Build and Release sBTC Signer main Docker Image #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Github workflow to build a multiarch docker image from pre-built binaries | |
name: Docker Image (Binary) | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 2 * * *' | |
push: | |
tags: | |
- '*' | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
packages: write | |
## Define which docker arch to build for | |
env: | |
docker_platforms: "linux/amd64" | |
docker-org: blockstack | |
latest_release: $(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name) | |
concurrency: | |
group: docker-image-${{ github.head_ref || github.ref || github.run_id }} | |
## Always cancel duplicate jobs | |
cancel-in-progress: true | |
run-name: "Build and Release sBTC Signer ${{ github.ref_name }} Docker Image" | |
jobs: | |
image: | |
name: Build Image | |
strategy: | |
fail-fast: false | |
## Build a maximum of 2 images for if / when this is extended | |
## for more distribution types. | |
max-parallel: 2 | |
matrix: | |
dist: | |
- debian | |
docker_target: | |
- signer | |
- blocklist-client | |
runs-on: ubuntu-latest | |
steps: | |
## Setup Docker for the builds | |
- name: Docker setup | |
id: docker_setup | |
uses: stacks-network/actions/docker@922078e86a42551502809ac517fd2837840433e6 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Fetch the latest release tag and put into environment variables under | |
# the key `latest_release`. | |
- name: Get latest release tag | |
id: get_latest_release | |
run: | | |
latest_release=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name) | |
echo "latest_release=$latest_release" >> $GITHUB_ENV | |
## Checkout the branch of the release provided. | |
## This requires that a release branch exists for the tag. | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
## if the repo owner is not `stacks-network`, default to a docker-org of the repo owner (i.e. github user id) | |
## this allows forks to run the docker push workflows without having to hardcode a dockerhub org (but it does require docker hub user to match github username) | |
- name: Set Local env vars | |
id: set_env | |
if: | | |
github.repository_owner != 'stacks-network' | |
run: | | |
echo "docker-org=${{ github.repository_owner }}" >> "$GITHUB_ENV" | |
## Set docker metatdata | |
## - depending on the matrix.dist, different tags will be enabled | |
## ex. debian will have this tag: `type=ref,event=tag,enable=${{ matrix.dist == 'debian' }}` | |
- name: Docker Metadata ( ${{ matrix.dist }} ) | |
id: docker_metadata | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
${{ env.docker-org }}/sbtc | |
tags: | | |
type=raw,value=${{ matrix.docker_target }}-${{ github.ref_name }}-${{ matrix.dist }} | |
type=raw,value=${{ matrix.docker_target }}-${{ github.ref_name }},enable=${{ matrix.dist == 'debian' }} | |
type=raw,value=${{ matrix.docker_target }}-latest,enable=${{ env.latest_release == github.ref_name && matrix.dist == 'debian' }} | |
type=raw,value=${{ matrix.docker_target }}-latest-${{ matrix.dist }},enable=${{ env.latest_release == github.ref_name }} | |
## Build docker image for release | |
- name: Build and Push ( ${{ matrix.dist }} ${{ matrix.docker_target }} ) | |
id: docker_build | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: ./.github/actions/dockerfiles/Dockerfile.${{ matrix.docker_target }}.${{ matrix.dist }} | |
platforms: ${{ env.docker_platforms }} | |
tags: ${{ steps.docker_metadata.outputs.tags }} | |
labels: ${{ steps.docker_metadata.outputs.labels }} | |
target: ${{ matrix.docker_target }} | |
push: true | |
build-args: | | |
GIT_COMMIT=${{ github.ref_name }} | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb #v2.1.0 | |
with: | |
subject-name: index.docker.io/${{ env.docker-org }}/sbtc | |
subject-digest: ${{ steps.docker_build.outputs.digest }} | |
push-to-registry: true |