From f1ce6437fcc08b3e3ded7120471939b1fedbeaee Mon Sep 17 00:00:00 2001 From: muzuke <92723634+muzuke@users.noreply.github.com> Date: Fri, 10 Jan 2025 11:35:29 +0200 Subject: [PATCH 1/4] Build arm64 image for dev-container --- .../publish-scrypto-dev-container.yml | 45 ++++++++++++++++++- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-scrypto-dev-container.yml b/.github/workflows/publish-scrypto-dev-container.yml index b7963fd2d9..d55b35c7b2 100644 --- a/.github/workflows/publish-scrypto-dev-container.yml +++ b/.github/workflows/publish-scrypto-dev-container.yml @@ -6,6 +6,9 @@ on: docker_tag: description: "Docker tag to be published" + # TODO: Remove after testing + pull_request: + permissions: packages: write pull-requests: write @@ -13,7 +16,7 @@ permissions: contents: read jobs: - build-amd: + build_amd64: uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main with: runs_on: ubuntu-16-cores-selfhosted @@ -21,7 +24,8 @@ jobs: image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" - tag: ${{ inputs.docker_tag }} + tag: testing # TODO Update after testing + # tag: ${{ inputs.docker_tag }} # TODO Update after testing context: "." dockerfile: "Dockerfile" target: "scrypto-dev-container" @@ -32,3 +36,40 @@ jobs: enable_dockerhub: true secrets: role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} + + build_arm64: + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main + with: + runs_on: ubuntu-16-cores-selfhosted + environment: "release" + image_registry: "docker.io" + image_organization: "radixdlt" + image_name: "scrypto-dev-container" + # tag: ${{ inputs.docker_tag }} # TODO Update after testing + tag: testing # TODO Update after testing + context: "." + dockerfile: "Dockerfile" + target: "scrypto-dev-container" + platforms: "linux/arm64" + provenance: "false" + scan_image: true + snyk_target_ref: ${{ github.ref_name }} + enable_dockerhub: true + secrets: + role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} + + join_multiarch_image: + name: Join multiarch image + needs: + - build_amd64 + - build_arm64 + permissions: + id-token: write + contents: read + pull-requests: read + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main + with: + aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials + amd_meta_data_json: ${{needs.build_push_container_dockerhub.outputs.json}} + secrets: + role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} From 11ee3dda53b0686b8de81f6d6a8347cabd90dffc Mon Sep 17 00:00:00 2001 From: muzuke <92723634+muzuke@users.noreply.github.com> Date: Fri, 10 Jan 2025 13:34:48 +0200 Subject: [PATCH 2/4] Skip scan on arm --- .github/workflows/publish-scrypto-dev-container.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-scrypto-dev-container.yml b/.github/workflows/publish-scrypto-dev-container.yml index d55b35c7b2..9c3690b668 100644 --- a/.github/workflows/publish-scrypto-dev-container.yml +++ b/.github/workflows/publish-scrypto-dev-container.yml @@ -24,7 +24,7 @@ jobs: image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" - tag: testing # TODO Update after testing + tag: testing # tag: ${{ inputs.docker_tag }} # TODO Update after testing context: "." dockerfile: "Dockerfile" @@ -45,14 +45,14 @@ jobs: image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" - # tag: ${{ inputs.docker_tag }} # TODO Update after testing - tag: testing # TODO Update after testing + # tag: ${{ inputs.docker_tag }}-arm64 # TODO Update after testing + tag: testing-arm64 context: "." dockerfile: "Dockerfile" target: "scrypto-dev-container" platforms: "linux/arm64" provenance: "false" - scan_image: true + scan_image: false snyk_target_ref: ${{ github.ref_name }} enable_dockerhub: true secrets: @@ -70,6 +70,6 @@ jobs: uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main with: aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials - amd_meta_data_json: ${{needs.build_push_container_dockerhub.outputs.json}} + amd_meta_data_json: ${{needs.build_amd64.outputs.json}} secrets: role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} From f6a10ee1c0c9a5e2cda828ceecdc91cc9d3f63a4 Mon Sep 17 00:00:00 2001 From: muzuke <92723634+muzuke@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:12:47 +0200 Subject: [PATCH 3/4] Add missing image flavor --- .github/workflows/publish-scrypto-dev-container.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-scrypto-dev-container.yml b/.github/workflows/publish-scrypto-dev-container.yml index 9c3690b668..b521b48030 100644 --- a/.github/workflows/publish-scrypto-dev-container.yml +++ b/.github/workflows/publish-scrypto-dev-container.yml @@ -34,19 +34,23 @@ jobs: scan_image: true snyk_target_ref: ${{ github.ref_name }} enable_dockerhub: true + use_gh_remote_cache: true + cache_tag_suffix: amd64 + flavor: | + suffix=-amd64 secrets: role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} build_arm64: uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main with: - runs_on: ubuntu-16-cores-selfhosted + runs_on: selfhosted-ubuntu-22.04-arm environment: "release" image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" # tag: ${{ inputs.docker_tag }}-arm64 # TODO Update after testing - tag: testing-arm64 + tag: testing context: "." dockerfile: "Dockerfile" target: "scrypto-dev-container" @@ -55,6 +59,10 @@ jobs: scan_image: false snyk_target_ref: ${{ github.ref_name }} enable_dockerhub: true + use_gh_remote_cache: true + cache_tag_suffix: arm64 + flavor: | + suffix=-arm64 secrets: role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} From fc379fab7924c4a4ca8fbf8dd4a404702f4d2afe Mon Sep 17 00:00:00 2001 From: muzuke <92723634+muzuke@users.noreply.github.com> Date: Sun, 12 Jan 2025 12:47:07 +0200 Subject: [PATCH 4/4] Remove debugging --- .github/workflows/publish-scrypto-dev-container.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-scrypto-dev-container.yml b/.github/workflows/publish-scrypto-dev-container.yml index b521b48030..07b74daa80 100644 --- a/.github/workflows/publish-scrypto-dev-container.yml +++ b/.github/workflows/publish-scrypto-dev-container.yml @@ -6,9 +6,6 @@ on: docker_tag: description: "Docker tag to be published" - # TODO: Remove after testing - pull_request: - permissions: packages: write pull-requests: write @@ -24,8 +21,7 @@ jobs: image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" - tag: testing - # tag: ${{ inputs.docker_tag }} # TODO Update after testing + tag: ${{ inputs.docker_tag }} context: "." dockerfile: "Dockerfile" target: "scrypto-dev-container" @@ -49,8 +45,7 @@ jobs: image_registry: "docker.io" image_organization: "radixdlt" image_name: "scrypto-dev-container" - # tag: ${{ inputs.docker_tag }}-arm64 # TODO Update after testing - tag: testing + tag: ${{ inputs.docker_tag }} context: "." dockerfile: "Dockerfile" target: "scrypto-dev-container"