on-tag.yml

name: Build & deploy tag

on:
  push:
    tags:
      - '*'

jobs:
  build:
    name: Build lnd
    runs-on: ubuntu-18.04
    strategy:
      matrix:
        arch:
          - amd64
          - arm64
          - arm32v6
          - arm32v7

    steps:
      - uses: actions/checkout@v1.0.0

      # Extract the tag, amd verify it was a git-tag push
      #   NOTE: ${TAG} ~= vX.Y.Z[-<variant>][+build<N>]
      - name: Set TAG (env var)
        run: |
          TAG="$(echo "${GITHUB_REF}" | grep 'refs/tags/' | awk -F/ '{print $NF}')"
          if [[ -z "${TAG}" ]]; then
            echo "This action has to be run by a git-tag push"
            exit 1
          fi

          echo ::debug::"${TAG}"
          echo ::set-env name=TAG::"${TAG}"

      - name: Set DIR (env var)
        run: |
          DIR="$(echo "${TAG}" | tr -d v | cut -d. -f-2)"

          echo ::debug::"${DIR}"
          echo ::set-env name=DIR::"${DIR}"

      # Extract optional variant to be built
      #   NOTE: `-` prepended to TAG helps to deal with `cut` ignoring `-f` when no matches for `-d` are found.
      - name: Set VARIANT (env var)
        run: |
          VARIANT="$(echo "-${TAG}" | cut -d- -f3- | cut -d+ -f1)"

          echo ::debug::"${VARIANT}"
          echo ::set-env name=VARIANT::"${VARIANT}"

      - name: Print just set ENV VARs
        run: |
          printf "Git tag processed:\n"
          printf "    TAG: %s\n"  "${TAG}"
          printf "VARIANT: %s\n"  "${VARIANT}"
          printf "    DIR: %s\n"  "${DIR}"

      - name: Apply variant patch (if any)
        if: env.VARIANT != ''
        run: (cd "${DIR}/"  &&  patch < variant-${VARIANT}.patch)

      - name: Set target platform
        if: matrix.arch != 'amd64'
        run: ./scripts/ci-set-target-image-architecture.sh  "${{matrix.arch}}"  "${DIR}/Dockerfile"

      - name: Build lnd (v0.5.x)
        if: env.DIR == 0.5
        run: >
          case "${{matrix.arch}}" in
          arm32v6) export GOARCH=arm GOARM=6        ;;
          arm32v7) export GOARCH=arm GOARM=7        ;;
          *)       export GOARCH="${{matrix.arch}}" ;;
          esac

          docker build --no-cache "${DIR}/"
          --build-arg "goos=linux"
          --build-arg "goarch=${GOARCH}"
          --build-arg "goarm=${GOARM}"
          --tag       "lnd:${{matrix.arch}}"

      - name: Build lnd (v0.6.x)
        if: env.DIR == 0.6
        run: >
          case "${{matrix.arch}}" in
          arm32v6) export ARCH='linux-armv6'            ;;
          arm32v7) export ARCH='linux-armv7'            ;;
          *)       export ARCH="linux-${{matrix.arch}}" ;;
          esac

          docker build --no-cache "${DIR}/"
          --build-arg "arch=${ARCH}"
          --tag       "lnd:${{matrix.arch}}"

      - name: Build lnd
        if: env.DIR != 0.5 && env.DIR != 0.6
        env:
          DOCKER_BUILDKIT: 1
        run: >
          docker build --no-cache "${DIR}/"
          --build-arg "goarch=${{matrix.arch}}"
          --label     arch="${{matrix.arch}}"
          --label     commit="${{github.sha}}"
          --label     git-tag="${TAG}"
          --label     guilty="${{github.actor}}"
          --label     repo-url="${{github.repositoryUrl}}"
          --label     variant="${VARIANT}"
          --tag       "lnd:${{matrix.arch}}"

      - name: Show built image details
        run: docker images lnd

      - name: Save image to a .tgz file
        run: |
          mkdir -p image/
          docker save "lnd:${{matrix.arch}}" | gzip > "image/docker-lnd-${TAG}-${{matrix.arch}}.tgz"

      - name: Print sha256sum of produced Docker image
        run: sha256sum image/*

      - name: Add Docker image as build artifact
        uses: actions/upload-artifact@v1.0.0
        with:
          name: docker-images
          path: image/

      - name: Extract binaries from the built image
        run: |
          mkdir -p binaries/
          ID=$(docker create "lnd:${{matrix.arch}}")
          docker cp  "${ID}:/bin/lnd"    binaries/
          docker cp  "${ID}:/bin/lncli"  binaries/
          docker rm  "${ID}"

          for f in binaries/*; do
            gzip "${f}"
            mv "${f}.gz" "${f}-${TAG}-${{matrix.arch}}.gz"
          done

      - name: Print sha256sum of extracted binaries
        run: sha256sum binaries/*

      - name: Add raw binaries as build artifacts
        uses: actions/upload-artifact@v1.0.0
        with:
          name: binaries
          path: binaries/


  test:
    name: Check sanity of images
    runs-on: ubuntu-18.04
    needs: build

    steps:
      - name: Download build artifact
        uses: actions/download-artifact@v1.0.0
        with:
          name: docker-images

      - name: Print sha256sum of all Docker images
        run: sha256sum docker-images/*

      - name: Register self-compiled qemu
        run: docker run --rm --privileged "meedamian/simple-qemu:v4.1.0" -p yes

      - name: Load all images locally
        run: ls -d docker-images/* | xargs -I %  docker load -i "%"

      - name: List all tagged images
        run: docker images lnd

      - name: Run sanity checks
        run: |
          for tag in $(docker images lnd --format "{{.Tag}}"); do
            echo
            echo "~~~~~ lnd:${tag} ~~~~~"
            docker inspect "lnd:${tag}" | jq '.'

            docker run --rm                         "lnd:${tag}" --version
            docker run --rm --entrypoint=lncli      "lnd:${tag}" --version

            docker run --rm --entrypoint=uname      "lnd:${tag}" -a
            docker run --rm --entrypoint=cat        "lnd:${tag}" /etc/os-release
            docker run --rm --entrypoint=sha256sum  "lnd:${tag}" /bin/lnd /bin/lncli

            docker run --rm --entrypoint=sh         "lnd:${tag}" -c 'apk add --no-cache file && file /bin/lnd /bin/lncli'
          done


  docker-hub:
    name: Tag & deploy to Docker Hub.  Only after successful build & test.

    runs-on: ubuntu-18.04
    needs: test
    steps:
      - uses: actions/checkout@v1.0.0

      - name: Setup environment
        run: |
          echo ::set-env name=DOCKER_USER::"${GITHUB_ACTOR,,}"
          echo ::set-env name=SLUG::"$(echo ${GITHUB_REPOSITORY,,} | sed 's/docker-//')"

          TAG="$(echo "${GITHUB_REF}" | grep 'refs/tags/' | awk -F/ '{print $NF}')"

          VERSION="$(echo "${TAG}" | cut -d+ -f1)"
          echo ::set-env name=VERSION::"${VERSION}"

          BUILD="$(echo "+${TAG}" | cut -d+ -f3)"
          if [[ -z "${BUILD}" ]]; then
            echo "ERR '+build<N>' must be appended to the git tag"
            exit 1
          fi
          echo ::set-env name=BUILD::"${BUILD}"

      - name: Print just set ENV VARs
        run: |
          printf "Just set env vars:\n"
          printf "    TAG: %s\n"  "${TAG}"
          printf "   SLUG: %s\n"  "${SLUG}"
          printf "VERSION: %s\n"  "${VERSION}"
          printf "  BUILD: %s\n"  "${BUILD}"

      - name: Enable manifests
        run: |
          mkdir -p ~/.docker

          echo '{ "experimental": "enabled" }' > ~/.docker/config.json
          sudo systemctl restart docker
          docker version

      - name: Login to Docker Hub
        run: |
          echo "Logging in as ${DOCKER_USER}…"
          echo "${{secrets.DOCKER_TOKEN}}" | docker login -u="${DOCKER_USER}" --password-stdin

      - name: Download images built in build job
        uses: actions/download-artifact@v1.0.0
        with:
          name: docker-images

      - name: Print sha256sum of all Docker images
        run: sha256sum docker-images/*

      - name: Load all images locally
        run: ls -d docker-images/* | xargs -I %  docker load -i "%"

      # No short tags.  lnd releases are quite chaotic, it's better to no provide convenience that can easily backfire.
      - name: Version-tag all images
        run: |
          for arch in $(docker images lnd --format "{{.Tag}}"); do
            docker tag  "lnd:${arch}"  "${SLUG}:${VERSION}-${arch}-${BUILD}"
            docker tag  "lnd:${arch}"  "${SLUG}:${VERSION}-${arch}"
          done

      - name: List all tagged images
        run: docker images "${SLUG}"

      - name: Push all images
        run: docker images "${SLUG}" --format "{{.Repository}}:{{.Tag}}" | xargs -I %  docker push %

      - name: Create manifest
        run: >
          docker -D manifest create  "${SLUG}:${VERSION}"  \
            "${SLUG}:${VERSION}-amd64" \
            "${SLUG}:${VERSION}-arm64" \
            "${SLUG}:${VERSION}-arm32v6" \
            "${SLUG}:${VERSION}-arm32v7"

      - name: Annotate arm32v6
        run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm32v6" --os linux --arch arm   --variant v6

      - name: Annotate arm32v7
        run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm32v7" --os linux --arch arm   --variant v7

      - name: Annotate arm64v8
        run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm64"   --os linux --arch arm64 --variant v8

      - name: Print manifest's details
        run: docker manifest inspect "${SLUG}:${VERSION}" | jq '.'

      - name: Push manifest
        run: docker manifest push "${SLUG}:${VERSION}"

      - name: Sync README.md and Description to Docker Hub
        uses: meeDamian/sync-readme@v1.0.5
        with:
          pass: ${{secrets.DOCKER_TOKEN}}
          slug: ${{env.SLUG}}
          description: true

      - name: Download binaries from prev job
        uses: actions/download-artifact@v1.0.0
        with:
          name: binaries

      - name: Upload all artifact to Github Release
        uses: meeDamian/github-release@v1.0.1
        with:
          token: ${{secrets.GITHUB_TOKEN}}
          prerelease: true
          gzip: false
          files: >
            docker-images/*
            binaries/*