Skip to content

Build and Sign Blockchain Release Images #10

Build and Sign Blockchain Release Images

Build and Sign Blockchain Release Images #10

name: Build and Sign Blockchain Release Images
on:
push:
branches:
# Matches i.e: release/1.9.x
- 'release/[0-9]+.[0-9]+.x'
tags:
- 'v[0-9]+.[0-9]+.[0-9]+(?:-\S+(?:\.\d+)*)*'
workflow_dispatch:
jobs:
# Extracts the branch name when branch=release/* and exports as an output
replace-branch-name:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
replaced-branch: ${{ steps.replace.outputs.value }}
if: startsWith(github.ref, 'refs/heads/release')
steps:
- id: replace
run: |
# Transform from `refs/heads/release/1.9.x` to `release-1.9`
branch_name=$(echo ${{ github.ref_name }} | sed 's!refs/heads/!!' | sed 's!/!-!' | sed 's!\.x!!')
echo "replace-branch-name output: value=${branch_name}"
echo "value=${branch_name}" >> $GITHUB_OUTPUT
# Extracts the tag if tag=v* and exports as an output
replace-tag-v:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
replaced-tag: ${{ steps.replace.outputs.value }}
major: ${{ steps.major-minor.outputs.MAJOR }}
major-minor: ${{ steps.major-minor.outputs.MAJOR_MINOR }}
if: startsWith(github.ref, 'refs/tags/v')
steps:
- id: replace
run: |
# Transform from `refs/tags/v1.9.0` to `1.9.0`
version=$(echo ${{ github.ref_name }} | sed 's!v!!')
echo "value=${version}"
echo "value=${version}" >> $GITHUB_OUTPUT
- id: major-minor
run: |
# Extracts the major and major-minor versions
# I.e: 1.9.0 -> MAJOR=1, MAJOR_MINOR=1.9
version=${{ steps.replace.outputs.value }}
semver=( ${version//./ } )
echo "replace-tag-v output: MAJOR=${semver[0]}"
echo "replace-tag-v output: MAJOR_MINOR=${semver[0]}.${semver[1]}"
echo "MAJOR=${semver[0]}" >> $GITHUB_OUTPUT
echo "MAJOR_MINOR=${semver[0]}.${semver[1]}" >> $GITHUB_OUTPUT
build-container-geth-dev:
# v2.0 is main at Feb 2 2024
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/heads/release')
needs:
- replace-branch-name
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos'
service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com'
artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth
tags: ${{ needs.replace-branch-name.outputs.replaced-branch }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile
trivy: true
build-container-geth-all-dev:
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/heads/release')
needs:
- replace-branch-name
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos'
service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com'
artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all
tags: ${{ needs.replace-branch-name.outputs.replaced-branch }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile.alltools
trivy: true
build-container-geth-devopsre:
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/tags/v') && false
needs:
- replace-tag-v
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com'
artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth
tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile
trivy: true
build-container-geth-all-devopsre:
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/tags/v') && false
needs:
- replace-tag-v
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com'
artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth-all
tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile.alltools
trivy: true
build-container-geth-celo-org:
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/tags/v')
needs:
- replace-tag-v
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com'
artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth
tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile
trivy: true
build-container-geth-all-celo-org:
uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v2.0
if: startsWith(github.ref, 'refs/tags/v')
needs:
- replace-tag-v
with:
workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
service-account: 'celo-blockchain@devopsre.iam.gserviceaccount.com'
artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth-all
tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile.alltools
trivy: true
# TODO(): The next worfklows assume that the latest pushed is effectively the latest tag
# This can be problematic for cases when have multiple active release branches (i.e: 1.9.x and 1.10.x) and
# we tag a new release on 1.9.x, the latest pushed for bakalva and 1 tags will be 1.9.x and not 1.10.x
add-baklava-tag:
if: startsWith(github.ref, 'refs/tags/v')
uses: ./.github/workflows/add-docker-tag.yaml
needs:
- replace-tag-v
- build-container-geth-celo-org
with:
origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
destination-tag: v-baklava
add-major-tag:
if: startsWith(github.ref, 'refs/tags/v')
uses: ./.github/workflows/add-docker-tag.yaml
needs:
- replace-tag-v
- build-container-geth-celo-org
with:
origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
destination-tag: ${{ needs.replace-tag-v.outputs.major }}
add-major-minor-tag:
if: startsWith(github.ref, 'refs/tags/v')
uses: ./.github/workflows/add-docker-tag.yaml
needs:
- replace-tag-v
- build-container-geth-celo-org
with:
origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
destination-tag: ${{ needs.replace-tag-v.outputs.major-minor }}