From 9a6641f2fe44894186d013a92f620a55cadc9afa Mon Sep 17 00:00:00 2001 From: illuminatus Date: Mon, 15 Apr 2024 16:41:37 -0700 Subject: [PATCH 1/3] Ensure CNVERSION matches GUILD_DEPLOY_BRANCH regardless of the workflow branch. (#1749) This change addresses the root cause (edge case) where the tag of the image can drift from the binary version the image contains. The contained changes result in: * The worflow dispatch input defaults to testing=True * CNVERSION should always match the branch the container is being built from. * When a push occurs: * On a testing/feature branch * GUILD_DEPLOY_VERSION is set to the testing/feature branch * TESTING variable is True * Container image is not pushed to docker hub * On the master branch (should include merges from alpha to master) * GUILD_DEPLOY_VERSION is set to "master" * TESTING variable will be False * Container image is automatically pushed to docker hub, removing the need for maintainers to do this manually. * When a workflow dispatch occurs * CNVERSION will match the branch from the workflow input guild_deploy_branch, correcting edge case of incorrect image tags. * GUILD_DEPLOY_VERSION is set from the workflow input. * TESTING is set from the workflow input. * Maintainers mist uncheck the **Testing workflow** option to push a container to docker hub, even when **Branch to deploy** is set to master. closes #1748 --------- Co-authored-by: RdLrT <3169068+rdlrt@users.noreply.github.com> --- .github/workflows/docker_bin.yml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker_bin.yml b/.github/workflows/docker_bin.yml index f6c164e1e..a0025775d 100644 --- a/.github/workflows/docker_bin.yml +++ b/.github/workflows/docker_bin.yml @@ -11,7 +11,7 @@ on: description: Testing workflow required: false type: boolean - default: false + default: true push: paths: - 'files/docker/node/release-versions/cardano-node-latest.txt' @@ -23,7 +23,16 @@ jobs: REGISTRY: docker.io runs-on: ubuntu-latest steps: + - name: Set branch name + id: vars + run: echo ::set-output name=branch::${GITHUB_REF#refs/heads/} + - name: Set GUILD_DEPLOY_BRANCH + run: echo "GUILD_DEPLOY_BRANCH=${{ github.event_name == 'push' && steps.vars.outputs.branch || github.event.inputs.guild_deploy_branch }}" >> $GITHUB_ENV + - name: Set TESTING + run: echo "TESTING=${{ github.event_name == 'push' && (steps.vars.outputs.branch != 'master') || github.event.inputs.testing }}" >> $GITHUB_ENV - uses: actions/checkout@v3 + with: + ref: ${{ env.GUILD_DEPLOY_BRANCH }} - name: docker login run: | docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }} @@ -32,13 +41,13 @@ jobs: echo "G_ACCOUNT=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV echo "CNVERSION=$(cat files/docker/node/release-versions/cardano-node-latest.txt)" >> $GITHUB_ENV echo "PUSH_TO_GA=false" >> $GITHUB_ENV - - name: Compiling new node software suite + - name: Docker build container image run: | DOCKER_BUILDKIT=1 docker build . \ --file files/docker/node/dockerfile_bin \ --compress \ --build-arg G_ACCOUNT=${{ env.G_ACCOUNT }} \ - --build-arg GUILD_DEPLOY_BRANCH=${{ github.event.inputs.guild_deploy_branch }} \ + --build-arg GUILD_DEPLOY_BRANCH=${{ env.GUILD_DEPLOY_BRANCH }} \ --tag ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest # Workaround to provide additional free space for builds. # https://github.com/actions/virtual-environments/issues/2840 @@ -55,7 +64,7 @@ jobs: sudo rm -rf "/usr/local/share/boost" sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: docker push latest - if: github.event.inputs.testing == 'false' && github.event.inputs.guild_deploy_branch == 'master' + if: env.TESTING == 'false' && env.GUILD_DEPLOY_BRANCH == 'master' run: | CNVERSION=`cat files/docker/node/release-versions/cardano-node-latest.txt` echo "PUSH_TO_GA=true" >> $GITHUB_ENV @@ -68,6 +77,6 @@ jobs: echo "## Summary Details" >> $GITHUB_STEP_SUMMARY echo "* Docker Image: ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY echo "* G_ACCOUNT: ${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_STEP_SUMMARY - echo "* GUILD_DEPLOY_BRANCH: ${{ github.event.inputs.guild_deploy_branch }}" >> $GITHUB_STEP_SUMMARY + echo "* GUILD_DEPLOY_BRANCH: ${{ env.GUILD_DEPLOY_BRANCH }}" >> $GITHUB_STEP_SUMMARY echo "* Push to GA Registry: ${{ env.PUSH_TO_GA }}" >> $GITHUB_STEP_SUMMARY echo "* CNVERSION: ${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY From a4779861fb32f165b9a03fb03e535d10ff235001 Mon Sep 17 00:00:00 2001 From: cardano-bot Date: Wed, 17 Apr 2024 00:51:48 +0000 Subject: [PATCH 2/3] New release version --- files/docker/node/release-versions/cardano-node-latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/docker/node/release-versions/cardano-node-latest.txt b/files/docker/node/release-versions/cardano-node-latest.txt index 486db3361..32c861f97 100644 --- a/files/docker/node/release-versions/cardano-node-latest.txt +++ b/files/docker/node/release-versions/cardano-node-latest.txt @@ -1 +1 @@ -8.9.1 +8.9.2 From 73e3343bd3386bbcbe7a0496dd5eb7bf819eccb4 Mon Sep 17 00:00:00 2001 From: illuminatus Date: Tue, 16 Apr 2024 22:32:40 -0700 Subject: [PATCH 3/3] [container images] Support for pushing testing containers to ghcr.io (#1755) Implements a variation on the current logic to always push container images. Production images still go to Docker Hub, while testing images go to GitHub Container Registry and are private except when the container package has permissions granted to github users. This PR builds on top of PR #1750, as it addressed issue #1748 where a non production cardano version could be the tag of the image while the image actually includes the older production node version from the master branch. closes #1753 --------- Co-authored-by: RdLrT <3169068+rdlrt@users.noreply.github.com> --- .github/workflows/docker_bin.yml | 161 +++++++++++++------ scripts/cnode-helper-scripts/guild-deploy.sh | 4 +- 2 files changed, 116 insertions(+), 49 deletions(-) diff --git a/.github/workflows/docker_bin.yml b/.github/workflows/docker_bin.yml index a0025775d..4e260d064 100644 --- a/.github/workflows/docker_bin.yml +++ b/.github/workflows/docker_bin.yml @@ -16,67 +16,134 @@ on: paths: - 'files/docker/node/release-versions/cardano-node-latest.txt' - 'files/docker/node/release-versions/mithril-latest.txt' - + jobs: - build: - env: - REGISTRY: docker.io + set_environment_vars: runs-on: ubuntu-latest + outputs: + guild_deploy_branch: ${{ steps.set_guild_deploy_branch.outputs.guild_deploy_branch }} + g_account: ${{ steps.set_g_account.outputs.g_account }} + testing: ${{ steps.set_testing.outputs.testing }} + short_sha: ${{ steps.set_short_sha.outputs.short_sha }} + cnversion: ${{ steps.set_cnversion.outputs.cnversion }} steps: - name: Set branch name id: vars - run: echo ::set-output name=branch::${GITHUB_REF#refs/heads/} + run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT - name: Set GUILD_DEPLOY_BRANCH - run: echo "GUILD_DEPLOY_BRANCH=${{ github.event_name == 'push' && steps.vars.outputs.branch || github.event.inputs.guild_deploy_branch }}" >> $GITHUB_ENV + id: set_guild_deploy_branch + run: | + echo "guild_deploy_branch=${{ (github.event_name == 'push' && steps.vars.outputs.branch) || github.event.inputs.guild_deploy_branch }}" >> $GITHUB_OUTPUT + - name: Set G_ACCOUNT + id: set_g_account + run: | + echo "g_account=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_OUTPUT - name: Set TESTING - run: echo "TESTING=${{ github.event_name == 'push' && (steps.vars.outputs.branch != 'master') || github.event.inputs.testing }}" >> $GITHUB_ENV + id: set_testing + run: | + echo "testing=${{ github.event_name == 'push' && (steps.vars.outputs.branch != 'master') || github.event.inputs.testing }}" >> $GITHUB_OUTPUT - uses: actions/checkout@v3 with: - ref: ${{ env.GUILD_DEPLOY_BRANCH }} - - name: docker login + ref: ${{ steps.set_guild_deploy_branch.outputs.guild_deploy_branch }} + - name: Get short SHA + id: set_short_sha run: | - docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }} - - name: Add variables to environment + echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Get CNVERSION + id: set_cnversion run: | - echo "G_ACCOUNT=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV - echo "CNVERSION=$(cat files/docker/node/release-versions/cardano-node-latest.txt)" >> $GITHUB_ENV - echo "PUSH_TO_GA=false" >> $GITHUB_ENV - - name: Docker build container image + echo "cnversion=$(cat files/docker/node/release-versions/cardano-node-latest.txt)" >> $GITHUB_OUTPUT + build_production: + needs: set_environment_vars + if: needs.set_environment_vars.outputs.testing == 'false' && needs.set_environment_vars.outputs.guild_deploy_branch == 'master' + env: + REGISTRY: docker.io + runs-on: ubuntu-latest + steps: + - name: Set IMAGE_TAGS run: | - DOCKER_BUILDKIT=1 docker build . \ - --file files/docker/node/dockerfile_bin \ - --compress \ - --build-arg G_ACCOUNT=${{ env.G_ACCOUNT }} \ - --build-arg GUILD_DEPLOY_BRANCH=${{ env.GUILD_DEPLOY_BRANCH }} \ - --tag ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest - # Workaround to provide additional free space for builds. - # https://github.com/actions/virtual-environments/issues/2840 - sudo apt-get update -y - sudo apt-get remove -y '^dotnet-.*' - sudo apt-get remove -y 'php.*' - sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel - sudo apt-get autoremove -y - sudo apt-get clean - sudo rm -rf "/usr/share/dotnet" - sudo rm -rf "/usr/local/lib/android" - sudo rm -rf "/opt/ghc" - sudo rm -rf "/opt/hostedtoolcache/CodeQL" - sudo rm -rf "/usr/local/share/boost" - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - name: docker push latest - if: env.TESTING == 'false' && env.GUILD_DEPLOY_BRANCH == 'master' + GUILD_DEPLOY_BRANCH=$(echo "${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" | sed 's/\//_/g') + REGISTRY=${{ env.REGISTRY }} + REPO=${{ secrets.DOCKER_USER }} + REPO=${REPO,,} + IMAGE_NAME="$REGISTRY/$REPO/cardano-node" + CNVERSION=${{ needs.set_environment_vars.outputs.cnversion }} + IMAGE_TAGS="$IMAGE_NAME:latest,$IMAGE_NAME:$CNVERSION" + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_ENV + - uses: actions/checkout@v3 + with: + ref: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY}} + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and Push production container image + uses: docker/build-push-action@v5 + with: + context: . + file: files/docker/node/dockerfile_bin + push: true + tags: ${{ env.IMAGE_TAGS }} + build-args: | + G_ACCOUNT=${{ needs.set_environment_vars.outputs.g_account }} + GUILD_DEPLOY_BRANCH=${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Add summary details + if: always() + run: | + echo "## Summary Details" >> $GITHUB_STEP_SUMMARY + echo "* Image Name: ${{ env.IMAGE_NAME }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Tags: ${{ env.IMAGE_TAGS }}" >> $GITHUB_STEP_SUMMARY + echo "* G_ACCOUNT: ${{ needs.set_environment_vars.outputs.g_account }}" >> $GITHUB_STEP_SUMMARY + echo "* GUILD_DEPLOY_BRANCH: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY: ${{ env.REGISTRY }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY_USER: ${{ secrets.DOCKER_USER }}" >> $GITHUB_STEP_SUMMARY + build_testing: + needs: set_environment_vars + if: needs.set_environment_vars.outputs.testing == 'true' || needs.set_environment_vars.outputs.guild_deploy_branch != 'master' + env: + REGISTRY: ghcr.io + runs-on: ubuntu-latest + steps: + - name: Set IMAGE_TAGS run: | - CNVERSION=`cat files/docker/node/release-versions/cardano-node-latest.txt` - echo "PUSH_TO_GA=true" >> $GITHUB_ENV - docker push ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest - docker tag ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:latest ${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }} - docker push ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }} + GUILD_DEPLOY_BRANCH=$(echo "${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" | sed 's/\//_/g') + REGISTRY=${{ env.REGISTRY }} + REPO=${{ needs.set_environment_vars.outputs.g_account }} + IMAGE_NAME="$REGISTRY/$REPO/cardano-node" + CNVERSION=${{ needs.set_environment_vars.outputs.cnversion }} + SHA=${{ needs.set_environment_vars.outputs.short_sha }} + IMAGE_TAGS="$IMAGE_NAME:test,$IMAGE_NAME:$CNVERSION-$SHA,$IMAGE_NAME:$GUILD_DEPLOY_BRANCH-$SHA" + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_ENV + - uses: actions/checkout@v3 + with: + ref: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY}} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push testing container image + uses: docker/build-push-action@v5 + with: + context: . + file: files/docker/node/dockerfile_bin + push: true + tags: ${{ env.IMAGE_TAGS }} + build-args: | + G_ACCOUNT=${{ needs.set_environment_vars.outputs.g_account }} + GUILD_DEPLOY_BRANCH=${{ needs.set_environment_vars.outputs.guild_deploy_branch }} - name: Add summary details if: always() run: | echo "## Summary Details" >> $GITHUB_STEP_SUMMARY - echo "* Docker Image: ${{ env.REGISTRY }}/${{ secrets.DOCKER_USER }}/cardano-node:${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY - echo "* G_ACCOUNT: ${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_STEP_SUMMARY - echo "* GUILD_DEPLOY_BRANCH: ${{ env.GUILD_DEPLOY_BRANCH }}" >> $GITHUB_STEP_SUMMARY - echo "* Push to GA Registry: ${{ env.PUSH_TO_GA }}" >> $GITHUB_STEP_SUMMARY - echo "* CNVERSION: ${{ env.CNVERSION }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Name: ${{ env.IMAGE_NAME }}" >> $GITHUB_STEP_SUMMARY + echo "* Image Tags: ${{ env.IMAGE_TAGS }}" >> $GITHUB_STEP_SUMMARY + echo "* G_ACCOUNT: ${{ needs.set_environment_vars.outputs.g_account }}" >> $GITHUB_STEP_SUMMARY + echo "* GUILD_DEPLOY_BRANCH: ${{ needs.set_environment_vars.outputs.guild_deploy_branch }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY: ${{ env.REGISTRY }}" >> $GITHUB_STEP_SUMMARY + echo "* REGISTRY_USER: ${{ github.repository_owner }}" >> $GITHUB_STEP_SUMMARY diff --git a/scripts/cnode-helper-scripts/guild-deploy.sh b/scripts/cnode-helper-scripts/guild-deploy.sh index 702624d75..5ff1cfa77 100755 --- a/scripts/cnode-helper-scripts/guild-deploy.sh +++ b/scripts/cnode-helper-scripts/guild-deploy.sh @@ -397,11 +397,11 @@ download_cncli() { [[ -z ${ARCH##*aarch64*} ]] && err_exit " The cncli pre-compiled binary is not available for ARM, you might need to build them!" echo -e "\nInstalling CNCLI.." if command -v cncli >/dev/null; then cncli_version="v$(cncli -V 2>/dev/null | cut -d' ' -f2)"; else cncli_version="v0.0.0"; fi - cncli_git_version="$(curl -s https://api.github.com/repos/${G_ACCOUNT}/cncli/releases/latest | jq -r '.tag_name')" + cncli_git_version="$(curl -s https://api.github.com/repos/cardano-community/cncli/releases/latest | jq -r '.tag_name')" echo -e "\n Downloading CNCLI..." rm -rf /tmp/cncli-bin && mkdir /tmp/cncli-bin pushd /tmp/cncli-bin >/dev/null || err_exit - cncli_asset_url="$(curl -s https://api.github.com/repos/${G_ACCOUNT}/cncli/releases/latest | jq -r '.assets[].browser_download_url' | grep 'ubuntu22.*.linux-musl.tar.gz')" + cncli_asset_url="$(curl -s https://api.github.com/repos/cardano-community/cncli/releases/latest | jq -r '.assets[].browser_download_url' | grep 'ubuntu22.*.linux-musl.tar.gz')" if curl -sL -f -m ${CURL_TIMEOUT} -o cncli.tar.gz ${cncli_asset_url}; then tar zxf cncli.tar.gz &>/dev/null rm -f cncli.tar.gz