build-args: |
HIDE_OPEN_IN_REMIX=1
file: ./h5ai-nginx/Dockerfile
platforms: linux/amd64, linux/arm64
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}/repository:${{env.TAG}}