Ockam Container Release #117
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ockam Container Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Ockam tag to build' | |
| required: true | |
| binaries_sha: | |
| description: 'Ockam Release Assets SHA' | |
| required: false | |
| is_release: | |
| description: 'Indicate If Workflow Is To Release Ockam Package Or Be A Draft' | |
| type: choice | |
| default: 'false' | |
| options: | |
| - 'false' | |
| - 'true' | |
| permissions: | |
| contents: read | |
| env: | |
| DEPLOYMENT_NAME: ockam | |
| ARTIFACT_NAME: ockam | |
| ORGANIZATION: ${{ github.repository_owner }} | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build-and-publish-artifact: | |
| if: github.event.inputs.is_release == 'false' | |
| name: "Build And Publish Ockam Container As Draft" | |
| runs-on: ubuntu-22.04 | |
| environment: release | |
| permissions: | |
| actions: read | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| path: ockam | |
| - name: Download Assets From AWS | |
| uses: ./ockam/.github/actions/aws_upload | |
| with: | |
| aws_role: ${{ vars.AWS_ROLE }} | |
| aws_role_session_name: aws_upload | |
| aws_region: ${{ vars.AWS_REGION }} | |
| bucket_name: ${{ vars.AWS_BUCKET_NAME }} | |
| release_version: "${{ github.event.inputs.tag }}" | |
| download_release_dir: "assets" | |
| - name: Update Docker Template | |
| run: | | |
| set -x | |
| temp_dir=$(mktemp -d) | |
| cp ./ockam/tools/templates/ockam.dockerfile $temp_dir/Dockerfile | |
| cd $temp_dir | |
| binaries=(${{ github.event.inputs.binaries_sha }}) | |
| for binary in ${binaries[@]}; do | |
| echo "$binary" | |
| file=(${binary//:/ }) | |
| echo "${file[@]}" | |
| if [[ ${file[0]} == *".so"* || ${file[0]} == *".sig"* ]]; then | |
| echo "elixir nif library found, skipping." | |
| continue | |
| fi | |
| sed -i "s/${file[0]}_sha256_value/${file[1]}/g" Dockerfile | |
| done | |
| cat Dockerfile | |
| cp Dockerfile $GITHUB_WORKSPACE/ockam/tools/templates | |
| - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
| with: | |
| registry: ghcr.io | |
| username: $ORGANIZATION | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 | |
| - id: buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 | |
| # TODO: change after new buildkit version gets fixed | |
| # https://github.com/moby/buildkit/issues/3347 | |
| # https://github.com/docker/build-push-action/issues/761 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:v0.10.6 | |
| - name: Build And Publish As Draft | |
| run: | | |
| tag_name="${{ github.event.inputs.tag }}" | |
| # strip off the 'v' prefix from v0.146.0 | |
| version=${tag_name:1} | |
| docker buildx build --push \ | |
| --tag ghcr.io/${ORGANIZATION}/ockam:${version}-draft \ | |
| --file ./ockam/tools/templates/Dockerfile \ | |
| --platform linux/amd64,linux/arm64/v8 . | |
| make-latest: | |
| if: github.event.inputs.is_release == 'true' | |
| name: "Make Draft Release Latest" | |
| runs-on: ubuntu-22.04 | |
| environment: release | |
| permissions: | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
| with: | |
| registry: ghcr.io | |
| username: ${ORGANIZATION} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Version | |
| id: image | |
| run: | | |
| tag_name="${{ github.event.inputs.tag }}" | |
| # strip off the 'v' prefix | |
| version=${tag_name:1} | |
| echo "version=${version}" >> $GITHUB_OUTPUT | |
| - name: Deploy Latest Image | |
| run: | | |
| set -o xtrace | |
| docker pull ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft | |
| manifest=$(docker manifest inspect -v ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft) | |
| refs=$(echo $manifest | jq -r .[].Descriptor.digest) | |
| amended_refs="" | |
| for ref in ${refs[@]}; do | |
| amended_refs=" ${amended_refs[@]} --amend ghcr.io/${ORGANIZATION}/ockam@$ref" | |
| done | |
| docker manifest create ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }} $amended_refs | |
| docker manifest push ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }} | |
| docker manifest create ghcr.io/${ORGANIZATION}/ockam:latest $amended_refs | |
| docker manifest push ghcr.io/${ORGANIZATION}/ockam:latest |