Skip to content

Commit

Permalink
[github-actions] move DockerHub publish job into a separate workflow
Browse files Browse the repository at this point in the history
Also, this fixes the bug where the DockerHub username and password
secrets are unavailable in the DockerHub login step.

[This
failure](https://github.com/SiliconLabs/ot-efr32/actions/runs/9681942492/job/26713977695)
is caused by a bug I accidentally introduced in
openthread#896. The secrets consumed by
a reusable workflow must be defined as inputs.

See this for more details
https://docs.github.com/en/actions/sharing-automations/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
  • Loading branch information
lmnotran committed Aug 12, 2024
1 parent 6a68b30 commit ebbb866
Show file tree
Hide file tree
Showing 3 changed files with 119 additions and 52 deletions.
32 changes: 22 additions & 10 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
cancel-in-progress: true

env:
TOOLCHAIN_DIR: .toolchain
DOCKER_IMAGE_SHA_TAG: siliconlabsinc/ot-efr32-dev:${{ github.sha }}

jobs:
docker:
name: Docker
Expand All @@ -52,10 +48,13 @@ jobs:
arm-gcc:
name: Arm GNU Toolchain ${{ matrix.gcc_ver }}
runs-on: ubuntu-22.04
needs: docker
needs: [docker]
continue-on-error: true
permissions:
contents: read
env:
container_name: ot-efr32-dev
TOOLCHAIN_DIR: .toolchain
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -91,20 +90,20 @@ jobs:
- name: Download Docker image
uses: actions/download-artifact@v4
with:
name: ot-efr32-dev
name: ${{ needs.docker.outputs.artifact_name }}

- name: Load docker image
run: docker load -i ot-efr32-dev.tar
run: docker load -i ${{ needs.docker.outputs.image_name }}.tar

- name: Start ot-efr32-dev container
run: |
docker run \
--rm -it -d \
--user $(id -u) \
--name ot-efr32-dev \
--name ${{ env.container_name }} \
--env CCACHE_DIR=/ot-efr32/.ccache \
-v $PWD:/ot-efr32 -w /ot-efr32\
${{ env.DOCKER_IMAGE_SHA_TAG }}
${{ needs.docker.outputs.image_name }}
- name: Append LFS include config to simplicity_sdk .lfsconfig
run: |
Expand All @@ -125,7 +124,7 @@ jobs:
run: git -C third_party/silabs/simplicity_sdk lfs pull

- name: Build
run: docker exec ot-efr32-dev bash -c 'PATH=${{ env.TOOLCHAIN_DIR }}/${{ matrix.gcc_extract_dir }}/bin:$PATH script/test'
run: docker exec ${{ env.container_name }} bash -c 'PATH=${{ env.TOOLCHAIN_DIR }}/${{ matrix.gcc_extract_dir }}/bin:$PATH script/test'

- name: Gather SLC generated files
if: failure()
Expand All @@ -144,3 +143,16 @@ jobs:
with:
name: build-${{ matrix.gcc_ver }}
path: artifact

dockerhub-publish:
name: DockerHub Publish
uses: ./.github/workflows/dockerhub-publish.yml
needs: [docker, arm-gcc]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository_owner == 'SiliconLabs'
with:
artifact_name: ${{ needs.docker.outputs.artifact_name }}
image_name: ${{ needs.docker.outputs.image_name }}
new_image_name: siliconlabs/ot-efr32-dev:latest
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_PERSONAL_ACCESS_TOKEN }}
63 changes: 21 additions & 42 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,19 @@

name: Docker

env:
artifact_name: ot-efr32-dev
image_name: ot-efr32-dev-${{ github.sha }}

on:
workflow_call:

env:
DOCKER_IMAGE_SHA_TAG: siliconlabsinc/ot-efr32-dev:${{ github.sha }}
DOCKER_IMAGE_LATEST_TAG: siliconlabsinc/ot-efr32-dev:latest
outputs:
artifact_name:
description: 'The name of the artifact containing the docker image'
value: ${{ jobs.build.outputs.artifact_name }}
image_name:
description: 'The name of the docker image'
value: ${{ jobs.build.outputs.image_name}}

jobs:
metadata:
Expand All @@ -45,6 +52,9 @@ jobs:
needs: metadata
permissions:
contents: read
outputs:
artifact_name: ${{ env.artifact_name }}
image_name: ${{ env.image_name }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
Expand All @@ -69,12 +79,12 @@ jobs:
file: docker/Dockerfile
load: true
tags: |
${{ env.DOCKER_IMAGE_SHA_TAG }}
${{ env.image_name }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Inspect Docker image
run: docker inspect ${{ env.DOCKER_IMAGE_SHA_TAG }}
run: docker inspect ${{ env.image_name }}

- name: Container image sanity checks
run: |
Expand All @@ -83,45 +93,14 @@ jobs:
&& chmod +x container-structure-test-linux-amd64
# Run tests
./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.DOCKER_IMAGE_SHA_TAG }}
./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.image_name }}
- name: Export Docker image
run: docker save -o ot-efr32-dev.tar ${{ env.DOCKER_IMAGE_SHA_TAG }}
run: docker save -o ${{ env.image_name }}.tar ${{ env.image_name }}

- name: Upload Docker image
id: upload-artifact
uses: actions/upload-artifact@v4
with:
name: ot-efr32-dev
path: ot-efr32-dev.tar

publish-dockerhub:
name: Tag `latest` and publish to DockerHub
runs-on: ubuntu-22.04
needs: [metadata, build]
if: |
github.repository == 'SiliconLabs/ot-efr32' &&
github.event_name != 'pull_request' &&
github.ref == 'refs/heads/main'
steps:
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Download Docker image
uses: actions/download-artifact@v4
with:
name: ot-efr32-dev

- name: Load Docker image
run: docker load -i ot-efr32-dev.tar

- name: Tag Docker image
run: |
docker tag ${{ env.DOCKER_IMAGE_SHA_TAG }} ${{ env.DOCKER_IMAGE_LATEST_TAG }}
- name: Push Docker image
run: |
docker push ${{ env.DOCKER_IMAGE_LATEST_TAG }}
name: ${{ env.artifact_name }}
path: ${{ env.image_name }}.tar
76 changes: 76 additions & 0 deletions .github/workflows/dockerhub-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
#
# Copyright (c) 2023, The OpenThread Authors.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of the copyright holder nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#

name: Download docker image artifact and publish to DockerHub

on:
workflow_call:
inputs:
artifact_name:
description: 'The name of the artifact containing the docker image'
type: string
required: true
image_name:
description: 'The name of the docker image'
type: string
required: true
new_image_name:
description: 'The new name of the docker image'
type: string
required: false
secrets:
DOCKERHUB_USERNAME:
description: 'DockerHub username'
DOCKERHUB_PERSONAL_ACCESS_TOKEN:
description: 'DockerHub personal access token'

jobs:
publish:
name: Tag `latest` and publish to DockerHub
runs-on: ubuntu-22.04
steps:
- name: Login to DockerHub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PERSONAL_ACCESS_TOKEN }}

- name: 'Download artifact'
uses: actions/download-artifact@v4
with:
name: ${{ github.event.inputs.artifact_name }}

- name: Load Docker image
run: docker load -i ${{ github.event.inputs.image_name }}.tar

- name: Tag Docker image
if: github.event.inputs.new_image_name
run: docker tag ${{ github.event.inputs.image_name }} ${{ github.event.inputs.new_image_name }}

- name: Push Docker image
run: docker push ${{ github.event.inputs.new_image_tag || github.event.inputs.image_name }}

0 comments on commit ebbb866

Please sign in to comment.