Skip to content

Commit 470f0b5

Browse files
PierreJeanjacquotPierreJeanjacquot
committed
fix(sconify)!: output debug-image-tag and prod-image-tag instead of debug-image and prod-image
1 parent bfcbf9a commit 470f0b5

File tree

2 files changed

+33
-31
lines changed

2 files changed

+33
-31
lines changed

.github/workflows/sconify.yml

Lines changed: 29 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -80,18 +80,18 @@ on:
8080
description: "Signing Key for Scone Production (not required with `sconify-prod: false`)"
8181
required: false
8282
outputs:
83-
debug-image:
84-
description: "Debug Sconified Image"
85-
value: ${{ jobs.build.outputs.debug-image }}
83+
debug-image-tag:
84+
description: "Debug Sconified Image Tag"
85+
value: ${{ jobs.build.outputs.debug-image-tag }}
8686
debug-mrenclave:
8787
description: "Debug Sconified Image MrEnclave Fingerprint"
8888
value: ${{ jobs.build.outputs.debug-mrenclave }}
8989
debug-checksum:
9090
description: "Debug Sconified Image Checksum"
9191
value: ${{ jobs.build.outputs.debug-checksum }}
92-
prod-image:
93-
description: "Prod Sconified Image"
94-
value: ${{ jobs.build.outputs.prod-image }}
92+
prod-image-tag:
93+
description: "Prod Sconified Image Tag"
94+
value: ${{ jobs.build.outputs.prod-image-tag }}
9595
prod-mrenclave:
9696
description: "Prod Sconified Image MrEnclave Fingerprint"
9797
value: ${{ jobs.build.outputs.prod-mrenclave }}
@@ -103,10 +103,10 @@ jobs:
103103
build:
104104
runs-on: ${{ inputs.runner }}
105105
outputs:
106-
debug-image: ${{ steps.push-debug.outputs.image }}
106+
debug-image-tag: ${{ steps.push-debug.outputs.tag }}
107107
debug-mrenclave: ${{ steps.push-debug.outputs.mrenclave }}
108108
debug-checksum: ${{ steps.push-debug.outputs.checksum }}
109-
prod-image: ${{ steps.push-prod.outputs.image }}
109+
prod-image-tag: ${{ steps.push-prod.outputs.tag }}
110110
prod-mrenclave: ${{ steps.push-prod.outputs.mrenclave }}
111111
prod-checksum: ${{ steps.push-prod.outputs.checksum }}
112112
steps:
@@ -116,17 +116,19 @@ jobs:
116116
- name: Prepare Sconify Command
117117
id: prepare-command
118118
run: |
119-
FROM_IMAGE=${{ inputs.docker-registry }}/${{ inputs.image-name }}:${{ inputs.image-tag }}
120-
DEBUG_IMAGE=$FROM_IMAGE-scone-debug-${{ inputs.sconify-version }}
121-
echo "debug-image=$DEBUG_IMAGE"
122-
echo "debug-image=$DEBUG_IMAGE" >> "$GITHUB_OUTPUT"
123-
PROD_IMAGE=$FROM_IMAGE-scone-prod-${{ inputs.sconify-version }}
124-
echo "prod-image=$PROD_IMAGE"
125-
echo "prod-image=$PROD_IMAGE" >> "$GITHUB_OUTPUT"
119+
IMAGE_REPO=${{ inputs.docker-registry }}/${{ inputs.image-name }}
120+
DEBUG_IMAGE_TAG=${{ inputs.image-tag }}-scone-debug-${{ inputs.sconify-version }}
121+
PROD_IMAGE_TAG=${{ inputs.image-tag }}-scone-prod-${{ inputs.sconify-version }}
122+
123+
echo "image-repo=$IMAGE_REPO" | tee -a "$GITHUB_OUTPUT"
124+
echo "debug-image-tag=$DEBUG_IMAGE_TAG" | tee -a "$GITHUB_OUTPUT"
125+
echo "prod-image-tag=$PROD_IMAGE_TAG" | tee -a "$GITHUB_OUTPUT"
126+
127+
# Prepare the base command for sconify
126128
SCONIFY_CMD="sconify_iexec"
127129
# REQUIRED:
128130
# --from
129-
SCONIFY_CMD+=" --from=$FROM_IMAGE"
131+
SCONIFY_CMD+=" --from=$IMAGE_REPO:${{ inputs.image-tag }}"
130132
# --to will be added later on
131133
# --binary
132134
SCONIFY_CMD+=" --binary=${{ inputs.binary }}"
@@ -152,8 +154,8 @@ jobs:
152154
# DEBUG
153155
# --verbose --no-color options
154156
SCONIFY_CMD+=" --verbose --no-color"
155-
echo "sconify-base-command=$SCONIFY_CMD"
156-
echo "sconify-base-command=$SCONIFY_CMD" >> "$GITHUB_OUTPUT"
157+
158+
echo "sconify-base-command=$SCONIFY_CMD" | tee -a "$GITHUB_OUTPUT"
157159
158160
- name: Login to Docker Registry
159161
uses: docker/login-action@v3
@@ -183,16 +185,16 @@ jobs:
183185
-v /var/run/docker.sock:/var/run/docker.sock \
184186
registry.scontain.com/scone-production/iexec-sconify-image:${{ inputs.sconify-version }} \
185187
${{ steps.prepare-command.outputs.sconify-base-command }} \
186-
--to=${{ steps.prepare-command.outputs.debug-image }}
188+
--to=${{ steps.prepare-command.outputs.image-repo }}:${{ steps.prepare-command.outputs.debug-image-tag }}
187189
188190
- name: Push Debug Image
189191
if: ${{ inputs.sconify-debug }}
190192
id: push-debug
191193
run: |
192-
docker push ${{ steps.prepare-command.outputs.debug-image }}
193-
echo "image=${{ steps.prepare-command.outputs.debug-image }}" >> "$GITHUB_OUTPUT"
194-
echo "checksum=0x$(docker image inspect ${{ steps.prepare-command.outputs.debug-image }} | jq .[0].RepoDigests[0] | sed 's/"//g' | awk -F '@sha256:' '{print $2}')" >> "$GITHUB_OUTPUT"
195-
echo "mrenclave=$(docker run --rm -e SCONE_HASH=1 ${{ steps.prepare-command.outputs.debug-image }})" >> "$GITHUB_OUTPUT"
194+
docker push ${{ steps.prepare-command.outputs.image-repo }}:${{ steps.prepare-command.outputs.debug-image-tag }}
195+
echo "tag=${{ steps.prepare-command.outputs.debug-image-tag }}" | tee -a "$GITHUB_OUTPUT"
196+
echo "checksum=0x$(docker image inspect ${{ steps.prepare-command.outputs.image-repo }}:${{ steps.prepare-command.outputs.debug-image-tag }} | jq .[0].RepoDigests[0] | sed 's/"//g' | awk -F '@sha256:' '{print $2}')" | tee -a "$GITHUB_OUTPUT"
197+
echo "mrenclave=$(docker run --rm -e SCONE_HASH=1 ${{ steps.prepare-command.outputs.image-repo }}:${{ steps.prepare-command.outputs.debug-image-tag }})" | tee -a "$GITHUB_OUTPUT"
196198
197199
- name: Sconify Image Prod
198200
if: ${{ inputs.sconify-prod }}
@@ -212,10 +214,10 @@ jobs:
212214
if: ${{ inputs.sconify-prod }}
213215
id: push-prod
214216
run: |
215-
docker push ${{ steps.prepare-command.outputs.prod-image }}
216-
echo "image=${{ steps.prepare-command.outputs.prod-image }}" >> "$GITHUB_OUTPUT"
217-
echo "checksum=0x$(docker image inspect ${{ steps.prepare-command.outputs.prod-image }} | jq .[0].RepoDigests[0] | sed 's/"//g' | awk -F '@sha256:' '{print $2}')" >> "$GITHUB_OUTPUT"
218-
echo "mrenclave=$(docker run --rm -e SCONE_HASH=1 ${{ steps.prepare-command.outputs.prod-image }})" >> "$GITHUB_OUTPUT"
217+
docker push ${{ steps.prepare-command.outputs.image-repo }}:${{ steps.prepare-command.outputs.prod-image-tag }}
218+
echo "tag=${{ steps.prepare-command.outputs.prod-image-tag }}" | tee -a "$GITHUB_OUTPUT"
219+
echo "checksum=0x$(docker image inspect ${{ steps.prepare-command.outputs.prod-image }} | jq .[0].RepoDigests[0] | sed 's/"//g' | awk -F '@sha256:' '{print $2}')" | tee -a "$GITHUB_OUTPUT"
220+
echo "mrenclave=$(docker run --rm -e SCONE_HASH=1 ${{ steps.prepare-command.outputs.prod-image }})" | tee -a "$GITHUB_OUTPUT"
219221
220222
- name: Clean Temporary Directory
221223
if: always()

sconify/README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -59,10 +59,10 @@ The workflow performs the following actions:
5959

6060
| **Output** | **Description** |
6161
| ------------------- | ---------------------------------------------------------------------------------- |
62-
| **debug-image** | Debug Sconified Image (unless `inputs.sconify-debug: false`) |
62+
| **debug-image-tag** | Debug Sconified Image Tag (unless `inputs.sconify-debug: false`) |
6363
| **debug-mrenclave** | Debug Sconified Image MrEnclave Fingerprint (unless `inputs.sconify-debug: false`) |
6464
| **debug-checksum** | Debug Sconified Image Checksum (unless `inputs.sconify-debug: false`) |
65-
| **prod-image** | Prod Sconified Image (unless `inputs.sconify-prod: false`) |
65+
| **prod-image-tag** | Prod Sconified Image Tag (unless `inputs.sconify-prod: false`) |
6666
| **prod-mrenclave** | Prod Sconified Image MrEnclave Fingerprint (unless `inputs.sconify-prod: false`) |
6767
| **prod-checksum** | Prod Sconified Image Checksum (unless `inputs.sconify-prod: false`) |
6868

@@ -127,8 +127,8 @@ jobs:
127127
needs: sconify
128128
steps:
129129
- run: |
130-
echo "DEBUG IMAGE INFO: image=${{ needs.sconify.outputs.debug-image }} | checksum=${{ needs.sconify.outputs.debug-checksum }} | mrenclave=${{ needs.sconify.outputs.debug-mrenclave }}"
131-
echo "PROD IMAGE INFO: image=${{ needs.sconify.outputs.prod-image }} | checksum=${{ needs.sconify.outputs.prod-checksum }} | mrenclave=${{ needs.sconify.outputs.prod-mrenclave }}"
130+
echo "DEBUG IMAGE INFO: tag=${{ needs.sconify.outputs.debug-image-tag }} | checksum=${{ needs.sconify.outputs.debug-checksum }} | mrenclave=${{ needs.sconify.outputs.debug-mrenclave }}"
131+
echo "PROD IMAGE INFO: tag=${{ needs.sconify.outputs.prod-image-tag }} | checksum=${{ needs.sconify.outputs.prod-checksum }} | mrenclave=${{ needs.sconify.outputs.prod-mrenclave }}"
132132
```
133133
134134
3. **Configure Secrets**

0 commit comments

Comments
 (0)