Skip to content

Commit

Permalink
ci: single platform build
Browse files Browse the repository at this point in the history
  • Loading branch information
0xawaz committed Nov 27, 2024
1 parent faa0da6 commit e14009e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 93 deletions.
93 changes: 4 additions & 89 deletions .github/workflows/common-docker.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Docker Build and Push
name: Docker Build, Scan and Push

on:
workflow_call:
Expand All @@ -22,12 +22,6 @@ on:
image-name:
type: string
required: true
image-dev-name:
type: string
required: false
image-dev-description:
type: string
required: false
push_image:
type: boolean
default: true
Expand All @@ -36,18 +30,10 @@ on:
type: string
required: false
default: "ubuntu-latest"
generate-dev-image:
type: boolean
default: false
required: false
docker-file:
type: string
default: "ci.dockerfile"
required: false
docker-file-dev:
type: string
default: "dev.dockerfile"
required: false
graviton-build-host:
type: string
required: false
Expand All @@ -67,7 +53,7 @@ on:
outputs:
image_name:
description: "Image Name with Tag generated by this task"
value: "${{ jobs.build-and-push-docker.outputs.image_name }}"
value: "${{ jobs.build.outputs.image_name }}"

jobs:
build:
Expand All @@ -85,12 +71,6 @@ jobs:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
failure-threshold: none

- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
if: ${{ inputs.generate-dev-image }}
with:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
failure-threshold: none

- name: Set up SSH
if: inputs.arm-build
uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0
Expand All @@ -108,13 +88,6 @@ jobs:
- endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}"
platforms: linux/arm64
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Echo github event
run: echo "Github event ==> ${{ github.event_name }}"

Expand All @@ -127,11 +100,11 @@ jobs:
run: |
echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV"
- name: Docker Build for Audit
- name: Docker Build for Audit (AMD64)
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
platforms: linux/amd64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
Expand All @@ -150,64 +123,6 @@ jobs:
name: docker-${{ inputs.image-name }}-img-${{env.DOCKER_TAG_IMAGE }}
path: docker-${{ inputs.image-name }}-oci-tar-${{env.DOCKER_TAG_IMAGE }}

# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
# with:
# image-ref: 'ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }}'
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
# continue-on-error: true

# - name: Extract Docker metadata
# if: ${{ inputs.generate-dev-image }}
# id: meta
# uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
# with:
# annotations: |
# org.opencontainers.image.description="${{ inputs.image-dev-description }}"
# labels: |
# zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }}
# zama.fhevm.description="${{ inputs.image-dev-description }}"
# images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }}
# env:
# DOCKER_METADATA_ANNOTATIONS_LEVELS: index

# - name: Docker Build Dev Image
# if: ${{ inputs.generate-dev-image }}
# uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
# timeout-minutes: 360
# with:
# context: ${{ inputs.docker-context }}
# platforms: linux/amd64,linux/arm64
# build-args: |
# BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
# file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
# push: false
# pull: false
# tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest
# cache-from: type=gha
# cache-to: type=gha,mode=max
# labels: ${{ steps.meta.outputs.labels }}
# annotations: ${{ steps.meta.outputs.annotations }}

# - name: Run Trivy vulnerability scanner Dev Image
# if: ${{ inputs.generate-dev-image }}
# uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
# with:
# image-ref: 'ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}}'
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'

# - name: Export image name
# id: export-image
# run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}"

scan-vulns-docker-tarball:
runs-on: ubuntu-latest
needs: [build]
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/fhevm-smart-contracts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,7 @@ jobs:
working-directory: "."
push_image: true
image-name: "fhevm-smart-contracts"
image-dev-name: "fhevm-smart-contracts-dev"
generate-dev-image: false
docker-file: "contracts/operations/docker/ci.dockerfile"
docker-file-dev: "contracts/operations/docker/dev.dockerfile"
image-dev-description: "fhevm smart contracts dev image"
arm-build: true

secrets:
Expand Down

0 comments on commit e14009e

Please sign in to comment.