container-build #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build container image | |
on: | |
workflow_call: | |
workflow_dispatch: | |
inputs: | |
penumbra_version: | |
description: 'Git ref (e.g. branch or tag) of Penumbra repo for building' | |
default: "main" | |
required: true | |
# Support triggering builds from penumbra-zone/penumbra CI. | |
repository_dispatch: | |
types: | |
- container-build | |
inputs: | |
penumbra_version: | |
description: 'Git ref (e.g. branch or tag) of Penumbra repo for building' | |
default: "main" | |
required: true | |
push: | |
branches: | |
- main | |
tags: | |
- '**' | |
jobs: | |
hermes: | |
runs-on: buildjet-16vcpu-ubuntu-2004 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the Docker Hub container registry (for pulls) | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Log in to the GitHub container registry (for pushes) | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/penumbra-zone/hermes | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/amd64 | |
file: ci/release/Containerfile | |
push: true | |
# We include a tag with the associated Penumbra, e.g. `penumbra-v0.61.0`. | |
# This is important to maintain compatibility with a long-running testnet. | |
tags: ${{ steps.meta.outputs.tags }},ghcr.io/penumbra-zone/hermes:penumbra-${{ github.event.inputs.penumbra_version || 'main' }} | |
build-args: | | |
PENUMBRA_VERSION=${{ github.event.inputs.penumbra_version || 'main' }} | |
# We disable layer caching to ensure that the most recent penumbra repo is used. | |
# Otherwise, the static git url for the repo will always result in a cache hit. | |
# TODO: update with dynamic build-args using e.g. current date to bust cache. | |
no-cache: true | |
labels: ${{ steps.meta.outputs.labels }} |