Improved forced inclusion test (#601) #38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Nethermind] Catalyst Node - Docker build and push" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [master] | |
| tags: | |
| - "v*" | |
| paths: | |
| - "common/**" | |
| - "permissionless/**" | |
| - "whitelist/**" | |
| - "tools/p2p_node/p2p_network/**" | |
| env: | |
| DOCKER_PUBLIC_REGISTRY: docker.io | |
| DOCKER_PUBLIC_REPOSITORY: nethermind/catalyst-node | |
| DOCKER_REGISTRY: nethermind.jfrog.io | |
| DOCKER_REPOSITORY_STAGING: core-oci-local-staging/catalyst-node | |
| DOCKER_REPOSITORY_PROD: core-oci-local-prod/catalyst-node | |
| jobs: | |
| build: | |
| name: Build per-arch image | |
| runs-on: ${{ matrix.os }} | |
| if: github.repository == 'NethermindEth/Catalyst' | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| platform: linux/amd64 | |
| short: amd64 | |
| - os: ubuntu-24.04-arm | |
| platform: linux/arm64 | |
| short: arm64 | |
| outputs: | |
| digest-amd64: ${{ steps.digest.outputs.amd64 }} | |
| digest-arm64: ${{ steps.digest.outputs.arm64 }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.DOCKER_REGISTRY }} | |
| username: ${{ secrets.ARTIFACTORY_CORE_USERNAME }} | |
| password: ${{ secrets.ARTIFACTORY_CORE_TOKEN_DEVELOPER }} | |
| - name: Build and push by digest | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: ${{ matrix.platform }} | |
| push: true | |
| outputs: type=image,name=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY_STAGING }},push-by-digest=true,name-canonical=true | |
| - name: Set digest output | |
| id: digest | |
| run: | | |
| if [ "${{ matrix.short }}" = "amd64" ]; then | |
| echo "amd64=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT | |
| fi | |
| if [ "${{ matrix.short }}" = "arm64" ]; then | |
| echo "arm64=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT | |
| fi | |
| merge: | |
| name: Merge and push multi-arch manifest | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.DOCKER_REGISTRY }} | |
| username: ${{ secrets.ARTIFACTORY_CORE_USERNAME }} | |
| password: ${{ secrets.ARTIFACTORY_CORE_TOKEN_DEVELOPER }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Determine event type and set tags | |
| id: event | |
| run: | | |
| if [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
| echo "is_tag=true" >> $GITHUB_OUTPUT | |
| echo "is_branch=false" >> $GITHUB_OUTPUT | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "tag_list=type=raw,value=$VERSION" >> $GITHUB_OUTPUT | |
| else | |
| echo "is_tag=false" >> $GITHUB_OUTPUT | |
| echo "is_branch=true" >> $GITHUB_OUTPUT | |
| echo "tag_list=type=raw,value=latest" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY_STAGING }} | |
| tags: ${{ steps.event.outputs.tag_list }} | |
| - name: Create manifest list and push | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| ${{ needs.build.outputs.digest-amd64 }} \ | |
| ${{ needs.build.outputs.digest-arm64 }} | |
| - name: Setup ORAS | |
| uses: oras-project/setup-oras@v1 | |
| - name: Check ORAS version | |
| run: oras version | |
| - name: Login to registry with ORAS | |
| run: | | |
| oras login ${{ env.DOCKER_REGISTRY }} \ | |
| -u ${{ secrets.ARTIFACTORY_CORE_USERNAME }} \ | |
| -p ${{ secrets.ARTIFACTORY_CORE_TOKEN_DEVELOPER }} | |
| - name: Determine tags to promote | |
| id: promote-tags | |
| run: | | |
| if [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
| VERSION=${GITHUB_REF#refs/tags/} | |
| BASE_VERSION=${VERSION%} | |
| echo "TAGS=latest $BASE_VERSION" >> $GITHUB_ENV | |
| else | |
| echo "TAGS=latest" >> $GITHUB_ENV | |
| fi | |
| - name: Promote to Jfrog Production | |
| run: | | |
| for tag in $TAGS; do | |
| echo "Current tag: $tag" | |
| source_image="${DOCKER_REGISTRY}/${DOCKER_REPOSITORY_STAGING}:${tag}" | |
| prod_image="${DOCKER_REGISTRY}/${DOCKER_REPOSITORY_PROD}:${tag}" | |
| echo "Promoting ${source_image} to ${prod_image}" | |
| oras cp -r "${source_image}" "${prod_image}" | |
| done | |
| - name: Login to Dockerhub registry with ORAS | |
| run: | | |
| oras login ${{ env.DOCKER_PUBLIC_REGISTRY }} \ | |
| -u ${{ secrets.DOCKER_USERNAME }} \ | |
| -p ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Promote to Dockerhub Production | |
| run: | | |
| for tag in $TAGS; do | |
| echo "Current tag: $tag" | |
| source_image="${DOCKER_REGISTRY}/${DOCKER_REPOSITORY_STAGING}:${tag}" | |
| prod_image="${DOCKER_PUBLIC_REGISTRY}/${DOCKER_PUBLIC_REPOSITORY}:${tag}" | |
| echo "Promoting ${source_image} to ${prod_image}" | |
| oras cp -r "${source_image}" "${prod_image}" | |
| done | |
| - name: Summary | |
| run: | | |
| echo "## Catalyst Node Docker build Completed" >> $GITHUB_STEP_SUMMARY | |
| echo "### Tags" >> $GITHUB_STEP_SUMMARY | |
| for tag in $TAGS; do | |
| echo "- $tag" >> $GITHUB_STEP_SUMMARY | |
| done | |
| echo "### Notes" >> $GITHUB_STEP_SUMMARY | |
| echo "- The images have been pushed to ${DOCKER_REPOSITORY_STAGING} repo" >> $GITHUB_STEP_SUMMARY | |
| echo "- **STAGING Repository**: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY_STAGING }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **PROD Repository**: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REPOSITORY_PROD }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Platforms**: linux/amd64, linux/arm64" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY | |