diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..fce9429 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,113 @@ +name: Release +on: + push: + tags: ["*"] + workflow_dispatch: + # pull_request: # for testing only +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +env: + CARGO_TERM_COLOR: always + # https://github.com/mozilla/sccache/releases + SCCACHE_TAR_URL: https://github.com/mozilla/sccache/releases/download/v0.7.4/sccache-v0.7.4-x86_64-unknown-linux-musl.tar.gz + SCCACHE_CACHE_SIZE: "3G" + RUSTC_WRAPPER: sccache + SUBWASM_VERSION: v0.20.0 + CARGO_INCREMENTAL: "0" + CARGO_NET_GIT_FETCH_WITH_CLI: true + ECR_REPO: 305587085711.dkr.ecr.us-west-2.amazonaws.com/mach-avs + # PUB_REPO: public.ecr.aws + +jobs: + build-docker-image: + name: Build Docker Image and extract files + runs-on: ["self-hosted", "linux", "x64", "ubuntu-latest"] + steps: + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.ECR_REPO }} + username: ${{ secrets.ECR_ACCESS_KEY_ID }} + password: ${{ secrets.ECR_ACCESS_KEY }} + + # - name: Login to public ECR + # uses: docker/login-action@v3 + # with: + # registry: ${{ env.PUB_REPO }} + # username: ${{ secrets.ECR_ACCESS_KEY_ID }} + # password: ${{ secrets.ECR_ACCESS_KEY }} + + - name: Checkout Sources + uses: actions/checkout@v4 + with: + submodules: "true" + token: ${{ secrets.GIT_CREDENTIALS }} + + - uses: de-vri-es/setup-git-credentials@v2 + with: + credentials: https://${{ secrets.GIT_USERNAME }}:${{ secrets.GIT_CREDENTIALS }}@github.com + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: docker-builder + uses: docker/setup-buildx-action@v3 + + - name: Prepare Environment Variables + run: | + echo "HOME=$HOME" | tee -a $GITHUB_ENV + echo "XDG_CONFIG_HOME=${XDG_CONFIG_HOME:-$HOME/.config}" | tee -a $GITHUB_ENV + echo "SHORT_SHA=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV + GIT_TAG=$(git tag --points-at HEAD) + echo "GIT_TAG=$GIT_TAG" | tee -a $GITHUB_ENV + GIT_BRANCH=$(git branch --show-current) + echo "GIT_BRANCH=$GIT_BRANCH" | tee -a $GITHUB_ENV + echo "REF_NAME=$(echo ${GIT_TAG:-$GITHUB_REF_NAME} | sed 's/[^a-zA-Z0-9._]/-/g')" | tee -a $GITHUB_ENV + - run: cat $HOME/.gitconfig && cat $XDG_CONFIG_HOME/git/credentials + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.ECR_REPO }} + # ${{ env.PUB_REPO }}/altlayer/mach-avs + flavor: | + prefix= + suffix= + tags: | + type=sha,format=short,prefix= + type=ref,event=branch + type=ref,event=branch,suffix=-${{ github.run_number }} + type=ref,event=tag + type=raw,value=${{ env.REF_NAME }},enable=${{ github.event_name == 'pull_request' }} + type=raw,value=${{ env.GIT_BRANCH }},enable=${{ env.GIT_BRANCH != '' }} + type=raw,value=latest,enable=${{ env.GIT_BRANCH == 'master' }} + + - name: Build operator docker with cache and push images + uses: docker/build-push-action@v5 + id: docker_build + with: + context: . + builder: ${{ steps.docker-builder.outputs.name }} + target: app + push: ${{ github.event_name != 'pull_request' }} + # push: true + provenance: false + cache-from: | + type=registry,ref=${{ env.ECR_REPO }}:latest + type=registry,ref=${{ env.ECR_REPO }}:${{ env.REF_NAME }} + secret-files: | + git_config=${{ env.HOME }}/.gitconfig + git_credentials=${{ env.XDG_CONFIG_HOME }}/git/credentials + file: operator.Dockerfile + labels: mach-operator + tags: ${{ steps.meta.outputs.tags }} + + - name: Pull Image + run: | + docker pull mach-operator + echo IMG=mach-operator | tee -a $GITHUB_ENV +