-
Notifications
You must be signed in to change notification settings - Fork 2.5k
107 lines (94 loc) · 3.81 KB
/
docker-publish.yml
File metadata and controls
107 lines (94 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: docker
permissions: {}
on:
workflow_dispatch:
inputs:
tag_name:
default: nightly-dev
description: The tag we're building for
type: string
workflow_call:
inputs:
tag_name:
required: true
type: string
concurrency:
group: docker-${{ github.head_ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# Keep in sync with `release.yml`.
RUST_PROFILE: dist
RUST_FEATURES: aws-kms,gcp-kms,turnkey,cli,asm-keccak,js-tracer
jobs:
build:
name: build and push
runs-on: depot-ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
timeout-minutes: 60
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Login into registry ${{ env.REGISTRY }}
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Derive Docker tags from inputs.tag_name:
# - v{major}.{minor}.{patch}: tagged as :v1.2.3, :v1.2, :v1, and :latest
# - nightly-{SHA}: tagged as :nightly-{SHA} and :nightly
# - anything else: tagged as-is
- name: Finalize Docker Metadata
id: docker_tagging
run: |
TAG="${{ inputs.tag_name }}"
REGISTRY="${{ env.REGISTRY }}"
IMAGE="${{ env.IMAGE_NAME }}"
if [[ "$TAG" =~ ^v([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
MAJOR="v${BASH_REMATCH[1]}"
MINOR="v${BASH_REMATCH[1]}.${BASH_REMATCH[2]}"
printf "version tag release, assigning %s, %s, %s, and latest tags\n" "$TAG" "$MINOR" "$MAJOR"
printf "docker_tags=%s/%s:%s,%s/%s:%s,%s/%s:%s,%s/%s:latest\n" "$REGISTRY" "$IMAGE" "$TAG" "$REGISTRY" "$IMAGE" "$MINOR" "$REGISTRY" "$IMAGE" "$MAJOR" "$REGISTRY" "$IMAGE" >> "$GITHUB_OUTPUT"
elif [[ "$TAG" =~ ^nightly- ]]; then
printf "nightly release, assigning %s and nightly tags\n" "$TAG"
printf "docker_tags=%s/%s:%s,%s/%s:nightly\n" "$REGISTRY" "$IMAGE" "$TAG" "$REGISTRY" "$IMAGE" >> "$GITHUB_OUTPUT"
else
printf "tagging as %s\n" "$TAG"
printf "docker_tags=%s/%s:%s\n" "$REGISTRY" "$IMAGE" "$TAG" >> "$GITHUB_OUTPUT"
fi
# Log docker metadata to explicitly know what is being pushed
- name: Inspect Docker Metadata
run: |
printf "TAGS -> %s\n" "${{ steps.docker_tagging.outputs.docker_tags }}"
printf "LABELS -> %s\n" "${{ steps.meta.outputs.labels }}"
- name: Set up Depot CLI
uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1
- name: Build and push Foundry image
uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0
with:
build-args: |
RUST_PROFILE=${{ env.RUST_PROFILE }}
RUST_FEATURES=${{ env.RUST_FEATURES }}
TAG_NAME=${{ inputs.tag_name }}
VERGEN_GIT_SHA=${{ github.sha }}
project: 8gkbxxjrpw
context: .
tags: ${{ steps.docker_tagging.outputs.docker_tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
push: true