Skip to content

Create and publish container images #31

Create and publish container images

Create and publish container images #31

Workflow file for this run

---
name: Create and publish container images
# Build strategy: we want to build new containers immediately
# prior to deploying testnets using those containers. We don't
# trigger the container-build workflow on merge or tag events;
# rather, we set `workflow_call` so the different deploy workflows
# can execute this workflow and wait on its completion.
on:
workflow_call:
workflow_dispatch:
jobs:
penumbra:
runs-on: buildjet-16vcpu-ubuntu-2204
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true
- name: Log in to the Docker Hub container registry (for pulls)
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to the GitHub container registry (for pushes)
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/penumbra-zone/penumbra
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
file: deployments/containerfiles/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
grafana:
# No need for a heavy runner, we're just copying in a few files, not compiling.
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Docker Hub container registry (for pulls)
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to the GitHub container registry (for pushes)
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/penumbra-zone/grafana
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
file: deployments/containerfiles/Dockerfile-grafana
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
osiris:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
needs:
- penumbra
steps:
- name: Checkout repository
uses: actions/checkout@v4
# We use the GHA Repository Dispatch functionality to trigger a container
# build in the penumbra-zone/osiris repo.
- name: Trigger remote build
shell: bash
env:
GITHUB_PAT: ${{ secrets.GH_PAT }}
run: |-
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}'
cd deployments/
./scripts/gha-repository-dispatch penumbra-zone/osiris
galileo:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# The upstream container references the Penumbra container by tag,
# so ensure it exists.
needs:
- penumbra
steps:
- name: Checkout repository
uses: actions/checkout@v4
# We use the GHA Repository Dispatch functionality to trigger a container
# build in the penumbra-zone/galileo repo.
- name: Trigger remote build
shell: bash
env:
GITHUB_PAT: ${{ secrets.GH_PAT }}
run: |-
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}'
# Galileo only runs against public testnets, so skip building non-tagged versions.
if ! grep -q '^v' <<< "$PENUMBRA_VERSION" ; then
echo "Detected version '$PENUBRA_VERSION', skipping Galileo container build"
exit 0
fi
cd deployments/
./scripts/gha-repository-dispatch penumbra-zone/galileo
relayer:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Docker Hub container registry (for pulls)
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to the GitHub container registry (for pushes)
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/penumbra-zone/relayer
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
file: deployments/containerfiles/Dockerfile-relayer
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}