-
Notifications
You must be signed in to change notification settings - Fork 6
305 lines (243 loc) · 9.6 KB
/
on-tag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
name: Build & deploy tag
on:
push:
tags:
- '*'
jobs:
build:
name: Build lnd
runs-on: ubuntu-18.04
strategy:
matrix:
arch:
- amd64
- arm64
- arm32v6
- arm32v7
steps:
- uses: actions/[email protected]
# Extract the tag, amd verify it was a git-tag push
# NOTE: ${TAG} ~= vX.Y.Z[-<variant>][+build<N>]
- name: Set TAG (env var)
run: |
TAG="$(echo "${GITHUB_REF}" | grep 'refs/tags/' | awk -F/ '{print $NF}')"
if [[ -z "${TAG}" ]]; then
echo "This action has to be run by a git-tag push"
exit 1
fi
echo ::debug::"${TAG}"
echo ::set-env name=TAG::"${TAG}"
- name: Set DIR (env var)
run: |
DIR="$(echo "${TAG}" | tr -d v | cut -d. -f-2)"
echo ::debug::"${DIR}"
echo ::set-env name=DIR::"${DIR}"
# Extract optional variant to be built
# NOTE: `-` prepended to TAG helps to deal with `cut` ignoring `-f` when no matches for `-d` are found.
- name: Set VARIANT (env var)
run: |
VARIANT="$(echo "-${TAG}" | cut -d- -f3- | cut -d+ -f1)"
echo ::debug::"${VARIANT}"
echo ::set-env name=VARIANT::"${VARIANT}"
- name: Print just set ENV VARs
run: |
printf "Git tag processed:\n"
printf " TAG: %s\n" "${TAG}"
printf "VARIANT: %s\n" "${VARIANT}"
printf " DIR: %s\n" "${DIR}"
- name: Apply variant patch (if any)
if: env.VARIANT != ''
run: (cd "${DIR}/" && patch < variant-${VARIANT}.patch)
- name: Set target platform
if: matrix.arch != 'amd64'
run: ./scripts/ci-set-target-image-architecture.sh "${{matrix.arch}}" "${DIR}/Dockerfile"
- name: Build lnd (v0.5.x)
if: env.DIR == 0.5
run: >
case "${{matrix.arch}}" in
arm32v6) export GOARCH=arm GOARM=6 ;;
arm32v7) export GOARCH=arm GOARM=7 ;;
*) export GOARCH="${{matrix.arch}}" ;;
esac
docker build --no-cache "${DIR}/"
--build-arg "goos=linux"
--build-arg "goarch=${GOARCH}"
--build-arg "goarm=${GOARM}"
--tag "lnd:${{matrix.arch}}"
- name: Build lnd (v0.6.x)
if: env.DIR == 0.6
run: >
case "${{matrix.arch}}" in
arm32v6) export ARCH='linux-armv6' ;;
arm32v7) export ARCH='linux-armv7' ;;
*) export ARCH="linux-${{matrix.arch}}" ;;
esac
docker build --no-cache "${DIR}/"
--build-arg "arch=${ARCH}"
--tag "lnd:${{matrix.arch}}"
- name: Build lnd
if: env.DIR != 0.5 && env.DIR != 0.6
env:
DOCKER_BUILDKIT: 1
run: >
docker build --no-cache "${DIR}/"
--build-arg "goarch=${{matrix.arch}}"
--label arch="${{matrix.arch}}"
--label commit="${{github.sha}}"
--label git-tag="${TAG}"
--label guilty="${{github.actor}}"
--label repo-url="${{github.repositoryUrl}}"
--label variant="${VARIANT}"
--tag "lnd:${{matrix.arch}}"
- name: Show built image details
run: docker images lnd
- name: Save image to a .tgz file
run: |
mkdir -p image/
docker save "lnd:${{matrix.arch}}" | gzip > "image/docker-lnd-${TAG}-${{matrix.arch}}.tgz"
- name: Print sha256sum of produced Docker image
run: sha256sum image/*
- name: Add Docker image as build artifact
uses: actions/[email protected]
with:
name: docker-images
path: image/
- name: Extract binaries from the built image
run: |
mkdir -p binaries/
ID=$(docker create "lnd:${{matrix.arch}}")
docker cp "${ID}:/bin/lnd" binaries/
docker cp "${ID}:/bin/lncli" binaries/
docker rm "${ID}"
for f in binaries/*; do
gzip "${f}"
mv "${f}.gz" "${f}-${TAG}-${{matrix.arch}}.gz"
done
- name: Print sha256sum of extracted binaries
run: sha256sum binaries/*
- name: Add raw binaries as build artifacts
uses: actions/[email protected]
with:
name: binaries
path: binaries/
test:
name: Check sanity of images
runs-on: ubuntu-18.04
needs: build
steps:
- name: Download build artifact
uses: actions/[email protected]
with:
name: docker-images
- name: Print sha256sum of all Docker images
run: sha256sum docker-images/*
- name: Register self-compiled qemu
run: docker run --rm --privileged "meedamian/simple-qemu:v4.1.0" -p yes
- name: Load all images locally
run: ls -d docker-images/* | xargs -I % docker load -i "%"
- name: List all tagged images
run: docker images lnd
- name: Run sanity checks
run: |
for tag in $(docker images lnd --format "{{.Tag}}"); do
echo
echo "~~~~~ lnd:${tag} ~~~~~"
docker inspect "lnd:${tag}" | jq '.'
docker run --rm "lnd:${tag}" --version
docker run --rm --entrypoint=lncli "lnd:${tag}" --version
docker run --rm --entrypoint=uname "lnd:${tag}" -a
docker run --rm --entrypoint=cat "lnd:${tag}" /etc/os-release
docker run --rm --entrypoint=sha256sum "lnd:${tag}" /bin/lnd /bin/lncli
docker run --rm --entrypoint=sh "lnd:${tag}" -c 'apk add --no-cache file && file /bin/lnd /bin/lncli'
done
docker-hub:
name: Tag & deploy to Docker Hub. Only after successful build & test.
runs-on: ubuntu-18.04
needs: test
steps:
- uses: actions/[email protected]
- name: Setup environment
run: |
echo ::set-env name=DOCKER_USER::"${GITHUB_ACTOR,,}"
echo ::set-env name=SLUG::"$(echo ${GITHUB_REPOSITORY,,} | sed 's/docker-//')"
TAG="$(echo "${GITHUB_REF}" | grep 'refs/tags/' | awk -F/ '{print $NF}')"
VERSION="$(echo "${TAG}" | cut -d+ -f1)"
echo ::set-env name=VERSION::"${VERSION}"
BUILD="$(echo "+${TAG}" | cut -d+ -f3)"
if [[ -z "${BUILD}" ]]; then
echo "ERR '+build<N>' must be appended to the git tag"
exit 1
fi
echo ::set-env name=BUILD::"${BUILD}"
- name: Print just set ENV VARs
run: |
printf "Just set env vars:\n"
printf " TAG: %s\n" "${TAG}"
printf " SLUG: %s\n" "${SLUG}"
printf "VERSION: %s\n" "${VERSION}"
printf " BUILD: %s\n" "${BUILD}"
- name: Enable manifests
run: |
mkdir -p ~/.docker
echo '{ "experimental": "enabled" }' > ~/.docker/config.json
sudo systemctl restart docker
docker version
- name: Login to Docker Hub
run: |
echo "Logging in as ${DOCKER_USER}…"
echo "${{secrets.DOCKER_TOKEN}}" | docker login -u="${DOCKER_USER}" --password-stdin
- name: Download images built in build job
uses: actions/[email protected]
with:
name: docker-images
- name: Print sha256sum of all Docker images
run: sha256sum docker-images/*
- name: Load all images locally
run: ls -d docker-images/* | xargs -I % docker load -i "%"
# No short tags. lnd releases are quite chaotic, it's better to no provide convenience that can easily backfire.
- name: Version-tag all images
run: |
for arch in $(docker images lnd --format "{{.Tag}}"); do
docker tag "lnd:${arch}" "${SLUG}:${VERSION}-${arch}-${BUILD}"
docker tag "lnd:${arch}" "${SLUG}:${VERSION}-${arch}"
done
- name: List all tagged images
run: docker images "${SLUG}"
- name: Push all images
run: docker images "${SLUG}" --format "{{.Repository}}:{{.Tag}}" | xargs -I % docker push %
- name: Create manifest
run: >
docker -D manifest create "${SLUG}:${VERSION}" \
"${SLUG}:${VERSION}-amd64" \
"${SLUG}:${VERSION}-arm64" \
"${SLUG}:${VERSION}-arm32v6" \
"${SLUG}:${VERSION}-arm32v7"
- name: Annotate arm32v6
run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm32v6" --os linux --arch arm --variant v6
- name: Annotate arm32v7
run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm32v7" --os linux --arch arm --variant v7
- name: Annotate arm64v8
run: docker manifest annotate "${SLUG}:${VERSION}" "${SLUG}:${VERSION}-arm64" --os linux --arch arm64 --variant v8
- name: Print manifest's details
run: docker manifest inspect "${SLUG}:${VERSION}" | jq '.'
- name: Push manifest
run: docker manifest push "${SLUG}:${VERSION}"
- name: Sync README.md and Description to Docker Hub
uses: meeDamian/[email protected]
with:
pass: ${{secrets.DOCKER_TOKEN}}
slug: ${{env.SLUG}}
description: true
- name: Download binaries from prev job
uses: actions/[email protected]
with:
name: binaries
- name: Upload all artifact to Github Release
uses: meeDamian/[email protected]
with:
token: ${{secrets.GITHUB_TOKEN}}
prerelease: true
gzip: false
files: >
docker-images/*
binaries/*