Skip to content

Merge branch 'add-upload-token' #107

Merge branch 'add-upload-token'

Merge branch 'add-upload-token' #107

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.
name: Create and publish a Docker images
on:
push: {}
env:
REGISTRY: ghcr.io
IMAGE_BASE_NAME: ${{ github.repository_owner }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
app:
- name: web_proxy
- name: static_datastore_builder
- name: public_node
env:
OUTPUTS_DIR: /tmp/outputs
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
"${{ env.REGISTRY }}/${{ env.IMAGE_BASE_NAME }}/${{ matrix.app.name }}"
tags: |
type=ref,event=branch,prefix=branch-
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push
id: build_and_push
uses: docker/build-push-action@v4
with:
context: .
file: build/docker/Dockerfile.${{ matrix.app.name }}
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/riscv64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Prepare artifacts
run: |
mkdir -p "$OUTPUTS_DIR"
jq -c '{
"${{ matrix.app.name }}": (
"${{ env.REGISTRY }}/${{ env.IMAGE_BASE_NAME }}/${{ matrix.app.name }}@" + .["containerimage.digest"]
)
}' <<EOF >> "$OUTPUTS_DIR/image"
${{ steps.build_and_push.outputs.metadata }}
EOF
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: image_${{ matrix.app.name }}
path: ${{ env.OUTPUTS_DIR }}/image
images:
runs-on: ubuntu-latest
needs: build-and-push-image
env:
OUTPUTS_DIR: /tmp/outputs
outputs:
images: ${{ steps.images.outputs.images }}
steps:
- uses: actions/download-artifact@v3
with:
path: /tmp/outputs
- run: ls /tmp/outputs || true
- run: cat /tmp/outputs/*/image || true
- id: images
run: echo "images=$( cat /tmp/outputs/*/image | jq -sc add )" >> "$GITHUB_OUTPUT"
test-docker-images:
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
needs: images
strategy:
matrix:
arch:
- linux/amd64
- linux/arm/v6
- linux/arm/v7
- linux/arm64
- linux/riscv64
env:
IMG_STATIC_DATASTORE_BUILDER: ${{ fromJSON(needs.images.outputs.images).static_datastore_builder }}
IMG_PUBLIC_NODE: ${{ fromJSON(needs.images.outputs.images).public_node }}
IMG_WEB_PROXY: ${{ fromJSON(needs.images.outputs.images).web_proxy }}
NETWORK_NAME: "cinode/${{ matrix.arch }}"
steps:
- name: Dump docker images info
run: |
jq . <<EOF
${{ needs.images.outputs.images }}
EOF
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Compile simple dataset
run: |
mkdir /tmp/cinode
docker run \
--platform "${{ matrix.arch }}" \
--rm \
--interactive \
--read-only \
--volume "/tmp/cinode:/tmp" \
--volume "$(pwd)/testvectors:/data:ro" \
--user $(id -u ${USER}):$(id -g ${USER}) \
"$IMG_STATIC_DATASTORE_BUILDER" \
compile \
--source /data \
--destination /tmp/encrypted \
> /tmp/cinode/compile_result.json
- name: Create docker network
run: |
docker network create "$NETWORK_NAME"
- name: Run public datastore node
run: |
docker run \
--platform "${{ matrix.arch }}" \
--detach \
--read-only \
--network "$NETWORK_NAME" \
--volume "/tmp/cinode/encrypted:/data:ro" \
--env CINODE_MAIN_DATASTORE=/data \
--name datastore \
"$IMG_PUBLIC_NODE"
- name: Run web proxy
run: |
docker run \
--platform "${{ matrix.arch }}" \
--detach \
--read-only \
--network "$NETWORK_NAME" \
--env CINODE_ENTRYPOINT="$( cat /tmp/cinode/compile_result.json | jq -r .entrypoint )" \
--env CINODE_ADDITIONAL_DATASTORE_1="http://datastore:8080/" \
--name web_proxy \
"$IMG_WEB_PROXY"
- name: Inspect docker environment
run: docker ps
- name: Check if can fetch files from cinode proxy
run: |
docker run \
--rm \
--interactive \
--network "$NETWORK_NAME" \
--read-only \
--mount type=tmpfs,destination=/tmp \
--volume "$(pwd)/testvectors:/data:ro" \
--user $(id -u ${USER}):$(id -g ${USER}) \
curlimages/curl \
sh \
-c '
set -euo pipefail
cd /data
while read f; do
FILE_HASH="$( cat "$f" | sha256sum )"
WEB_HASH="$( curl -s "http://web_proxy:8080/${f}" | sha256sum )"
echo "${FILE_HASH} ${f}"
diff <( echo "$FILE_HASH" ) <( echo "$WEB_HASH" )
done < <( find . -type f -print )
'
- name: Dump datastore logs
if: always()
run: docker logs datastore
- name: Dump web_proxy logs
if: always()
run: docker logs web_proxy
- name: Inspect docker environment
if: always()
run: docker ps