Merge branch 'release/anemone' #4038

Workflow file for this run

	name: Docker

	on:
	pull_request:
	release:
	types: [published]
	push:
	branches:
	- develop
	- main
	- release\/*

	jobs:
	cancel_running_workflows:
	name: Cancel running workflows
	runs-on: ubuntu-22.04
	steps:
	- name: cancel running workflows
	uses: RDXWorks-actions/cancel-workflow-action@main
	with:
	access_token: ${{ github.token }}

	build_deb:
	name: Build debian package
	runs-on: selfhosted-ubuntu-22.04-16-cores
	outputs:
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	fetch-depth: 0
	- name: Docker meta
	id: meta
	uses: RDXWorks-actions/metadata-action@master
	with:
	images: \|
	docker.io/radixdlt/babylon-node
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha
	flavor: \|
	latest=false
	- uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: stable
	- name: Set up JDK 17
	uses: RDXWorks-actions/setup-java@main
	with:
	distribution: 'zulu'
	java-version: '17'
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}-deb
	restore-keys: ${{ runner.os }}-gradle-deb
	- name: Restore cached image-cache
	id: cache-image-restore
	uses: RDXWorks-actions/cache/restore@main
	with:
	path: /tmp/outputs/cache/docker
	key: babylon-node-default-${{ hashFiles('./Dockerfile') }}
	- name: Set up Docker Context for Buildx
	run: \|
	docker context create builders \| true
	- name: Set up Docker Buildx
	uses: RDXWorks-actions/setup-buildx-action@master
	with:
	version: latest
	endpoint: builders
	- name: Create deb package
	run: \|
	sudo apt-get update && sudo apt-get install -y make
	cd core && make build-core
	- name: Upload generated debian package
	uses: RDXWorks-actions/upload-artifact@main
	with:
	name: deb4docker
	path: "${{ github.workspace }}/docker/*.deb"

	setup_tags:
	name: Setup Docker tags
	runs-on: ubuntu-latest
	outputs:
	tag: ${{ steps.setup_tags.outputs.tag }}
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	fetch-depth: 0
	- id: setup_tags
	run: echo "tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	build_push_container_private:
	name: (PRIVATE) Docker AMD
	needs:
	- setup_tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: ubuntu-latest
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "private-babylon-node"
	tag: ${{ needs.setup_tags.outputs.tag }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha
	flavor:
	${{ contains( github.event.pull_request.labels.*.name, 'ARM-TEST') && 'suffix=-amd64' \|\| '' }}
	${{ github.event_name != 'pull_request' && 'suffix=-amd64' \|\| '' }}
	context: "."
	dockerfile: "./Dockerfile"
	platforms: "linux/amd64"
	cache_tag_suffix: "amd64"
	use_gh_remote_cache: true
	provenance: "false"
	scan_image: true
	snyk_target_ref: ${{ github.ref_name }}

	build_push_container_private_arm:
	if: contains( github.event.pull_request.labels.*.name, 'ARM-TEST') \|\| github.event_name != 'pull_request'
	name: (PRIVATE) Docker ARM
	needs:
	- setup_tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: selfhosted-ubuntu-22.04-arm
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "private-babylon-node"
	tag: ${{ needs.setup_tags.outputs.tag }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=ref,event=tag
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha
	flavor: \|
	suffix=-arm64
	context: "."
	dockerfile: "./Dockerfile"
	use_gh_remote_cache: true
	provenance: "false"
	scan_image: false
	snyk_target_ref: ${{ github.ref_name }}
	platforms: "linux/arm64"
	cache_tag_suffix: arm64
	build-args: \|
	WGET_VERSION=1.21.3-1+b1

	join_multiarch_image_private_dockerhub:
	if: contains( github.event.pull_request.labels.*.name, 'ARM-TEST') \|\| github.event_name != 'pull_request'
	name: Join Multiarch Image Private Dockerhub
	needs:
	- build_push_container_private
	- build_push_container_private_arm
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main
	with:
	aws_dockerhub_secret: github-actions/common/dockerhub-credentials
	amd_meta_data_json: ${{needs.build_push_container_private.outputs.json}}
	secrets:
	role-to-assume: "arn:aws:iam::308190735829:role/gh-common-secrets-read-access"

	build_push_container_dockerhub:
	if: github.event_name == 'release'
	name: (DockerHub) Docker AMD
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: ubuntu-latest
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-node"
	tag: ${{ github.event.release.tag_name }}
	flavor: \|
	suffix=-amd64
	context: "."
	dockerfile: "./Dockerfile"
	platforms: "linux/amd64"
	cache_tag_suffix: "amd64"
	use_gh_remote_cache: true
	enable_dockerhub: "true"
	provenance: "false"
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	build_push_container_dockerhub_arm:
	if: github.event_name == 'release'
	name: (DockerHub) Docker ARM
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: selfhosted-ubuntu-22.04-arm
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-node"
	tag: ${{ github.event.release.tag_name }}
	flavor: \|
	suffix=-arm64
	context: "."
	dockerfile: "./Dockerfile"
	platforms: "linux/arm64"
	cache_tag_suffix: "arm64"
	use_gh_remote_cache: true
	enable_dockerhub: "true"
	provenance: "false"
	build-args: \|
	WGET_VERSION=1.21.3-1+b1
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	join_multiarch_image_dockerhub:
	if: contains( github.event.pull_request.labels.*.name, 'ARM-TEST') \|\| github.event_name != 'pull_request'
	name: Join Multiarch Image Private Dockerhub
	needs:
	- build_push_container_dockerhub
	- build_push_container_dockerhub_arm
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main
	with:
	aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials
	amd_meta_data_json: ${{needs.build_push_container_dockerhub.outputs.json}}
	secrets:
	role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	snyk_container_monitor:
	name: Snyk monitor container
	runs-on: ubuntu-latest
	needs:
	- build_push_container_dockerhub
	- build_push_container_dockerhub_arm
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-node'
	dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
	snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
	image: docker.io/radixdlt/babylon-node:${{ github.event.release.tag_name }}-amd64
	target_ref: ${{ github.ref_name }}

	snyk_monitor:
	name: Snyk monitor
	runs-on: ubuntu-latest
	needs:
	- build_push_container_dockerhub
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-node'
	step_name: 'snyk-monitor'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Enable Snyk online monitoring to check for vulnerabilities
	uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --target-reference=${{ github.ref_name }}
	command: monitor

	# TEMPORARILY REMOVE EPHEMERAL TESTS
	# => Until we can change them to only run the "node" tests and not the transaction tests
	# ephemeral-deploy-and-test:
	# name: Run ephemeral deploy and test
	# needs:
	# - build_deb
	# - build_push_container
	# runs-on: ubuntu-22.04
	# steps:
	# - name: Get docker image tag
	# run: \|
	# #There can be multiple tag entries. Get the first and only take the tag (i.e. not the image repo and name)
	# TAGS="${{ needs.build_deb.outputs.tags }}"
	# DOCKER_TAG=$(echo $TAGS \| awk 'NR==1{print $1}' \| cut -d':' -f2)
	# echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
	# echo "BABYLON_NODE_BRANCH=$GITHUB_HEAD_REF" >> $GITHUB_ENV
	# - name: Deploy and test on ephemeral network
	# uses: RDXWorks-actions/jenkins-job-trigger-action@master
	# with:
	# jenkins_url: "${{ env.JENKINS_URL }}"
	# jenkins_user: ${{ env.JENKINS_USER }}
	# jenkins_token: ${{ env.JENKINS_TOKEN }}
	# job_name: "ephemeral-deployments/job/ephemeral-env-deploy-and-test"
	# job_params: \|
	# {
	# "nodeDockerTag": "${{ env.DOCKER_TAG }}",
	# "babylonNodeBranch": "${{ env.BABYLON_NODE_BRANCH }}"
	# }
	# job_timeout: "3600"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'release/anemone' #4038

Workflow file

Merge branch 'release/anemone' #4038

Jobs

Run details

Workflow file for this run