From fa16c15b06dc23e2fa3ffd4f4d69c125218e5ed8 Mon Sep 17 00:00:00 2001
From: Nathan Klick <nathan@swirldslabs.com>
Date: Fri, 22 Mar 2024 17:16:01 -0500
Subject: [PATCH] feat: add jfrog support

Signed-off-by: Nathan Klick <nathan@swirldslabs.com>
---
 .../node-flow-deploy-adhoc-artifact.yaml      |  4 ++
 .../node-zxc-build-release-artifact.yaml      | 35 +++++++++-
 .../zxc-publish-production-image.yaml         | 67 +++++++++++++++++--
 3 files changed, 99 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/node-flow-deploy-adhoc-artifact.yaml b/.github/workflows/node-flow-deploy-adhoc-artifact.yaml
index b17591aa6e0c..b2bcb95fa4c1 100644
--- a/.github/workflows/node-flow-deploy-adhoc-artifact.yaml
+++ b/.github/workflows/node-flow-deploy-adhoc-artifact.yaml
@@ -70,3 +70,7 @@ jobs:
       sdk-gpg-key-contents: ${{ secrets.PLATFORM_GPG_KEY_CONTENTS }}
       sdk-gpg-key-passphrase: ${{ secrets.PLATFORM_GPG_KEY_PASSPHRASE }}
       slack-webhook-url: ${{ secrets.PLATFORM_SLACK_RELEASE_WEBHOOK }}
+      jf-url: ${{ vars.JF_URL }}
+      jf-docker-registry: ${{ vars.JF_DOCKER_REGISTRY }}
+      jf-user-name: ${{ vars.JF_USER_NAME }}
+      jf-access-token: ${{ secrets.JF_ACCESS_TOKEN }}
diff --git a/.github/workflows/node-zxc-build-release-artifact.yaml b/.github/workflows/node-zxc-build-release-artifact.yaml
index bef404da229c..a595b323d47e 100644
--- a/.github/workflows/node-zxc-build-release-artifact.yaml
+++ b/.github/workflows/node-zxc-build-release-artifact.yaml
@@ -91,6 +91,14 @@ on:
         required: true
       slack-webhook-url:
         required: true
+      jf-url:
+        required: true
+      jf-user-name:
+        required: true
+      jf-docker-registry:
+        required: true
+      jf-access-token:
+        required: true
       jenkins-integration-url:
         required: false
 
@@ -541,7 +549,31 @@ jobs:
       version: ${{ needs.validate.outputs.version }}
       version-policy: ${{ inputs.version-policy }}
       dry-run-enabled: ${{ inputs.dry-run-enabled }}
-      custom-job-name: "GCP"
+      registry-name: gcp
+      custom-job-name: "Publish Production Image (GCP)"
+    secrets:
+      jf-url: ${{ secrets.jf-url }}
+      jf-user-name: ${{ secrets.jf-user-name }}
+      jf-docker-registry: ${{ secrets.jf-docker-registry }}
+      jf-access-token: ${{ secrets.jf-access-token }}
+
+  jfr-production-image:
+    name: Publish Production Image
+    uses: ./.github/workflows/zxc-publish-production-image.yaml
+    needs:
+      - validate
+      - build-artifact
+    with:
+      version: ${{ needs.validate.outputs.version }}
+      version-policy: ${{ inputs.version-policy }}
+      dry-run-enabled: ${{ inputs.dry-run-enabled }}
+      registry-name: jfrog
+      custom-job-name: "Publish Production Image (JFrog)"
+    secrets:
+      jf-url: ${{ secrets.jf-url }}
+      jf-user-name: ${{ secrets.jf-user-name }}
+      jf-docker-registry: ${{ secrets.jf-docker-registry }}
+      jf-access-token: ${{ secrets.jf-access-token }}
 
   evm-mc-publish:
     name: Publish EVM to Maven Central
@@ -805,6 +837,7 @@ jobs:
       - validate
       - local-node-images
       - gcp-production-image
+      - jfr-production-image
       - evm-mc-publish
       - sdk-publish
     if: ${{ inputs.dry-run-enabled != true && inputs.version-policy == 'specified' && !cancelled() && !failure() }}
diff --git a/.github/workflows/zxc-publish-production-image.yaml b/.github/workflows/zxc-publish-production-image.yaml
index c4f16884e683..868e3f33be34 100644
--- a/.github/workflows/zxc-publish-production-image.yaml
+++ b/.github/workflows/zxc-publish-production-image.yaml
@@ -11,6 +11,11 @@ on:
         description: "Version Policy:"
         type: string
         required: true
+      # Valid registry names are as follows: gcp, jfrog
+      registry-name:
+        description: "Registry Name (gcp or jfrog):"
+        type: string
+        required: true
       dry-run-enabled:
         description: "Perform Dry Run"
         type: boolean
@@ -25,6 +30,21 @@ on:
       docker-image:
         description: "Docker Image:"
         value: ${{ jobs.publish-image.outputs.docker-image }}
+      docker-image-prefix:
+        description: "Docker Image Prefix:"
+        value: ${{ jobs.publish-image.outputs.docker-image-prefix }}
+      docker-image-tag:
+        description: "Docker Image Tag:"
+        value: ${{ jobs.publish-image.outputs.docker-image-tag }}
+    secrets:
+      jf-url:
+        required: true
+      jf-user-name:
+        required: true
+      jf-docker-registry:
+        required: true
+      jf-access-token:
+        required: true
 
 defaults:
   run:
@@ -43,6 +63,8 @@ jobs:
     runs-on: [self-hosted, Linux, large, ephemeral]
     outputs:
       docker-image: ${{ steps.set-registry.outputs.docker-tag-base }}/consensus-node:${{ inputs.version }}
+      docker-image-prefix: ${{ steps.set-registry.outputs.docker-tag-base }}
+      docker-image-tag: ${{ inputs.version }}
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -57,12 +79,27 @@ jobs:
       - name: Authenticate to Google Cloud
         id: google-auth
         uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
-        if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }}
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'gcp' && !cancelled() && !failure() }}
         with:
           token_format: 'access_token'
           workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
           service_account: "swirlds-automation@hedera-registry.iam.gserviceaccount.com"
 
+      - name: Setup JFrog CLI
+        uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'jfrog' && !cancelled() && !failure() }}
+        env:
+          JF_URL: ${{ secrets.jf-url }}
+          JF_ACCESS_TOKEN: ${{ secrets.jf-access-token }}
+
+      - name: Show JFrog Config
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'jfrog' && !cancelled() && !failure() }}
+        run: jfrog config show
+
+      - name: Verify JFrog Connectivity
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'jfrog' && !cancelled() && !failure() }}
+        run: jfrog rt ping
+
       - name: Commit Information
         id: commit
         run: |
@@ -72,12 +109,16 @@ jobs:
         id: set-registry
         run: |
           DOCKER_REGISTRY="gcr.io"
-          [[ "${{ inputs.version-policy }}" == "branch-commit" ]] && DOCKER_REGISTRY="us-docker.pkg.dev"
+          [[ "${{ inputs.version-policy }}" == "branch-commit" && "${{ inputs.registry-name }}" == "gcp" ]] && DOCKER_REGISTRY="us-docker.pkg.dev"
+          [[ "${{ inputs.registry-name }}" == "jfrog" ]] && DOCKER_REGISTRY="artifacts.swirldslabs.io"
           echo "docker-registry=${DOCKER_REGISTRY}" >>"${GITHUB_OUTPUT}"
 
           DOCKER_TAG_BASE="gcr.io/hedera-registry"
+          [[ "${{ inputs.registry-name }}" == "jfrog" ]] && DOCKER_TAG_BASE="artifacts.swirldslabs.io/consensus-node-docker-release"
+          
           if [[ "${{ inputs.version-policy }}" == "branch-commit" && "${{ inputs.dry-run-enabled }}" != true ]]; then
-             DOCKER_TAG_BASE="us-docker.pkg.dev/swirlds-registry/docker-adhoc-commits"
+             [[ "${{ inputs.registry-name }}" == "gcp" ]] && DOCKER_TAG_BASE="us-docker.pkg.dev/swirlds-registry/docker-adhoc-commits"
+             [[ "${{ inputs.registry-name }}" == "jfrog" ]] && DOCKER_TAG_BASE="artifacts.swirldslabs.io/consensus-node-docker-dev"
           elif [[ "${{ inputs.dry-run-enabled }}" == true ]]; then
              DOCKER_TAG_BASE="localhost:5000"
           fi
@@ -141,14 +182,22 @@ jobs:
         if: ${{ inputs.dry-run-enabled == true && !cancelled() && !failure() }}
         run: docker run -d -p 5000:5000 --restart=always --name registry registry:latest
 
-      - name: Docker Login
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        if: ${{ inputs.dry-run-enabled != true && !cancelled() && !failure() }}
+      - name: Docker Login (GCP)
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'gcp' && !cancelled() && !failure() }}
         with:
           registry: ${{ steps.set-registry.outputs.docker-registry }}
           username: oauth2accesstoken
           password: ${{ steps.google-auth.outputs.access_token }}
 
+      - name: Docker Login (JFrog)
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        if: ${{ inputs.dry-run-enabled != true && inputs.registry-name == 'jfrog' && !cancelled() && !failure() }}
+        with:
+          registry: ${{ steps.set-registry.outputs.docker-registry }}
+          username: ${{ secrets.jf-user-name }}
+          password: ${{ secrets.jf-access-token }}
+
       - name: Stage SDK Artifacts
         run: |
           mkdir -p hedera-node/infrastructure/docker/containers/production-next/consensus-node/sdk
@@ -173,6 +222,12 @@ jobs:
 
           if [[ "${{ inputs.dry-run-enabled }}" != true ]]; then
              CONSENSUS_NODE_LINK="[GCP Console](https://${{ steps.set-registry.outputs.docker-tag-base }}/consensus-node:${{ inputs.version }})"
+             if [[ "${{ inputs.registry-name }}" == "jfrog" ]]; then
+                if [[ "${{ inputs.version-policy }}" == "branch-commit" ]]; then
+                   CONSENSUS_NODE_LINK="[Artifactory](https://artifacts.swirldslabs.io/ui/native/consensus-node-docker-dev)"
+                else
+                   CONSENSUS_NODE_LINK="[Artifactory](https://artifacts.swirldslabs.io/ui/native/consensus-node-docker-release)"
+                fi
           fi
 
           printf "### Published Docker Images\n" >> "${GITHUB_STEP_SUMMARY}"