diff --git a/.github/workflows/reusable-subgraph-deployer-docker.yml b/.github/workflows/reusable-subgraph-deployer-docker.yml new file mode 100644 index 000000000..39082f4fd --- /dev/null +++ b/.github/workflows/reusable-subgraph-deployer-docker.yml @@ -0,0 +1,37 @@ +name: docker workflow for dataprotector subgraph deployer + +on: + workflow_call: + inputs: + dry-run: + description: 'Run in dry-run mode (the docker image will not be published)' + default: false + type: boolean + tag: + description: 'Tag of Docker Image' + default: 'latest' + type: string + secrets: + docker-username: + description: 'Docker registry username (required unless `dry-run: true`)' + required: false + docker-password: + description: 'Docker registry password or PAT (required unless `dry-run: true`)' + required: false + +jobs: + docker-publish: + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v2.3.1 + with: + image-name: 'iexechub/dataprotector-subgraph-deployer' + registry: 'docker.io' + dockerfile: 'packages/subgraph/deployer.Dockerfile' + context: 'packages/subgraph' + security-scan: true + security-report: 'sarif' + hadolint: true + push: ${{ !inputs.dry-run }} + image-tag: ${{ inputs.tag }} + secrets: + username: ${{ secrets.docker-username }} + password: ${{ secrets.docker-password }} diff --git a/.github/workflows/subgraph-ci.yml b/.github/workflows/subgraph-ci.yml index cf1486d15..1183deb77 100644 --- a/.github/workflows/subgraph-ci.yml +++ b/.github/workflows/subgraph-ci.yml @@ -52,3 +52,8 @@ jobs: - name: Build working-directory: packages/subgraph run: npm run build + + deployer-docker-dry-run: + uses: ./.github/workflows/reusable-subgraph-deployer-docker.yml + with: + dry-run: true diff --git a/.github/workflows/subgraph-deployer-publish-docker.yml b/.github/workflows/subgraph-deployer-publish-docker.yml new file mode 100644 index 000000000..b155a7e97 --- /dev/null +++ b/.github/workflows/subgraph-deployer-publish-docker.yml @@ -0,0 +1,45 @@ +name: Subgraph - deployer Docker Image + +on: + # For staging releases + workflow_dispatch: + # For latest releases + release: + types: [published] + +jobs: + get-version: + if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'release' && startsWith(github.ref_name,'subgraph-v')) }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + - name: compute version + id: compute-publish-version + run: | + CURRENT_VERSION=$(npm pkg get version | tr -d '"') + if [ "${{ github.event_name }}" = "release" ]; then + echo "Release detected, setting version to ${CURRENT_VERSION}" + echo "VERSION=${CURRENT_VERSION}" | tee -a $GITHUB_OUTPUT + else + echo "Manual dispatch detected, setting staging version" + BRANCH=$(echo "${{ github.ref_name }}" | sed 's|/|-|g') + COMMIT_SHA="${{ github.sha }}" + echo "VERSION=${CURRENT_VERSION}-${BRANCH}-${COMMIT_SHA::7}" | tee -a $GITHUB_OUTPUT + fi + outputs: + version: ${{ steps.compute-publish-version.outputs.VERSION }} + + docker-publish: + if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'release' && startsWith(github.ref_name,'subgraph-v')) }} + uses: ./.github/workflows/reusable-subgraph-deployer-docker.yml + needs: get-version + with: + tag: ${{ needs.get-version.outputs.version }} + secrets: + docker-username: ${{ secrets.DOCKERHUB_USERNAME }} + docker-password: ${{ secrets.DOCKERHUB_PAT }} diff --git a/packages/subgraph/deployer.Dockerfile b/packages/subgraph/deployer.Dockerfile index 31d647aa2..85fb4a5f7 100644 --- a/packages/subgraph/deployer.Dockerfile +++ b/packages/subgraph/deployer.Dockerfile @@ -1,4 +1,4 @@ -FROM node:20.18 +FROM node:20 RUN mkdir /app