Ockam Container Release #90
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ockam Container Release | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'Ockam tag to build' | |
required: true | |
binaries_sha: | |
description: 'Ockam Release Assets SHA' | |
required: false | |
is_release: | |
description: 'Indicate If Workflow Is To Release Ockam Package Or Be A Draft' | |
type: choice | |
default: 'false' | |
options: | |
- 'false' | |
- 'true' | |
permissions: | |
contents: read | |
env: | |
DEPLOYMENT_NAME: ockam | |
ARTIFACT_NAME: ockam | |
ORGANIZATION: ${{ github.repository_owner }} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
build-and-publish-artifact: | |
if: github.event.inputs.is_release == 'false' | |
name: "Build And Publish Ockam Container As Draft" | |
runs-on: ubuntu-22.04 | |
environment: release | |
permissions: | |
actions: read | |
contents: write | |
packages: write | |
steps: | |
- name: Checker | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -ex | |
mkdir assets && cd assets | |
gh release download ${{ github.event.inputs.tag }} -R ${ORGANIZATION}/ockam | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
path: ockam | |
- id: image | |
run: | | |
tag_name="${{ github.event.inputs.tag }}" | |
version=${tag_name:7} | |
echo "image=ghcr.io/${ORGANIZATION}/$ARTIFACT_NAME:${version}-draft" >> $GITHUB_OUTPUT | |
- name: Update Docker Template | |
run: | | |
set -x | |
temp_dir=$(mktemp -d) | |
cp ./ockam/tools/templates/ockam.dockerfile $temp_dir/Dockerfile | |
cd $temp_dir | |
binaries=(${{ github.event.inputs.binaries_sha }}) | |
for binary in ${binaries[@]}; do | |
echo "$binary" | |
file=(${binary//:/ }) | |
echo "${file[@]}" | |
if [[ ${file[0]} == *".so"* || ${file[0]} == *".sig"* ]]; then | |
echo "elixir nif library found, skipping." | |
continue | |
fi | |
sed -i "s/${file[0]}_sha256_value/${file[1]}/g" Dockerfile | |
done | |
cat Dockerfile | |
cp Dockerfile $GITHUB_WORKSPACE/ockam/tools/templates | |
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
with: | |
registry: ghcr.io | |
username: $ORGANIZATION | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf | |
- id: buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 | |
# TODO: change after new buildkit version gets fixed | |
# https://github.com/moby/buildkit/issues/3347 | |
# https://github.com/docker/build-push-action/issues/761 | |
with: | |
driver-opts: | | |
image=moby/buildkit:v0.10.6 | |
- name: Build And Publish As Draft | |
run: | | |
tag_name="${{ github.event.inputs.tag }}" | |
version=${tag_name:7} | |
docker buildx build --push \ | |
--tag ghcr.io/${ORGANIZATION}/ockam:${version}-draft \ | |
--file ./ockam/tools/templates/Dockerfile \ | |
--platform linux/amd64,linux/arm64/v8 . | |
make-latest: | |
if: github.event.inputs.is_release == 'true' | |
name: "Make Draft Release Latest" | |
runs-on: ubuntu-22.04 | |
environment: release | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
with: | |
registry: ghcr.io | |
username: ${ORGANIZATION} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Version | |
id: image | |
run: | | |
tag_name="${{ github.event.inputs.tag }}" | |
version=${tag_name:7} | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
- name: Deploy Latest Image | |
run: | | |
set -o xtrace | |
docker pull ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft | |
manifest=$(docker manifest inspect -v ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft) | |
refs=$(echo $manifest | jq -r .[].Descriptor.digest) | |
amended_refs="" | |
for ref in ${refs[@]}; do | |
amended_refs=" ${amended_refs[@]} --amend ghcr.io/${ORGANIZATION}/ockam@$ref" | |
done | |
docker manifest create ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }} $amended_refs | |
docker manifest push ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }} | |
docker manifest create ghcr.io/${ORGANIZATION}/ockam:latest $amended_refs | |
docker manifest push ghcr.io/${ORGANIZATION}/ockam:latest |