-
Notifications
You must be signed in to change notification settings - Fork 181
171 lines (160 loc) · 6.35 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: CD
on:
workflow_dispatch:
inputs:
tag:
description: 'Tag to build & push'
required: true
type: string
skip_private_build:
description: 'Skip private build (true/false) can only be used when the image already exists'
required: false
type: boolean
default: false
env:
GO_VERSION: "1.22"
PRIVATE_REGISTRY_HOST: us-central1-docker.pkg.dev
jobs:
# Build and Push to Private Registry
private-build:
if: inputs.skip_private_build != 'true'
name: Build & Push to Private Container Registry
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
role: [access, collection, consensus, execution, observer, verification]
environment: Private Docker Registry
steps:
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout repo
uses: actions/checkout@v3
- id: auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
- name: Authenticate Docker with gcloud
run: gcloud auth configure-docker ${{ env.PRIVATE_REGISTRY_HOST }}
- name: Build & Push ${{ matrix.role }}
if: inputs.skip_private_build != 'true'
env:
CONTAINER_REGISTRY: ${{ vars.PRIVATE_REGISTRY }}
run: |
make docker-build-${{ matrix.role }}-with-adx docker-push-${{ matrix.role }}-with-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY}
make docker-build-${{ matrix.role }}-without-adx docker-push-${{ matrix.role }}-without-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY}
make docker-build-${{ matrix.role }}-without-netgo-without-adx docker-push-${{ matrix.role }}-without-netgo-without-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY}
make docker-cross-build-${{ matrix.role }}-arm docker-push-${{ matrix.role }}-arm CONTAINER_REGISTRY=${CONTAINER_REGISTRY}
# Individual Promotion Jobs using the Base Tag for Full Tags
promote-access:
name: Promote Access Role to Public Registry
runs-on: ubuntu-latest
needs: private-build
environment: Promote Access
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Promote Access
uses: ./actions/promote-images
with:
gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
private_registry: ${{ vars.PRIVATE_REGISTRY }}
public_registry: ${{ vars.PUBLIC_REGISTRY }}
registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
role: access
tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
promote-collection:
name: Promote Collection Role to Public Registry
runs-on: ubuntu-latest
needs: private-build
environment: Promote Collection
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Promote Collection
uses: ./actions/promote-images
with:
gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
private_registry: ${{ vars.PRIVATE_REGISTRY }}
public_registry: ${{ vars.PUBLIC_REGISTRY }}
registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
role: collection
tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
# promote-consensus:
# name: Promote Consensus Role to Public Registry
# runs-on: ubuntu-latest
# needs: private-build
# environment: Promote Consensus
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
#
# - name: Promote Consensus
# uses: ./.github/actions/promote
# with:
# gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
# role: consensus
# tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
# private_registry: ${{ vars.PRIVATE_REGISTRY }}
# public_registry: ${{ vars.PUBLIC_REGISTRY }}
# registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
#
# promote-execution:
# name: Promote Execution Role to Public Registry
# runs-on: ubuntu-latest
# needs: private-build
# environment: Promote Execution
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
#
# - name: Promote Execution
# uses: ./.github/actions/promote
# with:
# gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
# role: execution
# tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
# private_registry: ${{ vars.PRIVATE_REGISTRY }}
# public_registry: ${{ vars.PUBLIC_REGISTRY }}
# registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
#
# promote-observer:
# name: Promote Observer Role to Public Registry
# runs-on: ubuntu-latest
# needs: private-build
# environment: Promote Observer
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
#
# - name: Promote Observer
# uses: ./.github/actions/promote
# with:
# gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
# role: observer
# tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
# private_registry: ${{ vars.PRIVATE_REGISTRY }}
# public_registry: ${{ vars.PUBLIC_REGISTRY }}
# registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
#
# promote-verification:
# name: Promote Verification Role to Public Registry
# runs-on: ubuntu-latest
# needs: private-build
# environment: Promote Verification
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
#
# - name: Promote Verification
# uses: ./.github/actions/promote
# with:
# gcp_credentials: ${{ secrets.GCR_SERVICE_KEY_SECRET }}
# role: verification
# tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm"
# private_registry: ${{ vars.PRIVATE_REGISTRY }}
# public_registry: ${{ vars.PUBLIC_REGISTRY }}
# registry_host: ${{ env.PRIVATE_REGISTRY_HOST }}
#