CD #761
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag to build & push' | |
| required: true | |
| type: string | |
| env: | |
| GO_VERSION: "1.22" | |
| PRIVATE_REGISTRY_HOST: us-central1-docker.pkg.dev | |
| jobs: | |
| # Build and Push to Private Registry | |
| private-build: | |
| name: Build & Push to Private Container Registry | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| role: [access, collection, consensus, execution, observer, verification] | |
| environment: Private Image Builds | |
| steps: | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - id: auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.PRIVATE_REGISTRY_UPLOAD_SECRET }} | |
| - name: Authenticate Docker with gcloud | |
| run: gcloud auth configure-docker ${{ env.PRIVATE_REGISTRY_HOST }} | |
| - name: Build & Push ${{ matrix.role }} | |
| env: | |
| IMAGE_TAG: ${{ inputs.tag }} | |
| CONTAINER_REGISTRY: ${{ vars.PRIVATE_REGISTRY }} | |
| run: | | |
| make docker-build-${{ matrix.role }}-with-adx docker-push-${{ matrix.role }}-with-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY} | |
| make docker-build-${{ matrix.role }}-without-adx docker-push-${{ matrix.role }}-without-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY} | |
| make docker-build-${{ matrix.role }}-without-netgo-without-adx docker-push-${{ matrix.role }}-without-netgo-without-adx CONTAINER_REGISTRY=${CONTAINER_REGISTRY} | |
| make docker-cross-build-${{ matrix.role }}-arm docker-push-${{ matrix.role }}-arm CONTAINER_REGISTRY=${CONTAINER_REGISTRY} | |
| # Individual Promotion Jobs with unique environments enables individual image promotion | |
| promote-access: | |
| name: Promote Access Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Access Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Access | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: access | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |
| promote-collection: | |
| name: Promote Collection Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Collection Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Collection | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: collection | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |
| promote-consensus: | |
| name: Promote Consensus Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Consensus Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Consensus | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: consensus | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |
| promote-execution: | |
| name: Promote Execution Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Execution Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Execution | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: execution | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |
| promote-observer: | |
| name: Promote Observer Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Observer Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Observer | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: observer | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |
| promote-verification: | |
| name: Promote Verification Image to Public Registry | |
| runs-on: ubuntu-latest | |
| needs: private-build | |
| environment: Public Verification Image Promotion | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Promote Verification | |
| uses: ./actions/promote-images | |
| with: | |
| gcp_credentials: ${{ secrets.PUBLIC_REGISTRY_PROMOTION_SECRET }} | |
| private_registry: ${{ vars.PRIVATE_REGISTRY }} | |
| private_registry_host: ${{ env.PRIVATE_REGISTRY_HOST }} | |
| public_registry: ${{ vars.PUBLIC_REGISTRY }} | |
| role: verification | |
| tags: "${{ inputs.tag }},${{ inputs.tag }}-without-adx,${{ inputs.tag }}-without-netgo-without-adx,${{ inputs.tag }}-arm" | |