Create and publish container images #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Create and publish container images | |
# Build strategy: we want to build new containers immediately | |
# prior to deploying testnets using those containers. We don't | |
# trigger the container-build workflow on merge or tag events; | |
# rather, we set `workflow_call` so the different deploy workflows | |
# can execute this workflow and wait on its completion. | |
on: | |
workflow_call: | |
workflow_dispatch: | |
jobs: | |
penumbra: | |
runs-on: buildjet-16vcpu-ubuntu-2004 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Log in to the Docker Hub container registry (for pulls) | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Log in to the GitHub container registry (for pushes) | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/penumbra-zone/penumbra | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/amd64 | |
file: deployments/containerfiles/Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
grafana: | |
# No need for a heavy runner, we're just copying in a few files, not compiling. | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Log in to the Docker Hub container registry (for pulls) | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Log in to the GitHub container registry (for pushes) | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/penumbra-zone/grafana | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/amd64 | |
file: deployments/containerfiles/Dockerfile-grafana | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
osiris: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
needs: | |
- penumbra | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# We use the GHA Repository Dispatch functionality to trigger a container | |
# build in the penumbra-zone/osiris repo. | |
- name: Trigger remote build | |
shell: bash | |
env: | |
GITHUB_PAT: ${{ secrets.GH_PAT }} | |
run: |- | |
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' | |
cd deployments/ | |
./scripts/gha-repository-dispatch penumbra-zone/osiris | |
galileo: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
# The upstream container references the Penumbra container by tag, | |
# so ensure it exists. | |
needs: | |
- penumbra | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# We use the GHA Repository Dispatch functionality to trigger a container | |
# build in the penumbra-zone/galileo repo. | |
- name: Trigger remote build | |
shell: bash | |
env: | |
GITHUB_PAT: ${{ secrets.GH_PAT }} | |
run: |- | |
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' | |
# Galileo only runs against public testnets, so skip building non-tagged versions. | |
if ! grep -q '^v' <<< "$PENUMBRA_VERSION" ; then | |
echo "Detected version '$PENUBRA_VERSION', skipping Galileo container build" | |
exit 0 | |
fi | |
cd deployments/ | |
./scripts/gha-repository-dispatch penumbra-zone/galileo | |
hermes: | |
runs-on: ubuntu-latest | |
needs: | |
- penumbra | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# We use the GHA Repository Dispatch functionality to trigger a container | |
# build in the penumbra-zone/hermes repo. | |
- name: Trigger remote build | |
shell: bash | |
env: | |
GITHUB_PAT: ${{ secrets.GH_PAT }} | |
run: |- | |
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}' | |
# Hermes only runs against public testnets, so we need only build tags, but for now | |
# we build even on main, to ensure a working build as ibc code changes. | |
cd deployments/ | |
./scripts/gha-repository-dispatch penumbra-zone/hermes | |
relayer: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Log in to the Docker Hub container registry (for pulls) | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Log in to the GitHub container registry (for pushes) | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/penumbra-zone/relayer | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/amd64 | |
file: deployments/containerfiles/Dockerfile-relayer | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |