From 69c9645fa59e7c9c21f713eaf4cccb3bb708a3d1 Mon Sep 17 00:00:00 2001 From: Nathan Klick Date: Fri, 22 Mar 2024 16:16:32 -0500 Subject: [PATCH] chore(ci): convert to reusable workflow Signed-off-by: Nathan Klick --- .../node-zxc-build-release-artifact.yaml | 152 +-------------- .../zxc-publish-production-image.yaml | 184 ++++++++++++++++++ 2 files changed, 191 insertions(+), 145 deletions(-) create mode 100644 .github/workflows/zxc-publish-production-image.yaml diff --git a/.github/workflows/node-zxc-build-release-artifact.yaml b/.github/workflows/node-zxc-build-release-artifact.yaml index 04f0d3c51ef4..bef404da229c 100644 --- a/.github/workflows/node-zxc-build-release-artifact.yaml +++ b/.github/workflows/node-zxc-build-release-artifact.yaml @@ -532,154 +532,16 @@ jobs: printf "\n\n" >> "${GITHUB_STEP_SUMMARY}" gcp-production-image: - name: Publish Production Image (GCP) - runs-on: [self-hosted, Linux, large, ephemeral] + name: Publish Production Image + uses: ./.github/workflows/zxc-publish-production-image.yaml needs: - validate - build-artifact - steps: - - name: Checkout Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Restore Build Artifacts - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - fail-on-cache-miss: true - path: ~/artifact-build - key: node-build-artifacts-${{ needs.validate.outputs.version }}-${{ github.sha }} - - - name: Authenticate to Google Cloud - id: google-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 - if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }} - with: - token_format: 'access_token' - workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions" - service_account: "swirlds-automation@hedera-registry.iam.gserviceaccount.com" - - - name: Commit Information - id: commit - run: | - echo "source-date=$(git log -1 --pretty=%ct)" >> "${GITHUB_OUTPUT}" - - - name: Set Image Registry - id: set-registry - run: | - DOCKER_REGISTRY="gcr.io" - [[ "${{ inputs.version-policy }}" == "branch-commit" ]] && DOCKER_REGISTRY="us-docker.pkg.dev" - echo "docker-registry=${DOCKER_REGISTRY}" >>"${GITHUB_OUTPUT}" - - DOCKER_TAG_BASE="gcr.io/hedera-registry" - if [[ "${{ inputs.version-policy }}" == "branch-commit" && "${{ inputs.dry-run-enabled }}" != true ]]; then - DOCKER_TAG_BASE="us-docker.pkg.dev/swirlds-registry/docker-adhoc-commits" - elif [[ "${{ inputs.dry-run-enabled }}" == true ]]; then - DOCKER_TAG_BASE="localhost:5000" - fi - - echo "docker-tag-base=${DOCKER_TAG_BASE}" >>"${GITHUB_OUTPUT}" - - - name: Install KillAll - run: sudo apt-get update && sudo apt-get install --yes --no-install-recommends psmisc - - - name: Create Docker Working Directory - run: | - USER="$(id -un)" - GROUP="$(id -gn)" - sudo mkdir -p /x - sudo chown -vR ${USER}:${GROUP} /x - sudo ls -lah /x - - - name: Remove Docker from Self Hosted Runners - run: | - set -x - sudo killall dockerd || true - sudo killall containerd || true - sudo rm -rvf /usr/bin/*containerd* || true - sudo rm -rvf /usr/bin/docker* || true - sudo rm -rvf /usr/local/bin/docker* || true - sudo rm -rvf /usr/local/bin/*lima* || true - - - name: Setup Containerd Support - uses: crazy-max/ghaction-setup-containerd@60acbf31e6572da7b83a4ed6b428ed92a35ff4d7 # v3.0.0 - with: - containerd-version: v1.7.2 - - - name: Setup Docker Support - uses: crazy-max/ghaction-setup-docker@d9be6cade441568ba10037bce5221b8f564981f1 # v3.0.0 - env: - HOME: /x - with: - version: v24.0.7 - - - name: Configure Default Docker Context - run: | - set -x - if grep setup-docker-action < <(docker context ls --format '{{ .Name }}') >/dev/null; then - docker context rm -f setup-docker-action - fi - - DOCKER_CONTEXT_PATH="$(sudo find /x -name docker.sock | tr -d '[:space:]')" - docker context create setup-docker-action --docker "host=unix://${DOCKER_CONTEXT_PATH}" - docker context use setup-docker-action - - - name: Setup QEmu Support - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - - name: Setup Docker Buildx Support - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - with: - version: v0.12.0 - driver-opts: network=host - - - name: Setup Local Docker Registry - if: ${{ inputs.dry-run-enabled == true && !cancelled() && !failure() }} - run: docker run -d -p 5000:5000 --restart=always --name registry registry:latest - - - name: Docker Login - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }} - with: - registry: ${{ steps.set-registry.outputs.docker-registry }} - username: oauth2accesstoken - password: ${{ steps.google-auth.outputs.access_token }} - - - name: Stage SDK Artifacts - run: | - mkdir -p hedera-node/infrastructure/docker/containers/production-next/hedera-network-node/sdk - cp -rvf ~/artifact-build/* hedera-node/infrastructure/docker/containers/production-next/hedera-network-node/sdk/ - - - name: Build Network Node Image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - env: - SOURCE_DATE_EPOCH: ${{ steps.commit.outputs.source-date }} - with: - push: true - no-cache: true - platforms: linux/amd64,linux/arm64 - build-args: | - SOURCE_DATE_EPOCH=${{ steps.commit.outputs.source-date }} - context: hedera-node/infrastructure/docker/containers/production-next/hedera-network-node - tags: ${{ steps.set-registry.outputs.docker-tag-base }}/hedera-network-node:${{ needs.validate.outputs.version }} - - - name: Render Job Summary - run: | - NETWORK_NODE_MAIN_LINK="Not Applicable" - - if [[ "${{ inputs.dry-run-enabled }}" != true ]]; then - NETWORK_NODE_MAIN_LINK="[GCP Console](https://${{ steps.set-registry.outputs.docker-tag-base }}/hedera-network-node:${{ needs.validate.outputs.version }})" - fi - - printf "### Published Docker Images\n" >> "${GITHUB_STEP_SUMMARY}" - printf "| Image Name | Version | URL | Supported Architectures |\n" >> "${GITHUB_STEP_SUMMARY}" - printf "| ---------- | ------- | --- | ----------------------- |\n" >> "${GITHUB_STEP_SUMMARY}" - - printf "| %s | %s | %s | %s |\n" \ - "${{ steps.set-registry.outputs.docker-tag-base }}/main-network-node" \ - "${{ needs.validate.outputs.version }}" \ - "${NETWORK_NODE_MAIN_LINK}" \ - "linux/amd64, linux/arm64" >> "${GITHUB_STEP_SUMMARY}" - - printf "\n\n" >> "${GITHUB_STEP_SUMMARY}" + with: + version: ${{ needs.validate.outputs.version }} + version-policy: ${{ inputs.version-policy }} + dry-run-enabled: ${{ inputs.dry-run-enabled }} + custom-job-name: "GCP" evm-mc-publish: name: Publish EVM to Maven Central diff --git a/.github/workflows/zxc-publish-production-image.yaml b/.github/workflows/zxc-publish-production-image.yaml new file mode 100644 index 000000000000..dd3f1eb09436 --- /dev/null +++ b/.github/workflows/zxc-publish-production-image.yaml @@ -0,0 +1,184 @@ +name: "ZXC: Publish Production Image" +on: + workflow_call: + inputs: + version: + description: "Version:" + type: string + required: true + # Valid version policies are as follows: specified, branch-commit, adhoc-commit + version-policy: + description: "Version Policy:" + type: string + required: true + dry-run-enabled: + description: "Perform Dry Run" + type: boolean + required: false + default: false + custom-job-name: + description: "Custom Job Name:" + required: false + type: string + default: "GCP" + outputs: + + +defaults: + run: + shell: bash + +env: + LC_ALL: C.UTF-8 + +permissions: + id-token: write + contents: read + +jobs: + publish-image: + name: ${{ inputs.custom-job-name || 'GCP' }} + runs-on: [self-hosted, Linux, large, ephemeral] + steps: + - name: Checkout Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Restore Build Artifacts + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + fail-on-cache-miss: true + path: ~/artifact-build + key: node-build-artifacts-${{ inputs.version }}-${{ github.sha }} + + - name: Authenticate to Google Cloud + id: google-auth + uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }} + with: + token_format: 'access_token' + workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions" + service_account: "swirlds-automation@hedera-registry.iam.gserviceaccount.com" + + - name: Commit Information + id: commit + run: | + echo "source-date=$(git log -1 --pretty=%ct)" >> "${GITHUB_OUTPUT}" + + - name: Set Image Registry + id: set-registry + run: | + DOCKER_REGISTRY="gcr.io" + [[ "${{ inputs.version-policy }}" == "branch-commit" ]] && DOCKER_REGISTRY="us-docker.pkg.dev" + echo "docker-registry=${DOCKER_REGISTRY}" >>"${GITHUB_OUTPUT}" + + DOCKER_TAG_BASE="gcr.io/hedera-registry" + if [[ "${{ inputs.version-policy }}" == "branch-commit" && "${{ inputs.dry-run-enabled }}" != true ]]; then + DOCKER_TAG_BASE="us-docker.pkg.dev/swirlds-registry/docker-adhoc-commits" + elif [[ "${{ inputs.dry-run-enabled }}" == true ]]; then + DOCKER_TAG_BASE="localhost:5000" + fi + + echo "docker-tag-base=${DOCKER_TAG_BASE}" >>"${GITHUB_OUTPUT}" + + - name: Install KillAll + run: sudo apt-get update && sudo apt-get install --yes --no-install-recommends psmisc + + - name: Create Docker Working Directory + run: | + USER="$(id -un)" + GROUP="$(id -gn)" + sudo mkdir -p /x + sudo chown -vR ${USER}:${GROUP} /x + sudo ls -lah /x + + - name: Remove Docker from Self Hosted Runners + run: | + set -x + sudo killall dockerd || true + sudo killall containerd || true + sudo rm -rvf /usr/bin/*containerd* || true + sudo rm -rvf /usr/bin/docker* || true + sudo rm -rvf /usr/local/bin/docker* || true + sudo rm -rvf /usr/local/bin/*lima* || true + + - name: Setup Containerd Support + uses: crazy-max/ghaction-setup-containerd@60acbf31e6572da7b83a4ed6b428ed92a35ff4d7 # v3.0.0 + with: + containerd-version: v1.7.2 + + - name: Setup Docker Support + uses: crazy-max/ghaction-setup-docker@d9be6cade441568ba10037bce5221b8f564981f1 # v3.0.0 + env: + HOME: /x + with: + version: v24.0.7 + + - name: Configure Default Docker Context + run: | + set -x + if grep setup-docker-action < <(docker context ls --format '{{ .Name }}') >/dev/null; then + docker context rm -f setup-docker-action + fi + + DOCKER_CONTEXT_PATH="$(sudo find /x -name docker.sock | tr -d '[:space:]')" + docker context create setup-docker-action --docker "host=unix://${DOCKER_CONTEXT_PATH}" + docker context use setup-docker-action + + - name: Setup QEmu Support + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Setup Docker Buildx Support + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: v0.12.0 + driver-opts: network=host + + - name: Setup Local Docker Registry + if: ${{ inputs.dry-run-enabled == true && !cancelled() && !failure() }} + run: docker run -d -p 5000:5000 --restart=always --name registry registry:latest + + - name: Docker Login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }} + with: + registry: ${{ steps.set-registry.outputs.docker-registry }} + username: oauth2accesstoken + password: ${{ steps.google-auth.outputs.access_token }} + + - name: Stage SDK Artifacts + run: | + mkdir -p hedera-node/infrastructure/docker/containers/production-next/hedera-network-node/sdk + cp -rvf ~/artifact-build/* hedera-node/infrastructure/docker/containers/production-next/hedera-network-node/sdk/ + + - name: Build Network Node Image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + env: + SOURCE_DATE_EPOCH: ${{ steps.commit.outputs.source-date }} + with: + push: true + no-cache: true + platforms: linux/amd64,linux/arm64 + build-args: | + SOURCE_DATE_EPOCH=${{ steps.commit.outputs.source-date }} + context: hedera-node/infrastructure/docker/containers/production-next/hedera-network-node + tags: ${{ steps.set-registry.outputs.docker-tag-base }}/hedera-network-node:${{ inputs.version }} + + - name: Render Job Summary + run: | + NETWORK_NODE_MAIN_LINK="Not Applicable" + + if [[ "${{ inputs.dry-run-enabled }}" != true ]]; then + NETWORK_NODE_MAIN_LINK="[GCP Console](https://${{ steps.set-registry.outputs.docker-tag-base }}/hedera-network-node:${{ inputs.version }})" + fi + + printf "### Published Docker Images\n" >> "${GITHUB_STEP_SUMMARY}" + printf "| Image Name | Version | URL | Supported Architectures |\n" >> "${GITHUB_STEP_SUMMARY}" + printf "| ---------- | ------- | --- | ----------------------- |\n" >> "${GITHUB_STEP_SUMMARY}" + + printf "| %s | %s | %s | %s |\n" \ + "${{ steps.set-registry.outputs.docker-tag-base }}/main-network-node" \ + "${{ inputs.version }}" \ + "${NETWORK_NODE_MAIN_LINK}" \ + "linux/amd64, linux/arm64" >> "${GITHUB_STEP_SUMMARY}" + + printf "\n\n" >> "${GITHUB_STEP_SUMMARY}"