Docker build and push - part 1 #56
Conversation
merge test 1
branch check
tmp rm CROSS_FEATURES
use GH_TOKEN
hardcode docker repo, set dockerfile location
use correct dir
update rust and path
use Cargo.toml as source of truth
fix path for toml_reader.sh
debugging
cargo update before cargo audit
Windows rel
win release
add conditional imports for Unix target family in environment module
conditional imports for unix
There was a problem hiding this comment.
Nice. This looks great.
Left a few comments about some code changes.
The extra script files about getting the rust version (and splitting up the extract-version workflow) was this to avoid putting the architecture into the name? Or to handle the case that we don't yet have a tag or release? Just curious as to why we shifted from the original version we use in Lighthouse.
Everything else looks good to me :)
|
|
||
| - name: Dockerhub login | ||
| run: | | ||
| echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin |
There was a problem hiding this comment.
I think these have changed. They are now DH_ORG and DH_KEY I think
There was a problem hiding this comment.
In these workflows we are not trusting github to responsibility protect the dockerhub token in perpetuity. Instead we give it on demand, and approval, via vault.
While it does use DOCKER_USERNAME and DOCKER_PASSWORD vars internally, the only variable that needs to be set in Github is to add your org token. See https://www.notion.so/sigp/HashiCorp-Vault-12a56eefb55e8023bb58de9d57cfe2b8
|
|
||
| env: | ||
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | ||
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} |
| if: startsWith(matrix.arch, 'x86_64-windows') != true | ||
| env: | ||
| GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} | ||
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |
There was a problem hiding this comment.
I think i have to add these, or find someone who has them to add
| # The formatting here is borrowed from OpenEthereum: https://github.com/openethereum/openethereum/blob/main/.github/workflows/build.yml | ||
| run: | | ||
| body=$(cat <<- "ENDBODY" | ||
| <Rick and Morty character> |
There was a problem hiding this comment.
@jking-aus - and others. We probably need to come up with a release naming scheme.
| - [ ] Run on synced Holesky Sigma Prime nodes. | ||
| - [ ] Run on synced Canary (mainnet) Sigma Prime nodes. | ||
| - [ ] Resync a Holesky node. | ||
| - [ ] Resync a mainnet node. |
There was a problem hiding this comment.
This is a draft release checklist. These will likely need to be modified at some point for anchor specifically. Things we want to check before a release. @jking-aus
|
|
||
| ## Binaries | ||
|
|
||
| [See pre-built binaries documentation.](https://anchor-book.sigmaprime.io/installation-binaries.html) |
There was a problem hiding this comment.
We will need to make sure this URL exists, i.e add it to the md-book. @jking-aus
Pr 56 review
pr 56 review changes
|
This The use of |
|
hey anton can you just resolve the minor conflict so I can squash and merge? If I do it my review wont approve the pr |
@jking-aus - done |
Issue Addressed
git.revision- for provenance.Which issue # does this PR address? See #28
NB: this is using the Hashicorp Vault Action to retrieve the docker username and key.
I'll followup in a less public forum regarding these details.
Follow-up tasks