From 89a6b5854ab3f64ae7454f546f7a0d787d1e466d Mon Sep 17 00:00:00 2001 From: jsanchez556 Date: Fri, 27 Sep 2024 19:07:34 -0600 Subject: [PATCH] GitHub Action for DockerHub build and publish #19 --- .github/workflows/docker-publish.yml | 83 ++++++++++++++++++++++++++++ README.md | 33 +++++++++++ build.sh | 0 3 files changed, 116 insertions(+) create mode 100644 .github/workflows/docker-publish.yml mode change 100644 => 100755 build.sh diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..250ea562 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,83 @@ +name: Build and Publish image to Docker Hub +on: + push: + branches: + - 'master' + tags: + - 'v*.*.*' + +jobs: + build_and_push: + env: + DOCKER_HUB: ${{ secrets.DOCKER_LOGIN }} + DOCKER_TAGS: latest + runs-on: ubuntu-22.04 + permissions: + id-token: write + attestations: write + contents: read + packages: write + + strategy: + matrix: + target: + - name: stone-prover + dockerfile: Dockerfile + - name: cpu_air_prover + dockerfile: air_prover/Dockerfile + - name: cpu_air_verifier + dockerfile: air_verifier/Dockerfile + continue-on-error: true + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_LOGIN }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Determine Docker Tags + id: set-tag + run: | + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + TAG_NAME=$(echo ${GITHUB_REF} | sed 's/refs\/tags\///') + echo "DOCKER_TAGS=${TAG_NAME}" >> $GITHUB_ENV + elif [[ "${GITHUB_REF}" == "refs/heads/master" ]]; then + echo "Latest version tags..." + else + echo "No valid ref for tagging. Exiting..." + exit 1 + fi + shell: bash + + - name: Set image tags & labels + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_HUB }}/${{ matrix.target.name }} + tags: ${{ env.DOCKER_TAGS }} + + - name: Build And Push Image + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ${{ matrix.target.dockerfile }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + if: github.event.repository.fork == false + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ secrets.DOCKER_LOGIN }}/${{ matrix.target.name }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + diff --git a/README.md b/README.md index 72a5214a..0e8f9bc4 100644 --- a/README.md +++ b/README.md @@ -149,4 +149,37 @@ Run the verifier to confirm the proof: cpu_air_verifier --in_file=fibonacci_proof.json && echo "Successfully verified example proof." ``` +## Docker Image Publishing + +This repository contains a GitHub Actions workflow that automatically builds and publishes Docker images to Docker Hub. + +- **Workflow file:** `.github/workflows/docker-publish.yml` + +### Usage + +1. Set up the following GitHub repository secrets under **Settings** > **Secrets and variables** > **Actions**: + - `DOCKER_LOGIN`: Your Docker Hub username. + - `DOCKERHUB_TOKEN`: Your Docker Hub access token. +2. The workflow is triggered by any push or pull request to the `master` branch. It builds the Docker image and publishes it to Docker Hub. + +### Workflow Overview + +The workflow performs the following actions: +- Checks out the repository code. +- Sets up Docker Buildx for cross-platform builds. +- Logs in to Docker Hub using the credentials stored in GitHub Secrets. +- Builds the Docker image based on the repository content. +- Pushes the image to Docker Hub with the specified tag. +- Generates an attestation for the image artifact (not applicable to forked repositories). +- Logs out of Docker Hub after the process is complete. + +### Tests + +1. Forked the original repository. +2. To use the local Docker Hub, update the workflow file by setting `env.DOCKER_HUB` to `127.0.0.1:5000`. +3. Temporarily updated the workflow trigger branch for testing purposes. +4. Pushed a small change to trigger the workflow. +5. Monitored the workflow in the **Actions** tab. +6. Verified the Docker image was pushed to local Docker Hub. + This project is supported by Nethermind and Starknet Foundation via [OnlyDust platform](https://app.onlydust.com/p/stone-packaging-) diff --git a/build.sh b/build.sh old mode 100644 new mode 100755