diff --git a/.github/workflows/ci-with-tag.yml b/.github/workflows/ci-with-tag.yml new file mode 100644 index 000000000000..56ad0e69abab --- /dev/null +++ b/.github/workflows/ci-with-tag.yml @@ -0,0 +1,77 @@ +name: CI-trigger-by-tag + +on: + push: + tags: + - '*' +env: + REGION: us-east-1 + ECR_REGISTRY_ID: 553885929720 + +jobs: + ci-lint: + runs-on: [self-hosted,qa-infra-k8s] + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: static check + id: static-check + # TODO: developers need to add static check scripts + run: | + echo "static check" + ci-tests: + runs-on: [self-hosted,qa-infra-k8s] + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: unit tests + id: unit-tests + # TODO: developers need to add unit test scripts + run: | + echo "unit tests" + ci-build: + runs-on: [self-hosted,qa-infra-k8s] + needs: [ci-lint, ci-tests] + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 # More information on this action can be found below in the 'AWS Credentials' section + with: + role-to-assume: arn:aws:iam::553885929720:role/tf_nodereal_prod_ecr_cicd_deployment_assume_role + aws-region: us-east-1 + role-duration-seconds: 1800 + - name: Build, tag, and push image to Amazon ECR + env: + OP_NODE_IMAGE_REPO: op-node + OP_BATCHER_IMAGE_REPO: op-batcher + OP_PROPOSER_IMAGE_REPO: op-proposer + run: | + + OP_NODE_IMAGE_NAME="${ECR_REGISTRY_ID}.dkr.ecr.${REGION}.amazonaws.com/$OP_NODE_IMAGE_REPO:${GITHUB_REF#refs/*/}" + OP_BATCHER_IMAGE_NAME="${ECR_REGISTRY_ID}.dkr.ecr.${REGION}.amazonaws.com/$OP_BATCHER_IMAGE_REPO:${GITHUB_REF#refs/*/}" + OP_PROPOSER_IMAGE_NAME="${ECR_REGISTRY_ID}.dkr.ecr.${REGION}.amazonaws.com/$OP_PROPOSER_IMAGE_REPO:${GITHUB_REF#refs/*/}" + + aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${ECR_REGISTRY_ID}.dkr.ecr.${REGION}.amazonaws.com + + aws ecr --region $REGION describe-repositories --registry-id $ECR_REGISTRY_ID --repository-names $OP_NODE_IMAGE_REPO || aws ecr --region $REGION create-repository --registry-id $ECR_REGISTRY_ID --repository-name $OP_NODE_IMAGE_REPO + aws ecr --region $REGION set-repository-policy --registry-id $ECR_REGISTRY_ID --repository-name $OP_NODE_IMAGE_REPO --policy-text file:///home/runner/repo-access-permissions.json + + aws ecr --region $REGION describe-repositories --registry-id $ECR_REGISTRY_ID --repository-names $OP_BATCHER_IMAGE_REPO || aws ecr --region $REGION create-repository --registry-id $ECR_REGISTRY_ID --repository-name $OP_BATCHER_IMAGE_REPO + aws ecr --region $REGION set-repository-policy --registry-id $ECR_REGISTRY_ID --repository-name $OP_BATCHER_IMAGE_REPO --policy-text file:///home/runner/repo-access-permissions.json + + aws ecr --region $REGION describe-repositories --registry-id $ECR_REGISTRY_ID --repository-names $OP_PROPOSER_IMAGE_REPO || aws ecr --region $REGION create-repository --registry-id $ECR_REGISTRY_ID --repository-name $OP_PROPOSER_IMAGE_REPO + aws ecr --region $REGION set-repository-policy --registry-id $ECR_REGISTRY_ID --repository-name $OP_PROPOSER_IMAGE_REPO --policy-text file:///home/runner/repo-access-permissions.json + + docker build --build-arg GIT_TOKEN=${{ secrets.GO_MODULES_TOKEN }} -t $OP_NODE_IMAGE_NAME -f op-node/Dockerfile . + docker push $OP_NODE_IMAGE_NAME + + docker build --build-arg GIT_TOKEN=${{ secrets.GO_MODULES_TOKEN }} -t $OP_BATCHER_IMAGE_NAME -f op-batcher/Dockerfile . + docker push $OP_BATCHER_IMAGE_NAME + + docker build --build-arg GIT_TOKEN=${{ secrets.GO_MODULES_TOKEN }} -t $OP_PROPOSER_IMAGE_NAME -f op-proposer/Dockerfile . + docker push $OP_PROPOSER_IMAGE_NAME +