image-build-binary.yml

## Github workflow to build a multiarch docker image from pre-built binaries

name: Docker Image (Binary)

on:
  workflow_call:
    inputs:
      tag:
        required: true
        type: string
        description: "Version tag of release"
      docker_tag:
        required: true
        type: string
        description: "Version tag for docker images"

## Define which docker arch to build for
env:
  docker_platforms: "linux/arm64, linux/arm/v7, linux/amd64, linux/amd64/v3"
  docker-org: blockstack

concurrency:
  group: docker-image-binary-${{ github.head_ref || github.ref || github.run_id }}
  ## Always cancel duplicate jobs
  cancel-in-progress: true

run-name: ${{ inputs.tag }}

jobs:
  ## Runs when the following is true:
  ##  - tag is provided
  ##  - workflow is building default branch (master)
  image:
    if: |
      inputs.tag != ''
    name: Build Image
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      ## Build a maximum of 2 images concurrently based on matrix.dist
      max-parallel: 2
      matrix:
        dist:
          - alpine
          - debian
    steps:
      ## Setup Docker for the builds
      - name: Docker setup
        id: docker_setup
        uses: stacks-network/actions/docker@main
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      ## if the repo owner is not `stacks-network`, default to a docker-org of the repo owner (i.e. github user id)
      ## this allows forks to run the docker push workflows without having to hardcode a dockerhub org (but it does require docker hub user to match github username)
      - name: Set Local env vars
        id: set_env
        if: |
          github.repository_owner != 'stacks-network'
        run: |
          echo "docker-org=${{ github.repository_owner }}" >> "$GITHUB_ENV"

      - name: Check Signer Release
        id: check_signer_release
        run: |
          case "${{ inputs.tag }}" in
            signer-*)
              echo "is-signer-release=true" >> $GITHUB_ENV
              ;;
            *)
              echo "is-signer-release=false" >> $GITHUB_ENV
              ;;
          esac

      ## Set docker metatdata
      ## - depending on the matrix.dist, different tags will be enabled
      ## ex. debian will have this tag: `type=ref,event=tag,enable=${{ matrix.dist == 'debian' }}`
      - name: Docker Metadata ( ${{matrix.dist}} )
        if: ${{ env.is-signer-release == 'true' }}
        id: docker_metadata_signer
        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
        with:
          images: |
            ${{env.docker-org}}/stacks-signer
          tags: |
            type=raw,value=latest,enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'debian' }}
            type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian'}}
            type=raw,value=${{ inputs.docker_tag }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian' }}
            type=ref,event=tag,enable=${{ matrix.dist == 'debian' }}
            type=raw,value=latest-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'alpine' }}
            type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'alpine' }}

      - name: Docker Metadata ( ${{matrix.dist}} )
        if: ${{ env.is-signer-release == 'false' }}
        id: docker_metadata_node
        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
        with:
          ## tag images with current repo name `stacks-core` as well as legacy `stacks-blockchain`
          images: |
            ${{env.docker-org}}/${{ github.event.repository.name }}
            ${{env.docker-org}}/stacks-blockchain
          tags: |
            type=raw,value=latest,enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'debian' }}
            type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian'}}
            type=raw,value=${{ inputs.docker_tag }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian' }}
            type=ref,event=tag,enable=${{ matrix.dist == 'debian' }}
            type=raw,value=latest-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'alpine' }}
            type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'alpine' }}

      ## Build docker image for signer release
      - name: Build and Push ( ${{matrix.dist}} )
        if: ${{ env.is-signer-release == 'true' }}
        id: docker_build_signer
        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
        with:
          file: ./.github/actions/dockerfiles/Dockerfile.${{ matrix.dist }}-binary
          platforms: ${{ env.docker_platforms }}
          tags: ${{ steps.docker_metadata_signer.outputs.tags }}
          labels: ${{ steps.docker_metadata_signer.outputs.labels }}
          build-args: |
            TAG=${{ inputs.tag }}
            REPO=${{ github.repository_owner }}/${{ github.event.repository.name }}
            STACKS_NODE_VERSION=${{ inputs.tag || env.GITHUB_SHA_SHORT }}
            GIT_BRANCH=${{ env.GITHUB_REF_SHORT }}
            GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }}
          push: ${{ env.DOCKER_PUSH }}

      ## Build docker image for node release
      - name: Build and Push ( ${{matrix.dist}} )
        if: ${{ env.is-signer-release == 'false' }}
        id: docker_build_node
        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
        with:
          file: ./.github/actions/dockerfiles/Dockerfile.${{ matrix.dist }}-binary
          platforms: ${{ env.docker_platforms }}
          tags: ${{ steps.docker_metadata_node.outputs.tags }}
          labels: ${{ steps.docker_metadata_node.outputs.labels }}
          build-args: |
            TAG=${{ inputs.tag }}
            REPO=${{ github.repository_owner }}/${{ github.event.repository.name }}
            STACKS_NODE_VERSION=${{ inputs.tag || env.GITHUB_SHA_SHORT }}
            GIT_BRANCH=${{ env.GITHUB_REF_SHORT }}
            GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }}
          push: ${{ env.DOCKER_PUSH }}