ci: update CI/CD pipeline for non-tee docker image builds and deployments

TartanLeGrand · TartanLeGrand · commit 397e597e1fcc · 2025-04-22T07:23:27.000+02:00
diff --git a/.drone.yml b/.drone.yml
@@ -810,119 +810,6 @@ steps:
         - protected-data-delivery-dapp-deploy-app-whitelist-staging
         - protected-data-delivery-dapp-deploy-app-whitelist-prod
 
----
-# dapp content-creator: build non-scone (non-tee) docker image & publish on docker-regis (dev)
-kind: pipeline
-type: docker
-name: protected-data-delivery-dapp publish non-tee docker image
-
-trigger:
-  event:
-    - promote
-  target:
-    # build the protected-data-delivery-dapp non-tee docker image for dev
-    - protected-data-delivery-dapp-docker-non-tee-dev
-    # build the protected-data-delivery-dapp non-tee docker image for staging
-    - protected-data-delivery-dapp-docker-non-tee-staging
-    # build the protected-data-delivery-dapp non-tee docker image for prod
-    - protected-data-delivery-dapp-docker-non-tee-prod
-  branch:
-    - develop
-    - main
-
-steps:
-  - name: install-dependencies
-    image: node:14-alpine3.11
-    pull: always
-    commands:
-      - cd packages/protected-data-delivery-dapp
-      - node -v
-      - npm -v
-      - npm ci
-
-  - name: format
-    image: node:14-alpine3.11
-    commands:
-      - cd packages/protected-data-delivery-dapp
-      - npm run check-format
-
-  - name: lint
-    image: node:18.19
-    commands:
-      - cd packages/protected-data-delivery-dapp
-      - npm run lint
-
-  - name: set-prod-tag-from-package
-    image: node:18.19
-    # generates the .tags file for the docker plugin
-    commands:
-      - cd packages/protected-data-delivery-dapp
-      - npm pkg get version | sed 's/"//g' > ../../.tags
-    when:
-      branch:
-        - main
-      target:
-        - protected-data-delivery-dapp-docker-non-tee-prod
-
-  - name: set-staging-tag
-    image: node:18.19
-    # generates the .tags file for the docker plugin
-    commands:
-      - cd packages/protected-data-delivery-dapp
-      - echo "staging-$DRONE_COMMIT" > ../../.tags
-    when:
-      branch:
-        - develop
-        - main
-      target:
-        - protected-data-delivery-dapp-docker-non-tee-staging
-
-  - name: publish-dev-non-tee-docker-image
-    # plugin doc https://plugins.drone.io/plugins/docker and repo https://github.com/drone-plugins/drone-docker
-    image: plugins/docker
-    pull: always
-    settings:
-      context: packages/protected-data-delivery-dapp
-      dockerfile: packages/protected-data-delivery-dapp/Dockerfile
-      registry: docker-regis.iex.ec
-      repo: docker-regis.iex.ec/product/protected-data-delivery-dapp
-      pull_image: true
-      username:
-        from_secret: nexus-user
-      password:
-        from_secret: nexus-password
-      tags:
-        - dev
-        - "dev-${DRONE_COMMIT}"
-    when:
-      branch:
-        - develop
-      target:
-        - protected-data-delivery-dapp-docker-non-tee-dev
-
-  - name: publish-prod/staging-non-tee-docker-image
-    # plugin doc https://plugins.drone.io/plugins/docker and repo https://github.com/drone-plugins/drone-docker
-    image: plugins/docker
-    pull: always
-    settings:
-      context: packages/protected-data-delivery-dapp
-      dockerfile: packages/protected-data-delivery-dapp/Dockerfile
-      # tag comes from .tags file
-      registry: docker-regis.iex.ec
-      repo: docker-regis.iex.ec/product/protected-data-delivery-dapp
-      pull_image: true
-      username:
-        from_secret: nexus-user
-      password:
-        from_secret: nexus-password
-    when:
-      branch:
-        - develop
-        - main
-      target:
-        - protected-data-delivery-dapp-docker-non-tee-staging
-        - protected-data-delivery-dapp-docker-non-tee-prod
-
 ---
 #pipeline to deploy dapp on iexec
 kind: pipeline
diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml
@@ -0,0 +1,54 @@
+name: Build and Push Protected Data Delivery Dapp Non-Tee Docker Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: 'Select deployment target'
+        required: true
+        default: non-tee-dev
+        type: choice
+        options:
+          - non-tee-dev
+          - non-tee-staging
+          - non-tee-prod
+
+jobs:
+  compute-tag:
+    runs-on: ubuntu-latest
+    outputs:
+      computed_tag: ${{ steps.set_tag.outputs.computed_tag }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set image tag
+        id: set_tag
+        run: |
+          set -e
+          if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
+            if [ "${{ github.event.inputs.target }}" = "non-tee-dev" ]; then
+              echo "computed_tag=dev+${GITHUB_SHA}" >> $GITHUB_OUTPUT
+            elif [ "${{ github.event.inputs.target }}" = "non-tee-staging" ]; then
+              echo "computed_tag=staging+${GITHUB_SHA}" >> $GITHUB_OUTPUT
+            elif [ "${{ github.event.inputs.target }}" = "non-tee-prod" ]; then
+              latest_tag=$(git describe --tags --abbrev=0)
+              echo "computed_tag=${latest_tag}+prod" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "computed_tag=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
+          fi
+
+  build:
+    needs: compute-tag
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@fix/docker/types
+    with:
+      image-name: 'docker-regis.iex.ec/product/protected-data-delivery-dapp'
+      image-tag: ${{ needs.compute-tag.outputs.computed_tag }}
+      security-scan: false
+      hadolint: false
+      push: true
+    secrets:
+      registry: 'docker-regis.iex.ec'
+      username: ${{ secrets.NEXUS_USER }}
+      password: ${{ secrets.NEXUS_PASSWORD }}
