11name : CI
22env :
3- REGISTRY : ghcr.io
4- IMAGE_NAME : ${{ github.repository }}
53 ALLOWED_URIS : " https://github.com https://api.github.com"
64 TRUSTED_PUBLIC_KEYS : " cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
75 SUBSTITUTERS : " https://cache.nixos.org/ https://cache.iog.io"
4543name : ➤💾 Export Nix store cache
4644 if : " steps.nix-cache.outputs.cache-hit != 'true'"
4745 run : " nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
48-
46+
4947 compile :
5048 name : Build libraries
5149 runs-on : ubuntu-22.04
@@ -72,49 +70,12 @@ jobs:
7270name : 💾➤ Import Nix store cache
7371 if : " steps.nix-cache.outputs.cache-hit == 'true'"
7472 run : " nix-store --import < /tmp/nixcache"
75- - name : 🏗️ Build `exe:leios`
76- run : |
77- nix build --show-trace --accept-flake-config .#leios
7873 - name : 🏗️ Build `exe:ouroboros-net-vis`
7974 run : |
8075 nix build --show-trace --accept-flake-config .#ouroboros-net-vis
8176name : ➤💾 Export Nix store cache
8277 if : " steps.nix-cache.outputs.cache-hit != 'true'"
8378 run : " nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
84-
85- tests :
86- if : true
87- name : Run tests
88- runs-on : ubuntu-22.04
89- steps :
90- - name : 📥 Checkout repository
91- uses : actions/checkout@v4
92- - name : 💾 Cache Nix store
93- 94- id : nix-cache
95- with :
96- path : /tmp/nixcache
97- key : ${{ runner.os }}-nix-tests-${{ hashFiles('flake.lock') }}
98- restore-keys : ${{ runner.os }}-nix-tests-
99- - name : 🛠️ Install Nix
100- uses : cachix/install-nix-action@v21
101- with :
102- nix_path : nixpkgs=channel:nixos-unstable
103- install_url : https://releases.nixos.org/nix/nix-2.10.3/install
104- extra_nix_config : |
105- allowed-uris = ${{ env.ALLOWED_URIS }}
106- trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
107- substituters = ${{ env.SUBSTITUTERS }}
108- experimental-features = nix-command flakes
109- name : 💾➤ Import Nix store cache
110- if : " steps.nix-cache.outputs.cache-hit == 'true'"
111- run : " nix-store --import < /tmp/nixcache"
112- - name : 🔬 Test with `leios-sim-test`
113- run : |
114- nix run --accept-flake-config .#leios-sim-test
115- name : ➤💾 Export Nix store cache
116- if : " steps.nix-cache.outputs.cache-hit != 'true'"
117- run : " nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
11879
11980 build-docusaurus :
12081 runs-on : ubuntu-22.04
@@ -164,130 +125,3 @@ jobs:
164125 github_token : ${{ secrets.GITHUB_TOKEN || github.token }}
165126 publish_dir : ./github-pages
166127 cname : leios.cardano-scaling.org
167-
168- build-and-push-image :
169- runs-on : ubuntu-latest
170- # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
171- permissions :
172- contents : read
173- packages : write
174- attestations : write
175- id-token : write
176-
177- steps :
178- - name : 📥 Checkout repository
179- uses : actions/checkout@v4
180-
181- # Uses the `docker/login-action` action to log in to the
182- # Container registry registry using the account and password
183- # that will publish the packages. Once published, the packages
184- # are scoped to the account defined here.
185- - name : 🛠️ Set up Docker Buildx
186- uses : docker/setup-buildx-action@v3
187-
188- - name : 👮 Log in to Google Cloud
189- id : auth
190- uses : ' google-github-actions/auth@v2'
191- with :
192- token_format : access_token
193- credentials_json : ' ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}'
194- access_token_lifetime : 3600s # need to be long enough for docker build to finish
195-
196- - name : 👮 Log in to the Container registry
197- uses : docker/login-action@v3
198- with :
199- registry : ${{ env.REGISTRY }}
200- username : ${{ github.actor }}
201- password : ${{ secrets.GITHUB_TOKEN }}
202-
203- # This step uses
204- # [docker/metadata-action](https://github.com/docker/metadata-action#about)
205- # to extract tags and labels that will be applied to the
206- # specified image. The `id` "meta" allows the output of this
207- # step to be referenced in a subsequent step. The `images` value
208- # provides the base name for the tags and labels.
209- - name : 🛻 Extract metadata (tags, labels) for Docker
210- id : meta
211- uses : docker/metadata-action@v5
212- with :
213- images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
214-
215- # This step uses the `docker/build-push-action` action to build
216- # the image, based on your repository's `Dockerfile`. If the
217- # build succeeds, it pushes the image to GitHub Packages. It
218- # uses the `context` parameter to define the build's context as
219- # the set of files located in the specified path. For more
220- # information, see
221- # "[Usage](https://github.com/docker/build-push-action#usage)"
222- # in the README of the `docker/build-push-action` repository.
223- # It uses the `tags` and `labels` parameters to tag and label
224- # the image with the output from the "meta" step.
225- - name : 🏗️ Build and push image to GHCR
226- id : push
227- uses : docker/build-push-action@v5
228- with :
229- context : .
230- push : true
231- tags : ${{ steps.meta.outputs.tags }}
232- labels : ${{ steps.meta.outputs.labels }}
233- cache-from : type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache
234- cache-to : type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache,mode=max
235-
236- - name : 👮 Login to Artifact Registry
237- uses : docker/login-action@v1
238- with :
239- registry : us-east1-docker.pkg.dev
240- username : oauth2accesstoken
241- password : ${{ steps.auth.outputs.access_token }}
242-
243- - name : 📦 Push to GCR
244- run : |-
245- docker pull $image_tag
246- docker tag $image_tag "us-east1-docker.pkg.dev/iog-hydra/leios-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
247- docker push "us-east1-docker.pkg.dev/iog-hydra/leios-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
248- env :
249- image_id : ${{ steps.push.outputs.imageid }}
250- image_tag : ${{ steps.meta.outputs.tags }}
251-
252- # This step generates an artifact attestation for the image,
253- # which is an unforgeable statement about where and how it was
254- # built. It increases supply chain security for people who
255- # consume the image. For more information, see
256- # "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
257- - name : Generate artifact attestation
258- uses : actions/attest-build-provenance@v1
259- with :
260- subject-name : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
261- subject-digest : ${{ steps.push.outputs.digest }}
262- push-to-registry : true
263-
264- # deploy built server to Gcloud run action when pushing to main
265- deploy-server :
266- # if: github.event_name == 'push' && github.ref == 'refs/heads/main'
267- runs-on : ubuntu-latest
268- needs :
269- - build-and-push-image
270- permissions :
271- contents : read
272- packages : read
273-
274- steps :
275- - name : 📥 Checkout repository
276- uses : ' actions/checkout@v4'
277-
278- - name : 👮 Log in to Google Cloud
279- id : auth
280- uses : ' google-github-actions/auth@v2'
281- with :
282- credentials_json : ' ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}'
283-
284- - name : 🚀 Deploy to Cloud Run
285- id : ' deploy'
286- uses : ' google-github-actions/deploy-cloudrun@v2'
287- with :
288- service : ' leios-server'
289- image : ' us-east1-docker.pkg.dev/iog-hydra/leios-docker/${{ env.IMAGE_NAME}}:${{ github.sha }}'
290- region : ' us-east1'
291-
292- - name : 🔬 'Use output'
293- run : ' curl -v -L "${{ steps.deploy.outputs.url }}"'
0 commit comments