forked from ethereum-optimism/optimism
-
Notifications
You must be signed in to change notification settings - Fork 5
143 lines (138 loc) · 5.99 KB
/
docker-build-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Docker Build Scan
on:
pull_request:
branches:
- 'master'
- 'celo*'
push:
branches:
- 'master'
- 'celo*'
- 'karlb/celo11-13'
workflow_dispatch:
jobs:
detect-files-changed:
runs-on: ubuntu-latest
outputs:
files-changed: ${{ steps.detect-files-changed.outputs.all_changed_files }}
steps:
- uses: actions/checkout@v4
- name: Detect files changed
id: detect-files-changed
uses: tj-actions/changed-files@v44
with:
separator: ','
build-cel2-migration-tool:
runs-on: ubuntu-latest
env:
GIT_COMMIT: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
needs: detect-files-changed
if: |
contains(needs.detect-files-changed.outputs.files-changed, 'go.sum') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-chain-ops/cmd/celo-migrate') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-chain-ops/Dockerfile') ||
contains(needs.detect-files-changed.outputs.files-changed, '.github/workflows/docker-build-scan.yaml') ||
github.event_name == 'workflow_dispatch' ||
true
permissions:
contents: read
id-token: write
security-events: write
steps:
- uses: actions/checkout@v4
- name: Login at GCP Artifact Registry
uses: celo-org/reusable-workflows/.github/actions/[email protected]
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos'
service-account: '[email protected]'
docker-gcp-registries: us-west1-docker.pkg.dev
- name: Build and push container
uses: celo-org/reusable-workflows/.github/actions/[email protected]
with:
platforms: linux/amd64
registry: us-west1-docker.pkg.dev/devopsre/dev-images/cel2-migration-tool
tags: ${{ env.GIT_COMMIT }}
context: ./
dockerfile: ./op-chain-ops/Dockerfile
push: true
trivy: false
build-ci-builder:
runs-on: ubuntu-latest
needs: detect-files-changed
if: |
contains(needs.detect-files-changed.outputs.files-changed, 'ops/docker/ci-builder/Dockerfile') ||
github.event_name == 'workflow_dispatch' ||
true
permissions:
contents: read
id-token: write
security-events: write
env:
GIT_COMMIT: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
GIT_DATE: ${{ github.event.head_commit.timestamp }}
IMAGE_TAGS: latest
REGISTRY: us-west1-docker.pkg.dev
REPOSITORY: blockchaintestsglobaltestnet/dev-images
steps:
- uses: actions/checkout@v4
- name: Login at GCP Artifact Registry
uses: celo-org/reusable-workflows/.github/actions/[email protected]
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos'
service-account: '[email protected]'
docker-gcp-registries: us-west1-docker.pkg.dev
# We need a custom steps as it's using docker bake
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/bake-action@v5
with:
push: true
source: .
files: docker-bake.hcl
targets: ci-builder
# Build op-node op-batcher op-proposer etc. using docker-bake
build-op-stack:
runs-on: ubuntu-latest
needs: detect-files-changed
if: |
contains(needs.detect-files-changed.outputs.files-changed, 'go.sum') ||
contains(needs.detect-files-changed.outputs.files-changed, 'ops/docker') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-node/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-batcher/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-conductor/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-challenger/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-dispute-mon/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-proposer/') ||
contains(needs.detect-files-changed.outputs.files-changed, 'op-service/') ||
contains(needs.detect-files-changed.outputs.files-changed, '.github/workflows/docker-build-scan.yaml') ||
github.event_name == 'workflow_dispatch' ||
true
permissions:
contents: read
id-token: write
security-events: write
env:
GIT_COMMIT: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
GIT_DATE: ${{ github.event.head_commit.timestamp }}
IMAGE_TAGS: ${{ (github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/celo')) && 'latest,' || '') }}${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
REGISTRY: us-west1-docker.pkg.dev
REPOSITORY: blockchaintestsglobaltestnet/dev-images
steps:
- uses: actions/checkout@v4
- name: Login at GCP Artifact Registry
uses: celo-org/reusable-workflows/.github/actions/[email protected]
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos'
service-account: '[email protected]'
docker-gcp-registries: us-west1-docker.pkg.dev
# We need a custom steps as it's using docker bake
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/bake-action@v5
with:
push: true
source: .
files: docker-bake.hcl
targets: op-node,op-batcher,op-proposer,op-conductor,op-challenger,op-dispute-mon