VowTools retryable (#9785) #2791
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build release Docker Images | |
on: | |
push: | |
branches: | |
# $default-branch | |
- master | |
- 'release-*' | |
- 'dev-*' | |
tags: | |
- '@agoric/sdk@*' | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8 | |
jobs: | |
snapshot: | |
if: ${{ github.repository_owner == 'agoric' }} | |
runs-on: ubuntu-latest | |
outputs: | |
tag: '${{ steps.snapshot-tag.outputs.tag }}' | |
steps: | |
- name: Generate Snapshot Tag | |
id: snapshot-tag | |
run: | | |
COMMIT_TIME=$(curl --fail --silent \ | |
--url https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} \ | |
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
--header 'content-type: application/json' \ | |
| jq '(.commit.committer.date | fromdate)') | |
TIMESTAMP=`date +%Y%m%d%H%M%S --date="@${COMMIT_TIME}"` | |
SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-6) | |
SNAPSHOT_TAG="${TIMESTAMP}-${SHORT_SHA}" | |
echo "tag=$SNAPSHOT_TAG" >> $GITHUB_OUTPUT | |
docker-sdk: | |
permissions: | |
# allow issuing OIDC tokens for this workflow run | |
id-token: write | |
# allow at least reading the repo contents, add other permissions if necessary | |
contents: read | |
# to push the resulting images | |
packages: write | |
needs: snapshot | |
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
outputs: | |
tag: '${{ steps.docker-tags.outputs.tags }}' | |
tags: '${{ steps.docker-tags.outputs.tags }} ${{ needs.snapshot.outputs.tag }}' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: depot/setup-action@v1 | |
with: | |
oidc: true # to set DEPOT_TOKEN for later steps | |
- run: depot configure-docker | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
# see https://docs.github.com/en/actions/publishing-packages/publishing-docker-images | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.REGISTRY }} | |
- name: Save BUILD_TAG | |
run: | | |
echo "BUILD_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
- name: Save GIT_REVISION | |
run: echo "GIT_REVISION=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
- name: Save GIT_COMMIT | |
run: echo "GIT_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Save commit hash, url of submodules to environment | |
run: | | |
node packages/xsnap/src/build.js --show-env >> $GITHUB_ENV | |
- name: Build and Push ssh-node | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile.ssh-node | |
context: packages/deployment/docker | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ env.REGISTRY }}/agoric/ssh-node:${{ env.BUILD_TAG }}' | |
- name: Compute tags | |
id: docker-tags | |
run: | | |
set -ex | |
SDK_TAG=$(echo "$GITHUB_REF_NAME" | sed -ne 's!^@agoric/sdk@!!p') | |
case $SDK_TAG in | |
"") | |
case $GITHUB_REF_NAME in | |
release-*) | |
# A pre-release. | |
DOCKER_TAGS=${GITHUB_REF_NAME#release-}-dev | |
;; | |
dev-*) | |
# A pre-release while our release branch is straying from master | |
DOCKER_TAGS=${GITHUB_REF_NAME#dev-}-dev | |
;; | |
master) | |
# A trunk dev release. | |
DOCKER_TAGS=dev | |
;; | |
*) | |
# Some other dev release. | |
DOCKER_TAGS=other-dev | |
;; | |
esac | |
;; | |
*) | |
# A tagged SDK release. | |
# The commit may or may not be a descendant of the current master branch | |
DOCKER_TAGS="latest $SDK_TAG" | |
;; | |
esac | |
DOCKER_TAGS="$DOCKER_TAGS $BUILD_TAG" | |
echo "tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT | |
- name: Prefix tags | |
id: prefix-tags | |
run: | | |
IMAGE="$REGISTRY/agoric/agoric-sdk" | |
for TAG in ${{ steps.docker-tags.outputs.tags }}; do | |
PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
sep=, | |
done | |
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
- name: Build and Push sdk | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile.sdk | |
context: ./ | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ steps.prefix-tags.outputs.tags }}' | |
# When changing/adding entries here, make sure to search the whole | |
# project for `@@AGORIC_DOCKER_SUBMODULES@@` | |
build-args: | | |
GIT_COMMIT=${{env.GIT_COMMIT}} | |
MODDABLE_COMMIT_HASH=${{env.MODDABLE_COMMIT_HASH}} | |
MODDABLE_URL=${{env.MODDABLE_URL}} | |
XSNAP_NATIVE_COMMIT_HASH=${{env.XSNAP_NATIVE_COMMIT_HASH}} | |
XSNAP_NATIVE_URL=${{env.XSNAP_NATIVE_URL}} | |
GIT_REVISION=${{env.GIT_REVISION}} | |
- name: Build and Push setup | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/deployment/Dockerfile | |
context: packages/deployment | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
tags: '${{ env.REGISTRY }}/agoric/cosmic-swingset-setup:${{ env.BUILD_TAG }}' | |
push: true | |
build-args: | | |
TAG=${{ env.BUILD_TAG }} | |
- name: notify on failure | |
if: failure() | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
docker-solo: | |
needs: [docker-sdk, snapshot] | |
runs-on: 'depot-ubuntu-22.04-16' # ubuntu-latest | |
permissions: | |
# allow issuing OIDC tokens for this workflow run | |
id-token: write | |
# allow at least reading the repo contents, add other permissions if necessary | |
contents: read | |
# to push the resulting images | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Save SDK_TAG | |
run: echo "SDK_TAG=${{ needs.snapshot.outputs.tag }}" >> $GITHUB_ENV | |
- name: Prefix tags | |
id: prefix-tags | |
run: | | |
IMAGE="$REGISTRY/agoric/cosmic-swingset-solo" | |
for TAG in ${{ needs.docker-sdk.outputs.tags }}; do | |
PREFIXED="$PREFIXED$sep$IMAGE:$TAG" | |
sep=, | |
done | |
echo "tags=$PREFIXED" >> $GITHUB_OUTPUT | |
- uses: depot/setup-action@v1 | |
with: | |
oidc: true # to set DEPOT_TOKEN for later steps | |
- run: depot configure-docker | |
- name: Login to Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.REGISTRY }} | |
- name: Build and Push | |
uses: depot/build-push-action@v1 | |
with: | |
file: packages/solo/Dockerfile | |
context: packages/solo | |
platforms: ${{ env.DOCKER_PLATFORMS }} | |
push: true | |
tags: '${{ steps.prefix-tags.outputs.tags }}' | |
build-args: | | |
TAG=${{env.SDK_TAG}} | |
- name: notify on failure | |
if: failure() | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} |