feat(stdlib)!: Seeded hashing (#2170) #1056
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Docker images | |
on: | |
push: | |
branches: [main] | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "The tag of release" | |
required: true | |
permissions: | |
id-token: write # Required to auth to AWS | |
contents: read # Required for actions/checkout | |
packages: write # Required to upload to ghcr | |
env: | |
AWS_EC2_INSTANCE_ID: i-0960f9b8de8285aed | |
AWS_REGION: us-east-1 | |
jobs: | |
push_base_image: | |
name: Push base Docker image to multiple registries | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout project | |
uses: actions/checkout@v3 | |
- name: Parse tag | |
# This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 | |
id: vars | |
if: ${{ github.event.inputs.tag }} | |
run: GITHUB_TAG=${{ github.event.inputs.tag }}; echo ::set-output name=tag::${GITHUB_TAG#grain-} | |
- name: Configure AWS credentials | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: arn:aws:iam::881972110175:role/github-actions-openid | |
role-session-name: cisession | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Start AWS EC2 arm64 instance | |
id: instance | |
run: | | |
aws ec2 start-instances --instance-ids ${{ env.AWS_EC2_INSTANCE_ID }} | |
aws ec2 wait instance-status-ok --instance-ids ${{ env.AWS_EC2_INSTANCE_ID }} | |
echo ::set-output name=ip::$(aws ec2 describe-instances --filters "Name=instance-id,Values=${{ env.AWS_EC2_INSTANCE_ID }}" --query 'Reservations[*].Instances[*].[PublicIpAddress]' --output text) | |
- name: Bring in SSH keys | |
uses: grain-lang/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Set up remote builder | |
run: | | |
ssh-keyscan -H ${{ steps.instance.outputs.ip }} >> ~/.ssh/known_hosts | |
docker context create node-amd64 --docker host=unix:///var/run/docker.sock | |
docker context create node-arm64 --docker host=ssh://ubuntu@${{ steps.instance.outputs.ip }} | |
docker buildx create --use --name multiarch-builder --platform linux/amd64 node-amd64 | |
docker buildx create --append --name multiarch-builder --platform linux/arm64 node-arm64 | |
docker buildx inspect --bootstrap | |
- name: Docker meta | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: | | |
grainlang/grain | |
ghcr.io/grain-lang/grain | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}},value=${{ steps.vars.outputs.tag }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push image | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: Dockerfile | |
push: true | |
builder: multiarch-builder | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push_slim_image: | |
name: Push slim Docker image to multiple registries | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout project | |
uses: actions/checkout@v3 | |
- name: Parse tag | |
# This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 | |
id: vars | |
if: ${{ github.event.inputs.tag }} | |
run: GITHUB_TAG=${{ github.event.inputs.tag }}; echo ::set-output name=tag::${GITHUB_TAG#grain-} | |
- name: Configure AWS credentials | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: arn:aws:iam::881972110175:role/github-actions-openid | |
role-session-name: cisession | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Start AWS EC2 arm64 instance | |
id: instance | |
run: | | |
aws ec2 start-instances --instance-ids ${{ env.AWS_EC2_INSTANCE_ID }} | |
aws ec2 wait instance-status-ok --instance-ids ${{ env.AWS_EC2_INSTANCE_ID }} | |
echo ::set-output name=ip::$(aws ec2 describe-instances --filters "Name=instance-id,Values=${{ env.AWS_EC2_INSTANCE_ID }}" --query 'Reservations[*].Instances[*].[PublicIpAddress]' --output text) | |
- name: Bring in SSH keys | |
uses: grain-lang/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Set up remote builder | |
run: | | |
ssh-keyscan -H ${{ steps.instance.outputs.ip }} >> ~/.ssh/known_hosts | |
docker context create node-amd64 --docker host=unix:///var/run/docker.sock | |
docker context create node-arm64 --docker host=ssh://ubuntu@${{ steps.instance.outputs.ip }} | |
docker buildx create --use --name multiarch-builder --platform linux/amd64 node-amd64 | |
docker buildx create --append --name multiarch-builder --platform linux/arm64 node-arm64 | |
docker buildx inspect --bootstrap | |
- name: Docker meta | |
id: meta | |
uses: docker/[email protected] | |
with: | |
flavor: | | |
suffix=-slim,onlatest=true | |
images: | | |
grainlang/grain | |
ghcr.io/grain-lang/grain | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}},value=${{ steps.vars.outputs.tag }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to Github Container Registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push slim image | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: Dockerfile-slim | |
push: true | |
builder: multiarch-builder | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |