From 77bce7bd43b5a8566a1706fa6594632023a5134d Mon Sep 17 00:00:00 2001 From: Calvin Wang Date: Mon, 18 Dec 2023 20:00:21 +1100 Subject: [PATCH 1/4] add gh workflow to publish image --- .github/workflows/publish.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..1776634 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,35 @@ +name: Publish + +on: + push: + branches: + - develop + tags: + - "v*" + +# Cancel any in-progress CI runs for a PR if it is updated +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build-image: + runs-on: ubuntu-latest + environment: publish + permissions: + id-token: write + contents: write + actions: read + steps: + - name: Checkout repo + uses: actions/checkout@v3 + - name: Build and push image + uses: ./.github/actions/build-push + with: + publish: true + app-name: timelock-worker + aws-region: ${{ secrets.AWS_REGION }} + aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} + aws-account-number: ${{ secrets.AWS_ACCOUNT_NUMBER }} + docker-registry: aws + docker-path: builds From 034ec1bbdbed15faeaa3a709c436c7fd9509147b Mon Sep 17 00:00:00 2001 From: Calvin Wang Date: Tue, 19 Dec 2023 22:28:13 +1100 Subject: [PATCH 2/4] use cicd-build-publish-artifacts-go workflow --- .github/workflows/publish.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1776634..e1c1f6b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -22,14 +22,18 @@ jobs: actions: read steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 + - name: Build and push image - uses: ./.github/actions/build-push + uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go with: - publish: true + # general inputs app-name: timelock-worker + publish: true + # aws inputs aws-region: ${{ secrets.AWS_REGION }} aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} aws-account-number: ${{ secrets.AWS_ACCOUNT_NUMBER }} + # docker inputs docker-registry: aws docker-path: builds From 85b9ed0ba2e14293bbd2216f1610789f606b1240 Mon Sep 17 00:00:00 2001 From: Calvin Wang Date: Wed, 20 Dec 2023 16:21:10 +1100 Subject: [PATCH 3/4] fix composite workflow version --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e1c1f6b..7f1e38c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@v4 - name: Build and push image - uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go + uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go@25645c21796ebb5554693fcc0d312dc88330fbe0 # cicd-build-publish-artifacts-go@0.2.0 with: # general inputs app-name: timelock-worker From 3392f79458faa392db0a9b373be94438b995319d Mon Sep 17 00:00:00 2001 From: Calvin Wang Date: Wed, 20 Dec 2023 23:30:25 +1100 Subject: [PATCH 4/4] fix workflow --- .github/workflows/publish.yml | 51 +++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7f1e38c..2d7734a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,16 +24,45 @@ jobs: - name: Checkout repo uses: actions/checkout@v4 - - name: Build and push image - uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go@25645c21796ebb5554693fcc0d312dc88330fbe0 # cicd-build-publish-artifacts-go@0.2.0 + - name: Configure aws creds + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: - # general inputs - app-name: timelock-worker - publish: true - # aws inputs + role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} + role-duration-seconds: 900 aws-region: ${{ secrets.AWS_REGION }} - aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} - aws-account-number: ${{ secrets.AWS_ACCOUNT_NUMBER }} - # docker inputs - docker-registry: aws - docker-path: builds + + - name: Login to aws ecr + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + with: + registries: ${{ secrets.AWS_ACCOUNT_NUMBER }} + + - uses: smartcontractkit/tool-versions-to-env-action@v1.0.8 + id: tool-versions + + - name: Setup go ${{ steps.tool-versions.outputs.golang_version }} + uses: actions/setup-go@v4 + with: + go-version: ${{ steps.tool-versions.outputs.golang_version }} + + - name: Setup docker buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/timelock-worker + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=short + type=semver,pattern={{version}} + + - name: Docker build and push + uses: docker/build-push-action@v3 + with: + context: . + file: builds/Dockerfile + push: true + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }}