Docker #4419
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow builds docker images on 'master' and for all release tags. The | |
# 'latest' docker tag on the registry will always point to the latest pushed | |
# version, likely the one built from 'master', so referring to the versioned | |
# images is suggested. | |
name: Docker | |
# Limit concurrent runs of this workflow within a single PR | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: [ "master" ] | |
tags: [ "*.*.*" ] | |
workflow_dispatch: | |
inputs: | |
ref_name: | |
type: string | |
description: 'Point-in-time to build the custom docker images' | |
required: true | |
default: "master" | |
permissions: | |
packages: write | |
jobs: | |
docker: | |
strategy: | |
matrix: | |
target: [ hydra-node, hydra-tui, hydraw ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: 📥 Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.ref_name || '' }} | |
- name: 🐳 Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: ❄ Prepare nix | |
uses: cachix/install-nix-action@v30 | |
with: | |
extra_nix_config: | | |
accept-flake-config = true | |
log-lines = 1000 | |
- name: ❄ Cachix cache of nix derivations | |
uses: cachix/cachix-action@v15 | |
with: | |
name: cardano-scaling | |
authToken: '${{ secrets.CACHIX_CARDANO_SCALING_AUTH_TOKEN }}' | |
- name: 🔨 Build image using nix | |
run: | | |
IMAGE_NAME=ghcr.io/${{github.repository_owner}}/${{matrix.target}} | |
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV | |
nix build .#docker-${{ matrix.target }} | |
./result | docker load | |
IMAGE_LABEL=unstable | |
BUILDING_WORKFLOW_DISPATCH=${{github.event_name == 'workflow_dispatch'}} | |
[[ ${BUILDING_WORKFLOW_DISPATCH} = true ]] && \ | |
IMAGE_LABEL=workflow_dispatch-${{github.event.inputs.ref_name}} | |
IS_TAG=${{github.ref_type == 'tag'}} | |
# Only build say we are building a tag if it's a tag _and_ not part of a | |
# workflow-dispatch task | |
[[ ${IS_TAG} = true && ${BUILDING_WORKFLOW_DISPATCH} = false ]] && \ | |
BUILDING_TAG=true || | |
BUILDING_TAG=false | |
# Determine whether we are building a tag and if yes, set a VERSION_NAME | |
[[ ${BUILDING_TAG} = true ]] && \ | |
VERSION_NAME=${{github.ref_name}} | |
# Use 'FROM' instruction to use docker build with --label | |
echo "FROM ${{matrix.target}}" | docker build \ | |
--label org.opencontainers.image.source=https://github.com/cardano-scaling/hydra \ | |
--label org.opencontainers.image.licenses=Apache-2.0 \ | |
--label org.opencontainers.image.created=$(date -Is) \ | |
--label org.opencontainers.image.revision=${{github.sha}} \ | |
--label org.opencontainers.image.version=${VERSION_NAME:-${IMAGE_LABEL}} \ | |
--tag ${IMAGE_NAME}:${IMAGE_LABEL} - | |
# Also tag with semver and 'latest' if we are building a tag | |
[[ ${BUILDING_TAG} = true && ${{matrix.target}} != "hydraw" ]] && \ | |
docker tag ${IMAGE_NAME}:${IMAGE_LABEL} ${IMAGE_NAME}:${{github.ref_name}} | |
[[ ${BUILDING_TAG} = true ]] && \ | |
docker tag ${IMAGE_NAME}:${IMAGE_LABEL} ${IMAGE_NAME}:latest | |
docker images | |
docker inspect ${IMAGE_NAME}:${IMAGE_LABEL} | |
- name: 📤 Push to registry | |
run: | | |
docker push -a ${IMAGE_NAME} |