feat(release): create Docker hub binaries when tagging (#5138)

* feat(release): create Docker hub binaries when tagging * fix(release): add a release workflow for binaries * fix(release): trigger on tag creation, not pushing to it * fix(release): use the same conditions for logging into DockerHub * fix(release): add missing parameter to access GH secrets * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * ci(release): just publish to DockerHub when a release is published * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * ci(release): filter prerelease event correctly * ci(release): fix tags * ci(release): use `zebra` and not `zebrad` as the repository * ci(release): do not try to login to Docker if not a release * Update .github/workflows/build-docker-image.yml Co-authored-by: teor <teor@riseup.net> Co-authored-by: teor <teor@riseup.net>
ZcashFoundation · Sep 16, 2022 · 7b6da4b · 7b6da4b
1 parent 36a549e
commit 7b6da4b
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 5 deletions.
diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
@@ -71,15 +71,16 @@ jobs:
           # list of Docker images to use as base name for tags
           images: |
             us-docker.pkg.dev/zealous-zebra/zebra/${{ inputs.image_name }}
+            zfnd/zebra,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}
           # generate Docker tags based on the following events/attributes
           tags: |
             type=schedule
-            type=sha
-            type=ref,event=branch
-            type=ref,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
 
       # Setup Docker Buildx to allow use of docker cache layers from GH
       - name: Set up Docker Buildx
@@ -105,9 +106,17 @@ jobs:
           registry: us-docker.pkg.dev
           username: oauth2accesstoken
           password: ${{ steps.auth.outputs.access_token }}
-          logout: false
 
-      # Build and push image to Google Artifact Registry
+      - name: Login to DockerHub
+        # We only publish images to DockerHub if a release is not a pre-release
+        # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177
+        if: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
+        uses: docker/login-action@v2.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Build and push image to Google Artifact Registry, and possibly DockerHub
       - name: Build & push
         id: docker_build
         uses: docker/build-push-action@v3.1.1

diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
@@ -0,0 +1,34 @@
+# This workflow is meant to trigger a build of Docker binaries when a release
+# is published, it uses the existing `build-docker-image.yml` workflow
+#
+# We use a separate action as we might want to trigger this under
+# different circumstances than a Continuous Deployment, for example.
+#
+# This workflow is triggered if:
+# - A release is published
+# - A pre-release is changed to a release
+name: Release binaries
+
+on:
+  release:
+    types:
+      - released
+
+jobs:
+  # Each time this workflow is executed, a build will be triggered to create a new image
+  # with the corresponding tags using information from git
+  #
+  # The image will be named `zebrad:<semver>`
+  build:
+    uses: ./.github/workflows/build-docker-image.yml
+    with:
+      dockerfile_path: ./docker/Dockerfile
+      dockerfile_target: runtime
+      image_name: zebrad
+      network: Mainnet
+      checkpoint_sync: true
+      rust_backtrace: '1'
+      zebra_skip_ipv6_tests: '1'
+      rust_log: info
+    # This step needs access to Docker Hub secrets to run successfully
+    secrets: inherit