Skip to content

Ockam Container Release #6

Ockam Container Release

Ockam Container Release #6

name: Ockam Container Release
on:
workflow_dispatch:
inputs:
tag:
description: 'Ockam tag to build'
required: true
binaries_sha:
description: 'Ockam Release Assets SHA'
required: false
is_release:
description: 'Indicate If Workflow Is To Release Ockam Package Or Be A Draft'
type: choice
default: 'false'
options:
- 'false'
- 'true'
permissions:
contents: read
env:
DEPLOYMENT_NAME: ockam
ARTIFACT_NAME: ockam
ORGANIZATION: ${{ github.repository_owner }}
defaults:
run:
shell: bash
jobs:
build-and-publish-artifact:
if: github.event.inputs.is_release == 'false'
name: "Build And Publish Ockam Container As Draft"
runs-on: ubuntu-20.04
environment: release
permissions:
actions: read
contents: write
packages: write
steps:
- name: Checker
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -ex
mkdir assets && cd assets
gh release download ${{ github.event.inputs.tag }} -R ${ORGANIZATION}/ockam
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
path: ockam
- id: image
run: |
tag_name="${{ github.event.inputs.tag }}"
version=${tag_name:7}
echo "image=ghcr.io/${ORGANIZATION}/$ARTIFACT_NAME:${version}-draft" >> $GITHUB_OUTPUT
- name: Update Docker Template
run: |
set -x
temp_dir=$(mktemp -d)
cp ./ockam/tools/templates/ockam.dockerfile $temp_dir/Dockerfile
cd $temp_dir
binaries=(${{ github.event.inputs.binaries_sha }})
for binary in ${binaries[@]}; do
echo "$binary"
file=(${binary//:/ })
echo "${file[@]}"
if [[ ${file[0]} == *".so"* || ${file[0]} == *".sig"* ]]; then
echo "elixir nif library found, skipping."
continue
fi
sed -i "s/${file[0]}_sha256_value/${file[1]}/g" Dockerfile
done
cat Dockerfile
cp Dockerfile $GITHUB_WORKSPACE/ockam/tools/templates
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
registry: ghcr.io
username: $ORGANIZATION
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
# TODO: change after new buildkit version gets fixed
# https://github.com/moby/buildkit/issues/3347
# https://github.com/docker/build-push-action/issues/761
with:
driver-opts: |
image=moby/buildkit:v0.10.6
- name: Build And Publish As Draft
run: |
tag_name="${{ github.event.inputs.tag }}"
version=${tag_name:7}
docker buildx build --push \
--tag ghcr.io/${ORGANIZATION}/ockam:${version}-draft \
--file ./ockam/tools/templates/Dockerfile \
--platform linux/amd64,linux/arm64/v8,linux/arm/v7 .
make-latest:
if: github.event.inputs.is_release == 'true'
name: "Make Draft Release Latest"
runs-on: ubuntu-20.04
environment: release
permissions:
packages: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
registry: ghcr.io
username: ${ORGANIZATION}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get Version
id: image
run: |
tag_name="${{ github.event.inputs.tag }}"
version=${tag_name:7}
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Deploy Latest Image
run: |
set -o xtrace
docker pull ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft
manifest=$(docker manifest inspect -v ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}-draft)
refs=$(echo $manifest | jq -r .[].Descriptor.digest)
amended_refs=""
for ref in ${refs[@]}; do
amended_refs=" ${amended_refs[@]} --amend ghcr.io/${ORGANIZATION}/ockam@$ref"
done
docker manifest create ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }} $amended_refs
docker manifest push ghcr.io/${ORGANIZATION}/ockam:${{ steps.image.outputs.version }}
docker manifest create ghcr.io/${ORGANIZATION}/ockam:latest $amended_refs
docker manifest push ghcr.io/${ORGANIZATION}/ockam:latest