build(deps): bump the devops group with 1 update (#7948) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# TODO: we should stop using this build approach with lightwalletd and move to using our | |
# reusable workflow to building all the docker images of our repo | |
name: Build lightwalletd | |
# Ensures that only one workflow task will run at a time. Previous builds, if | |
# already in process, will get cancelled. Only the latest commit will be allowed | |
# to run, cancelling any workflows in between | |
# | |
# Cancelling old jobs is the most efficient approach, because the workflow is quick. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
on: | |
workflow_dispatch: | |
# Update the lightwalletd image when related changes merge to the `zebra/main` branch | |
push: | |
branches: | |
- 'main' | |
paths: | |
# rebuild lightwalletd whenever the related Zebra code changes | |
# | |
# TODO: this code isn't compiled in this docker image | |
# rebuild whenever the actual code at lightwalletd/master changes | |
- 'zebra-rpc/**' | |
- 'zebrad/tests/acceptance.rs' | |
- 'zebrad/src/config.rs' | |
- 'zebrad/src/commands/start.rs' | |
# these workflow definitions actually change the docker image | |
- 'docker/zcash-lightwalletd/Dockerfile' | |
- '.github/workflows/sub-build-lightwalletd.yml' | |
# Update the lightwalletd image when each related PR changes | |
pull_request: | |
paths: | |
# rebuild lightwalletd whenever the related Zebra code changes | |
# (this code isn't actually compiled in this docker image) | |
- 'zebra-rpc/**' | |
- 'zebrad/tests/acceptance.rs' | |
- 'zebrad/src/config.rs' | |
- 'zebrad/src/commands/start.rs' | |
# these workflow definitions actually change the docker image | |
- 'docker/zcash-lightwalletd/Dockerfile' | |
- '.github/workflows/sub-build-lightwalletd.yml' | |
env: | |
IMAGE_NAME: lightwalletd | |
jobs: | |
build: | |
name: Build lightwalletd Docker | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- uses: actions/[email protected] | |
with: | |
# Note: check service.proto when modifying lightwalletd repo | |
repository: zcash/lightwalletd | |
ref: 'master' | |
persist-credentials: false | |
- uses: actions/[email protected] | |
with: | |
path: zebra | |
persist-credentials: false | |
- name: Inject slug/short variables | |
uses: rlespinasse/github-slug-action@v4 | |
with: | |
short-length: 7 | |
# Automatic tag management and OCI Image Format Specification for labels | |
- name: Docker meta | |
id: meta | |
uses: docker/[email protected] | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/${{ env.IMAGE_NAME }} | |
# generate Docker tags based on the following events/attributes | |
# set latest tag for default branch | |
tags: | | |
type=schedule | |
# semver and ref,tag automatically add a "latest" tag, but only on stable releases | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=ref,event=tag | |
type=ref,event=branch | |
type=ref,event=pr | |
type=sha | |
# edge is the latest commit on the default branch. | |
type=edge,enable={{is_default_branch}} | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
with: | |
image: tonistiigi/binfmt:latest | |
platforms: all | |
# Setup Docker Buildx to allow use of docker cache layers from GH | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Setup gcloud CLI | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/[email protected] | |
with: | |
retries: '3' | |
workload_identity_provider: '${{ vars.GCP_WIF }}' | |
service_account: '${{ vars.GCP_ARTIFACTS_SA }}' | |
token_format: 'access_token' | |
- name: Set up Cloud SDK | |
uses: google-github-actions/[email protected] | |
- name: Login to Google Artifact Registry | |
uses: docker/[email protected] | |
with: | |
registry: us-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
# Build and push image to Google Artifact Registry | |
- name: Build & push | |
id: docker_build | |
uses: docker/[email protected] | |
with: | |
target: build | |
context: . | |
file: ./zebra/docker/zcash-lightwalletd/Dockerfile | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |
cache-from: | | |
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:${{ env.GITHUB_REF_SLUG_URL }}-cache | |
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:main-cache | |
cache-to: | | |
type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ env.IMAGE_NAME }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=max |