From 73e3343bd3386bbcbe7a0496dd5eb7bf819eccb4 Mon Sep 17 00:00:00 2001 From: illuminatus Date: Tue, 16 Apr 2024 22:32:40 -0700 Subject: [PATCH] [container images] Support for pushing testing containers to ghcr.io (#1755) Implements a variation on the current logic to always push container images. Production images still go to Docker Hub, while testing images go to GitHub Container Registry and are private except when the container package has permissions granted to github users. This PR builds on top of PR #1750, as it addressed issue #1748 where a non production cardano version could be the tag of the image while the image actually includes the older production node version from the master branch. closes #1753 --------- Co-authored-by: RdLrT <3169068+rdlrt@users.noreply.github.com> --- .github/workflows/docker_bin.yml | 161 +++++++++++++------ scripts/cnode-helper-scripts/guild-deploy.sh | 4 +- 2 files changed, 116 insertions(+), 49 deletions(-) diff --git a/.github/workflows/docker_bin.yml b/.github/workflows/docker_bin.yml index a0025775d..4e260d064 100644 --- a/.github/workflows/docker_bin.yml +++ b/.github/workflows/docker_bin.yml @@ -16,67 +16,134 @@ on: paths: - 'files/docker/node/release-versions/cardano-node-latest.txt' - 'files/docker/node/release-versions/mithril-latest.txt' - + jobs: - build: - env: - REGISTRY: docker.io + set_environment_vars: runs-on: ubuntu-latest + outputs: + guild_deploy_branch: ${{ steps.set_guild_deploy_branch.outputs.guild_deploy_branch }} + g_account: ${{ steps.set_g_account.outputs.g_account }} + testing: ${{ steps.set_testing.outputs.testing }} + short_sha: ${{ steps.set_short_sha.outputs.short_sha }} + cnversion: ${{ steps.set_cnversion.outputs.cnversion }} steps: - name: Set branch name id: vars - run: echo ::set-output name=branch::${GITHUB_REF#refs/heads/} + run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - name: Set GUILD_DEPLOY_BRANCH - run: echo "GUILD_DEPLOY_BRANCH=${{ github.event_name == 'push' && steps.vars.outputs.branch || github.event.inputs.guild_deploy_branch }}" >> $GITHUB_ENV + id: set_guild_deploy_branch + run: | + echo "guild_deploy_branch=${{ (github.event_name == 'push' && steps.vars.outputs.branch) || github.event.inputs.guild_deploy_branch }}" >> $GITHUB_OUTPUT + - name: Set G_ACCOUNT + id: set_g_account + run: | + echo "g_account=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_OUTPUT - name: Set TESTING - run: echo "TESTING=${{ github.event_name == 'push' && (steps.vars.outputs.branch != 'master') || github.event.inputs.testing }}" >> $GITHUB_ENV + id: set_testing + run: | + echo "testing=${{ github.event_name == 'push' && (steps.vars.outputs.branch != 'master') || github.event.inputs.testing }}" >> $GITHUB_OUTPUT - uses: actions/checkout@v3 with: - ref: ${{ env.GUILD_DEPLOY_BRANCH }} - - name: docker login + ref: ${{ steps.set_guild_deploy_branch.outputs.guild_deploy_branch }} + - name: Get short SHA + id: set_short_sha run: | - docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }} - - name: Add variables to environment + echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Get CNVERSION + id: set_cnversion run: | - echo "G_ACCOUNT=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV - echo "CNVERSION=$(cat files/docker/node/release-versions/cardano-node-latest.txt)" >> $GITHUB_ENV - echo "PUSH_TO_GA=false" >> $GITHUB_ENV - - name: Docker build container image + echo "cnversion=$(cat files/docker/node/release-versions/cardano-node-latest.txt)" >> $GITHUB_OUTPUT + build_production: + needs: set_environment_vars + if: needs.set_environment_vars.outputs.testing == 'false' && needs.set_environment_vars.outputs.guild_deploy_branch == 'master' + env: + REGISTRY: docker.io + runs-on: ubuntu-latest + steps: + - name: Set IMAGE_TAGS run: | - DOCKER_BUILDKIT=1 docker build . \ - --file files/docker/node/dockerfile_bin \ - --compress \ - --build-arg G_ACCOUNT=${{ env.G_ACCOUNT }} \ - --build-arg GUILD_DEPLOY_BRANCH=${{ env.GUILD_DEPLOY_BRANCH }} \ - --tag ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest - # Workaround to provide additional free space for builds. - # https://github.com/actions/virtual-environments/issues/2840 - sudo apt-get update -y - sudo apt-get remove -y '^dotnet-.*' - sudo apt-get remove -y 'php.*' - sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel - sudo apt-get autoremove -y - sudo apt-get clean - sudo rm -rf "/usr/share/dotnet" - sudo rm -rf "/usr/local/lib/android" - sudo rm -rf "/opt/ghc" - sudo rm -rf "/opt/hostedtoolcache/CodeQL" - sudo rm -rf "/usr/local/share/boost" - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - name: docker push latest - if: env.TESTING == 'false' && env.GUILD_DEPLOY_BRANCH == 'master' + GUILD_DEPLOY_BRANCH=$(echo "${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" | sed 's/\//_/g') + REGISTRY=${{ env.REGISTRY }} + REPO=${{ secrets.DOCKER_USER }} + REPO=${REPO,,} + IMAGE_NAME="$REGISTRY/$REPO/cardano-node" + CNVERSION=${{ needs.set_environment_vars.outputs.cnversion }} + IMAGE_TAGS="$IMAGE_NAME:latest,$IMAGE_NAME:$CNVERSION" + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_ENV + - uses: actions/checkout@v3 + with: + ref: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY}} + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and Push production container image + uses: docker/build-push-action@v5 + with: + context: . + file: files/docker/node/dockerfile_bin + push: true + tags: ${{ env.IMAGE_TAGS }} + build-args: | + G_ACCOUNT=${{ needs.set_environment_vars.outputs.g_account }} + GUILD_DEPLOY_BRANCH=${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Add summary details + if: always() + run: | + echo "## Summary Details" >> $GITHUB_STEP_SUMMARY + echo "* Image Name: ${{ env.IMAGE_NAME }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Tags: ${{ env.IMAGE_TAGS }}" >> $GITHUB_STEP_SUMMARY + echo "* G_ACCOUNT: ${{ needs.set_environment_vars.outputs.g_account }}" >> $GITHUB_STEP_SUMMARY + echo "* GUILD_DEPLOY_BRANCH: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY: ${{ env.REGISTRY }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY_USER: ${{ secrets.DOCKER_USER }}" >> $GITHUB_STEP_SUMMARY + build_testing: + needs: set_environment_vars + if: needs.set_environment_vars.outputs.testing == 'true' || needs.set_environment_vars.outputs.guild_deploy_branch != 'master' + env: + REGISTRY: ghcr.io + runs-on: ubuntu-latest + steps: + - name: Set IMAGE_TAGS run: | - CNVERSION=`cat files/docker/node/release-versions/cardano-node-latest.txt` - echo "PUSH_TO_GA=true" >> $GITHUB_ENV - docker push ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest - docker tag ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest ${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }} - docker push ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }} + GUILD_DEPLOY_BRANCH=$(echo "${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" | sed 's/\//_/g') + REGISTRY=${{ env.REGISTRY }} + REPO=${{ needs.set_environment_vars.outputs.g_account }} + IMAGE_NAME="$REGISTRY/$REPO/cardano-node" + CNVERSION=${{ needs.set_environment_vars.outputs.cnversion }} + SHA=${{ needs.set_environment_vars.outputs.short_sha }} + IMAGE_TAGS="$IMAGE_NAME:test,$IMAGE_NAME:$CNVERSION-$SHA,$IMAGE_NAME:$GUILD_DEPLOY_BRANCH-$SHA" + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_ENV + - uses: actions/checkout@v3 + with: + ref: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY}} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push testing container image + uses: docker/build-push-action@v5 + with: + context: . + file: files/docker/node/dockerfile_bin + push: true + tags: ${{ env.IMAGE_TAGS }} + build-args: | + G_ACCOUNT=${{ needs.set_environment_vars.outputs.g_account }} + GUILD_DEPLOY_BRANCH=${{ needs.set_environment_vars.outputs.guild_deploy_branch }} - name: Add summary details if: always() run: | echo "## Summary Details" >> $GITHUB_STEP_SUMMARY - echo "* Docker Image: ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY - echo "* G_ACCOUNT: ${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_STEP_SUMMARY - echo "* GUILD_DEPLOY_BRANCH: ${{ env.GUILD_DEPLOY_BRANCH }}" >> $GITHUB_STEP_SUMMARY - echo "* Push to GA Registry: ${{ env.PUSH_TO_GA }}" >> $GITHUB_STEP_SUMMARY - echo "* CNVERSION: ${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Name: ${{ env.IMAGE_NAME }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Tags: ${{ env.IMAGE_TAGS }}" >> $GITHUB_STEP_SUMMARY + echo "* G_ACCOUNT: ${{ needs.set_environment_vars.outputs.g_account }}" >> $GITHUB_STEP_SUMMARY + echo "* GUILD_DEPLOY_BRANCH: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY: ${{ env.REGISTRY }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY_USER: ${{ github.repository_owner }}" >> $GITHUB_STEP_SUMMARY diff --git a/scripts/cnode-helper-scripts/guild-deploy.sh b/scripts/cnode-helper-scripts/guild-deploy.sh index 702624d75..5ff1cfa77 100755 --- a/scripts/cnode-helper-scripts/guild-deploy.sh +++ b/scripts/cnode-helper-scripts/guild-deploy.sh @@ -397,11 +397,11 @@ download_cncli() { [[ -z ${ARCH##*aarch64*} ]] && err_exit " The cncli pre-compiled binary is not available for ARM, you might need to build them!" echo -e "\nInstalling CNCLI.." if command -v cncli >/dev/null; then cncli_version="v$(cncli -V 2>/dev/null | cut -d' ' -f2)"; else cncli_version="v0.0.0"; fi - cncli_git_version="$(curl -s https://api.github.com/repos/${G_ACCOUNT}/cncli/releases/latest | jq -r '.tag_name')" + cncli_git_version="$(curl -s https://api.github.com/repos/cardano-community/cncli/releases/latest | jq -r '.tag_name')" echo -e "\n Downloading CNCLI..." rm -rf /tmp/cncli-bin && mkdir /tmp/cncli-bin pushd /tmp/cncli-bin >/dev/null || err_exit - cncli_asset_url="$(curl -s https://api.github.com/repos/${G_ACCOUNT}/cncli/releases/latest | jq -r '.assets[].browser_download_url' | grep 'ubuntu22.*.linux-musl.tar.gz')" + cncli_asset_url="$(curl -s https://api.github.com/repos/cardano-community/cncli/releases/latest | jq -r '.assets[].browser_download_url' | grep 'ubuntu22.*.linux-musl.tar.gz')" if curl -sL -f -m ${CURL_TIMEOUT} -o cncli.tar.gz ${cncli_asset_url}; then tar zxf cncli.tar.gz &>/dev/null rm -f cncli.tar.gz