oasis-sdk/.github/workflows/rofl-dev-image.yml at b559f59cab8a964f4a10bf76f7462e3883c6c4d4 · oasisprotocol/oasis-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge.
name: rofl-dev-image

on:
  push:
    # XXX: ideally on main branches we would build the image only if there are changes in the
    # 'docker/' directory (as we do in pull_requests). However, this doesn't work when pushing a new
    # 'stable/*' branch - the build on a new branch does not trigger unless there are changes
    # compared to main on the filtered path.
    # If this is ever fixed, or per branch filters are possible, bring back the path filter to only
    # build the image when there are changes within 'docker/' directory.
    branches:
      - main
      - stable/*
    tags:
      - 'rofl-dev/v[0-9]+.[0-9]+*'
  # Or when a pull request event occurs for a pull request against one of the matched branches and at least
  # one modified file matches the configured paths.
  #
  # NOTE: We use this to be able to easily test Docker image changes.
  pull_request:
    branches:
      - main
      - stable/*
    paths:
      - docker/rofl-dev/**
  # Or every day at 04:00 UTC (for the default/main branch).
  schedule:
    - cron: "0 4 * * *"

# Cancel in-progress jobs on same branch.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:

  build-rofl-dev:
    # NOTE: This name appears in GitHub's Checks API.
    name: build-rofl-dev
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # Check out pull request's HEAD commit instead of the merge commit.
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Determine tag name
        id: determine-tag
        uses: ./.github/actions/determine-tag
        with:
          # Trim prefix for tags.
          trim_prefix: rofl-dev/

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: "Rebuild oasisprotocol/rofl-dev:${{ steps.determine-tag.outputs.tag }}"
        uses: docker/build-push-action@v5
        with:
          context: docker/rofl-dev
          file: docker/rofl-dev/Dockerfile.full
          tags: ghcr.io/oasisprotocol/rofl-dev:${{ steps.determine-tag.outputs.tag }}
          pull: true
          push: true
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.html_url }}
            org.opencontainers.image.created=${{ steps.determine-tag.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

  build-rofl-dev-minimal:
    # NOTE: This name appears in GitHub's Checks API.
    name: build-rofl-dev-minimal
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          # Check out pull request's HEAD commit instead of the merge commit.
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Determine tag name
        id: determine-tag
        uses: ./.github/actions/determine-tag
        with:
          # Trim prefix for tags.
          trim_prefix: rofl-dev/

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: "Rebuild oasisprotocol/rofl-dev:${{ steps.determine-tag.outputs.tag }}-minimal"
        uses: docker/build-push-action@v5
        with:
          context: docker/rofl-dev
          file: docker/rofl-dev/Dockerfile.minimal
          tags: ghcr.io/oasisprotocol/rofl-dev:${{ steps.determine-tag.outputs.tag }}-minimal
          pull: true
          push: true
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.html_url }}
            org.opencontainers.image.created=${{ steps.determine-tag.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

  prune-old-images:
    # NOTE: This name appears in GitHub's Checks API.
    name: prune-old-images
    if: ${{ always() }}
    needs: [build-rofl-dev, build-rofl-dev-minimal]
    runs-on: ubuntu-latest
    steps:
      - name: Prune old ghcr.io/oasisprotocol/rofl-dev images
        uses: vlaurin/action-ghcr-prune@v0.6.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          organization: oasisprotocol
          container: rofl-dev
          keep-younger-than: 7 # days
          keep-last: 2
          prune-tags-regexes: ^pr-