Skip to content

Verify Tip Receipt content against logs (no cheating!) (#1898) #1501

Verify Tip Receipt content against logs (no cheating!) (#1898)

Verify Tip Receipt content against logs (no cheating!) (#1898) #1501

# Based on https://github.com/docker/build-push-action
name: 'Build River Docker Image'
on:
push:
branches:
- main
workflow_dispatch: # A build was manually requested
inputs:
release_version:
description: 'The release version to use for the image (optional)'
required: false # This is no longer required, so that we can promote existing images to `mainnet`, `testnet`, `stable` etc.
additional_tags_csv:
description: 'Comma separated list of tags to apply to the image (optional)'
required: false
env:
DOCKER_NAMESPACE: herenotthere
GHCR_NAMESPACE: herenotthere
PLATFORMS: linux/amd64,linux/arm64
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL || secrets.SLACK_CD_WORKFLOW_WEBHOOK_URL }}
jobs:
build:
name: Build docker image
runs-on: ubuntu-latest-8-cores
permissions:
contents: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-aws-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: 'public'
- name: Build and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-aws-ecr.outputs.registry }}
#This can be custom alias once requested to aws and approved for public repo
REGISTRY_ALIAS: h5v6m2x1
ECR_REPOSITORY: river
RELEASE_VERSION: ${{ inputs.release_version }}
ADDITIONAL_TAGS: ${{ inputs.additional_tags_csv }}
working-directory: ./core
run: |
COMMIT_HASH=$(git describe --tags --always --dirty)
BRANCH=$(git rev-parse --abbrev-ref HEAD)
TAGS=($COMMIT_HASH)
# if release version is not provided, we set it to "river"
if [ -z "$RELEASE_VERSION" ]; then
RELEASE_VERSION="river"
else
# If this is a release, we also tag the image with the release version.
TAGS+=($RELEASE_VERSION)
fi
# If this is a push to main, we also tag the image as dev,
# But RELEASE_VERSION remains untouched, as `dev` is not a version, but just a tag.
if [ "$BRANCH" == "main" ] && [ "${{ github.event_name }}" == "push" ]; then
TAGS+=(dev)
fi
# Add additional tags if provided
if [ -n "$ADDITIONAL_TAGS" ]; then
IFS=',' read -ra ADDITIONAL_TAGS_ARRAY <<< "$ADDITIONAL_TAGS"
for tag in "${ADDITIONAL_TAGS_ARRAY[@]}"; do
TAGS+=($tag)
done
fi
echo "Building image with the following tags: ${TAGS[@]}"
echo "Commit hash: $COMMIT_HASH"
echo "Branch: $BRANCH"
echo "Release version: $RELEASE_VERSION"
docker build \
--build-arg GIT_SHA=${{ github.sha }} \
--build-arg VER_VERSION=$RELEASE_VERSION \
--build-arg VER_BRANCH=$BRANCH \
--build-arg VER_COMMIT=$COMMIT_HASH \
-t river:local-latest \
.
echo "::set-output name=tag_valid::false"
for tag in "${TAGS[@]}"; do
if [ "$tag" == "mainnet" ] || [ "$tag" == "testnet" ]; then
echo "::set-output name=tag_valid::true"
echo "::set-output name=tag_value::$tag"
fi
docker tag river:local-latest $ECR_REGISTRY/$REGISTRY_ALIAS/$ECR_REPOSITORY:$tag
docker push $ECR_REGISTRY/$REGISTRY_ALIAS/$ECR_REPOSITORY:$tag
done
- name: Create new release tag
if: ${{ success() && steps.build-image.outputs.tag_valid == 'true' }}
id: create-tag
run: |
new_tag=$(./scripts/create-new-release-tag.sh ${{ steps.build-image.outputs.tag_value }})
echo "::set-output name=new_tag::$new_tag"
- name: Push tag
if: ${{ success() && steps.build-image.outputs.tag_valid == 'true' }}
uses: actions/github-script@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const response = await github.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/tags/' + '${{ steps.create-tag.outputs.new_tag }}',
sha: context.sha
})
console.log(response)
# If action failed, we send a slack notification
- name: Slack notification
if: failure()
uses: slackapi/[email protected]
with:
payload: |
{
"step": "Build River Docker Image",
"environment": "N/",
"branch": "${{ github.ref }}",
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"commit": "${{ github.sha }}",
"actor": "${{ github.actor }}"
}