-
Notifications
You must be signed in to change notification settings - Fork 184
121 lines (106 loc) · 3.74 KB
/
container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Publish docker container snapshot
on:
workflow_call:
inputs:
ref:
description: "git ref to checkout to"
type: string
default: "master"
image-name:
description: "Docker image name"
type: string
default: "docker.fluence.dev/nox"
outputs:
nox-image:
description: "nox snapshot image"
value: ${{ jobs.publish.outputs.image }}
jobs:
publish:
name: "Publish snapshot"
runs-on: ubuntu-latest
timeout-minutes: 60
outputs:
image: "${{ inputs.image-name }}@${{ steps.docker.outputs.digest }}"
permissions:
contents: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: fluencelabs/nox
ref: ${{ inputs.ref }}
- name: Import secrets
uses: hashicorp/[email protected]
with:
url: https://vault.fluence.dev
path: jwt/github
role: ci
method: jwt
jwtGithubAudience: "https://github.com/fluencelabs"
jwtTtl: 300
secrets: |
kv/hub.docker.com/fluencebot username | DOCKER_HUB_USERNAME ;
kv/hub.docker.com/fluencebot password | DOCKER_HUB_PASSWORD ;
kv/docker-registry/basicauth/ci username | DOCKER_USERNAME ;
kv/docker-registry/basicauth/ci password | DOCKER_PASSWORD
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_HUB_USERNAME }}
password: ${{ env.DOCKER_HUB_PASSWORD }}
- name: Login to private docker registry
uses: docker/login-action@v3
with:
registry: docker.fluence.dev
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Download nox binary
uses: actions/download-artifact@v4
with:
path: docker/binaries
- name: Generate snapshot version
id: version
uses: fluencelabs/github-actions/generate-snapshot-id@main
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Build and push container snapshot image
id: docker
uses: docker/build-push-action@v6
with:
context: ./docker
push: true
platforms: linux/amd64,linux/arm64
tags: |
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}_${{ github.run_number }}_${{ github.run_attempt }}
labels: |
branch=${{ steps.version.outputs.branch }}
sha=${{ steps.version.outputs.sha }}
run_number=${{ github.run_number }}
run_attempt=${{ github.run_attempt }}
cache-from: type=gha
# github allows only 10GB of cache
# so save cache only on merge to master
# to use less space and speed up CI
cache-to: ${{ github.event_name == 'push' && 'type=gha,mode=max' || '' }}
- name: Print results to check summary
if: always()
run: |
cat <<'SNAPSHOT' >> $GITHUB_STEP_SUMMARY
## nox
digest: `${{ steps.docker.outputs.digest }}`
```
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}
${{ inputs.image-name }}:${{ steps.version.outputs.branch }}_${{ github.run_number }}_${{ github.run_attempt }}
```
### Access to Fluence docker registry
```
vault read kv/basicauth/dev
docker login docker.fluence.dev
```
SNAPSHOT