ci: build images reuse workflow

jstz-dev · Jan 23, 2025 · 8f96fcb · 8f96fcb
1 parent ded286e
commit 8f96fcb
Show file tree

Hide file tree

Showing 3 changed files with 155 additions and 93 deletions.
diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml
@@ -12,6 +12,9 @@ inputs:
   octez-tag:
     description: "tezos/tezos docker tag to be used"
     required: true
+  ref:
+    description: target ref, default to main
+    required: false
   docker_registry:
     description: Docker registry
     required: true
@@ -37,6 +40,8 @@ runs:
   using: "composite"
   steps:
     - uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.ref }}
     - run: echo "${{ runner.temp }}"
       shell: bash
     - name: Set up Docker Buildx

diff --git a/.github/workflows/docker-multiplatform.yml b/.github/workflows/docker-multiplatform.yml
@@ -0,0 +1,125 @@
+name: Build multiplatform docker image
+
+on:
+  workflow_call:
+    inputs:
+      octez-tag:
+        description: "tezos/tezos docker tag to be used"
+        required: true
+        type: string
+      ref:
+        description: target ref, default to main
+        required: false
+        type: string
+      docker_registry:
+        description: Docker registry
+        required: true
+        type: string
+      docker_image_base:
+        description: Docker image base
+        required: true
+        type: string
+      image:
+        description: Image
+        required: true
+        type: string
+      dockerfile:
+        description: Dockerfile
+        required: true
+        type: string
+      kernel_artifact_name:
+        description: Kernel artifact name
+        required: true
+        type: string
+    outputs:
+      tag:
+        description: "docker image tag"
+        value: ${{ jobs.merge.outputs.tag }}
+
+jobs:
+  build-docker-arm64:
+    name: Build (Docker arm64)
+    runs-on: ubuntu-24.04-arm
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Build
+        uses: jstz-dev/jstz/.github/actions/build-docker-image@huanchengchang-jstz-286
+        with:
+          platform: linux
+          arch: arm64
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          octez-tag: ${{ inputs.octez-tag }}
+          ref: ${{ inputs.ref }}
+          docker_registry: ${{ inputs.docker_registry }}
+          docker_registry_username: ${{ github.actor }}
+          docker_registry_password: ${{ secrets.GITHUB_TOKEN }}
+          docker_image_base: ${{ inputs.docker_image_base }}
+          image: ${{ inputs.image }}
+          dockerfile: ${{ inputs.dockerfile }}
+          kernel_artefact_name: ${{ inputs.kernel_artifact_name }}
+  build-docker-amd64:
+    name: Build (Docker amd64)
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Build
+        uses: jstz-dev/jstz/.github/actions/build-docker-image@huanchengchang-jstz-286
+        with:
+          platform: linux
+          arch: amd64
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          octez-tag: ${{ inputs.octez-tag }}
+          ref: ${{ inputs.ref }}
+          docker_registry: ${{ inputs.docker_registry }}
+          docker_registry_username: ${{ github.actor }}
+          docker_registry_password: ${{ secrets.GITHUB_TOKEN }}
+          docker_image_base: ${{ inputs.docker_image_base }}
+          image: ${{ inputs.image }}
+          dockerfile: ${{ inputs.dockerfile }}
+          kernel_artefact_name: ${{ inputs.kernel_artifact_name }}
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build-docker-amd64
+      - build-docker-arm64
+    outputs:
+      tag: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests/${{ inputs.image }}
+          pattern: digests-${{ inputs.image }}-*
+          merge-multiple: true
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ inputs.docker_registry }}/${{ inputs.docker_image_base }}/${{ inputs.image }}
+          tags: |
+            type=ref,event=tag
+            {{sha}}
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests/${{ inputs.image }}
+        run: |
+          docker buildx imagetools create -t ${{ fromJson(steps.meta.outputs.json).tags[0] }} \
+            $(printf '${{ inputs.docker_registry }}/${{ inputs.docker_image_base }}/${{ inputs.image }}@sha256:%s ' *)
+      - name: Inspect image
+        id: inspect-image
+        run: |
+          docker buildx imagetools inspect "${{ fromJson(steps.meta.outputs.json).tags[0] }}"
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,24 +1,28 @@
 name: Build docker image for subsequent jobs
 
 on:
-  push:
-    tags:
-      - "*"
-
   # For manually rebuilding the images
   workflow_dispatch:
     inputs:
       octez-tag:
         description: "tezos/tezos docker tag to be used"
         required: true
         type: string
+      ref:
+        description: target ref, default to main
+        required: false
+        type: string
 
   workflow_call:
     inputs:
       octez-tag:
         description: "tezos/tezos docker tag to be used"
         required: true
         type: string
+      ref:
+        description: target ref, default to main
+        required: false
+        type: string
     outputs:
       jstz-cli:
         description: "jstz docker image tag"
@@ -33,16 +37,14 @@ on:
         description: "jstzd docker image tag"
         value: ${{ jobs.build-docker.outputs.jstzd }}
 
-env:
-  DOCKER_REGISTRY: ghcr.io
-  DOCKER_IMAGE_BASE: jstz-dev/jstz
-
 jobs:
   build-kernel:
     name: Build (Kernel)
     runs-on: [x86_64, linux, nix]
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
       - run: nix --version
       - name: Format
         run: nix --accept-flake-config fmt -- --fail-on-change
@@ -56,96 +58,26 @@ jobs:
         with:
           name: jstz-kernel
           path: result/lib/jstz_kernel.wasm
-
-  build-docker-arm64:
-    name: Build (Docker arm64)
+  build-image:
+    name: Build image
     needs: [build-kernel]
-    runs-on: ubuntu-24.04-arm
-    permissions:
-      contents: read
-      packages: write
     strategy:
       matrix:
         include:
           - image: jstz-rollup
             dockerfile: ./crates/jstz_rollup/Dockerfile
-    steps:
-      - uses: jstz-dev/jstz/.github/actions/build-docker-image@huanchengchang-jstz-286
-        with:
-          platform: linux
-          arch: arm64
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          octez-tag: ${{ inputs.octez-tag }}
-          docker_registry: ${{ env.DOCKER_REGISTRY }}
-          docker_registry_username: ${{ github.actor }}
-          docker_registry_password: ${{ secrets.GITHUB_TOKEN }}
-          docker_image_base: ${{ env.DOCKER_IMAGE_BASE }}
-          image: ${{ matrix.image }}
-          dockerfile: ${{ matrix.dockerfile }}
-          kernel_artefact_name: jstz-kernel
-  build-docker-amd64:
-    name: Build (Docker amd64)
-    needs: [build-kernel]
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      packages: write
-    strategy:
-      matrix:
-        include:
-          - image: jstz-rollup
-            dockerfile: ./crates/jstz_rollup/Dockerfile
-    steps:
-      - uses: jstz-dev/jstz/.github/actions/build-docker-image@huanchengchang-jstz-286
-        with:
-          platform: linux
-          arch: amd64
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          octez-tag: ${{ inputs.octez-tag }}
-          docker_registry: ${{ env.DOCKER_REGISTRY }}
-          docker_registry_username: ${{ github.actor }}
-          docker_registry_password: ${{ secrets.GITHUB_TOKEN }}
-          docker_image_base: ${{ env.DOCKER_IMAGE_BASE }}
-          image: ${{ matrix.image }}
-          dockerfile: ${{ matrix.dockerfile }}
-          kernel_artefact_name: jstz-kernel
-  merge:
+    uses: jstz-dev/jstz/.github/workflows/docker-multiplatform.yml@huanchengchang-jstz-286
+    with:
+      octez-tag: ${{ inputs.octez-tag }}
+      ref: ${{ inputs.ref }}
+      docker_registry: ghcr.io
+      docker_image_base: jstz-dev/jstz
+      image: ${{ matrix.image }}
+      dockerfile: ${{ matrix.dockerfile }}
+      kernel_artifact_name: jstz-kernel
+    secrets: inherit
+  test:
+    needs: build-image
     runs-on: ubuntu-latest
-    needs:
-      - build-docker-amd64
-      - build-docker-arm64
-    strategy:
-      matrix:
-        include:
-          - image: jstz-rollup
     steps:
-      - name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          path: ${{ runner.temp }}/digests/${{ matrix.image }}
-          pattern: digests-${{ matrix.image }}-*
-          merge-multiple: true
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Extract metadata
-        id: meta
-        uses: docker/metadata-action@v3
-        with:
-          images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_BASE }}/${{ matrix.image }}
-          tags: |
-            type=ref,event=tag
-            {{sha}}
-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests/${{ matrix.image }}
-        run: |
-          docker buildx imagetools create -t ${{ fromJson(steps.meta.outputs.json).tags[0] }} \
-            $(printf '${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_BASE }}/${{ matrix.image }}@sha256:%s ' *)
-      - name: Inspect image
-        run: |
-          docker buildx imagetools inspect ${{ fromJson(steps.meta.outputs.json).tags[0] }}
+      - run: echo ${{ needs.build-image.outputs.tag }}