ci: bump actions/download-artifact from 4 to 5 #390

Workflow file for this run

	name: (Docker) Build and Publish

	on:
	push:
	tags:
	- '**'
	branches:
	- master
	pull_request:
	branches:
	- '**'
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}
	cancel-in-progress: false

	permissions:
	id-token: write
	contents: read
	actions: read

	jobs:
	changes:
	runs-on: ubuntu-latest
	permissions:
	pull-requests: read
	contents: read
	outputs:
	images-to-build: ${{ steps.filter.outputs.changes }}
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4

	- uses: dorny/paths-filter@v3
	id: filter
	with:
	filters: \|
	deep-prove-worker:
	- 'zkml/**'
	- 'deep-prove/**'
	- 'mpcs/**'
	- 'docker/deep-prove-worker.dockerfile'
	- '.github/workflows/docker.yml'
	deep-prove-aws-client:
	- 'zkml/**'
	- 'deep-prove/**'
	- 'mpcs/**'
	- 'docker/deep-prove-aws-client.dockerfile'
	- '.github/workflows/docker.yml'
	deep-prove-aws-worker:
	- 'zkml/**'
	- 'deep-prove/**'
	- 'mpcs/**'
	- 'docker/deep-prove-aws-worker.dockerfile'
	- '.github/workflows/docker.yml'
	build:
	name: Build Docker Image
	needs: changes
	if: ${{ needs.changes.outputs.images-to-build != '[]' && needs.changes.outputs.images-to-build != '' \|\| github.ref == 'refs/heads/master' \|\| startsWith(github.ref, 'refs/tags/v') }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	image: ${{ fromJSON(needs.changes.outputs.images-to-build) }}

	steps:
	- uses: actions/checkout@v4
	with:
	submodules: "recursive"

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	run: \|
	IMAGE_NAME="${{ matrix.image }}"
	docker build \
	-t $IMAGE_NAME:${{ github.sha }} \
	-f docker/${{ matrix.image }}.dockerfile \
	.

	- name: List Docker images
	run: docker images

	- name: Package Docker image
	run: \|
	IMAGE_NAME="${{ matrix.image }}"
	docker save -o /tmp/$IMAGE_NAME-${{ github.sha }}.tar $IMAGE_NAME:${{ github.sha }}

	- name: Save Docker image as artifact
	id: save_image
	uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.image }}-${{ github.sha }}
	path: /tmp/${{ matrix.image }}-${{ github.sha }}.tar

	private-push:
	name: Push Docker Images to AWS
	runs-on: ubuntu-latest
	needs:
	- changes
	- build
	strategy:
	fail-fast: false
	matrix:
	environment: [devnet, testnet, mainnet]
	image: ${{ fromJSON(needs.changes.outputs.images-to-build) }}
	include:
	- environment: devnet
	aws_account_id: ${{ vars.ZKMR_DEVNET_AWS_ACCOUNT_ID }}
	- environment: testnet
	aws_account_id: ${{ vars.ZKMR_TESTNET_AWS_ACCOUNT_ID }}
	- environment: mainnet
	aws_account_id: ${{ vars.ZKMR_MAINNET_AWS_ACCOUNT_ID }}
	steps:
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: arn:aws:iam::${{ matrix.aws_account_id }}:role/github-actions-ecr-access-role
	role-session-name: github-actions-ecr-access-role
	aws-region: ${{ vars.ZKMR_AWS_REGION }}

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Download Docker image from artifact
	uses: actions/download-artifact@v5
	with:
	name: ${{ matrix.image }}-${{ github.sha }}
	path: /tmp

	- name: Load Docker image
	run: \|
	IMAGE_NAME="${{ matrix.image }}"
	docker load -i /tmp/$IMAGE_NAME-${{ github.sha }}.tar

	- name: Push Docker image to ECR
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	run: \|
	IMAGE_NAME="${{ matrix.image }}"
	TAG=$(echo ${{ github.ref_name }} \| tr "[]/" -)
	docker tag "$IMAGE_NAME":${{ github.sha }} "$ECR_REGISTRY"/"$IMAGE_NAME":${{ github.sha }}
	docker tag "$IMAGE_NAME":${{ github.sha }} "$ECR_REGISTRY"/"$IMAGE_NAME":"$TAG"
	docker push "$ECR_REGISTRY"/"$IMAGE_NAME":${{ github.sha }}
	docker push "$ECR_REGISTRY"/"$IMAGE_NAME":"$TAG"

	if [[ ${{ github.ref }} == 'refs/heads/master' ]]; then
	docker tag "$IMAGE_NAME":${{ github.sha }} "$ECR_REGISTRY"/"$IMAGE_NAME":latest
	docker push "$ECR_REGISTRY"/"$IMAGE_NAME":latest
	fi

	if [[ ${{ github.ref }} == refs/tags/v* ]]; then
	docker tag "$IMAGE_NAME":${{ github.sha }} "$ECR_REGISTRY"/"$IMAGE_NAME":"$TAG"
	docker push "$ECR_REGISTRY"/"$IMAGE_NAME":"$TAG"
	fi
	public-push:
	name: Push Docker Images to Docker hub
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- name: Log in to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Download Docker image from artifact
	uses: actions/download-artifact@v5
	with:
	name: deep-prove-worker-${{ github.sha }}
	path: /tmp

	- name: Load Docker image
	run: \|
	docker load -i /tmp/deep-prove-worker-${{ github.sha }}.tar

	- name: Push to public repo
	run: \|
	if [[ ${{ github.ref_name }} == 'master' ]]; then
	tag=latest
	else
	tag=$(echo ${{ github.ref_name }} \| tr "[]/" -)
	fi
	docker tag deep-prove-worker:${{ github.sha }} lagrangelabs/deep-prove-worker:"$tag"
	docker push lagrangelabs/deep-prove-worker:"$tag"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: bump actions/download-artifact from 4 to 5 #390

Workflow file

ci: bump actions/download-artifact from 4 to 5 #390

Uh oh!

Workflow file for this run