From e14009ee5928b814a4cf71249b12860269acba1e Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Wed, 27 Nov 2024 18:04:32 +0100 Subject: [PATCH] ci: single platform build --- .github/workflows/common-docker.yml | 93 +-------------------- .github/workflows/fhevm-smart-contracts.yml | 4 - 2 files changed, 4 insertions(+), 93 deletions(-) diff --git a/.github/workflows/common-docker.yml b/.github/workflows/common-docker.yml index 860a72d3..0c84038d 100644 --- a/.github/workflows/common-docker.yml +++ b/.github/workflows/common-docker.yml @@ -1,4 +1,4 @@ -name: Docker Build and Push +name: Docker Build, Scan and Push on: workflow_call: @@ -22,12 +22,6 @@ on: image-name: type: string required: true - image-dev-name: - type: string - required: false - image-dev-description: - type: string - required: false push_image: type: boolean default: true @@ -36,18 +30,10 @@ on: type: string required: false default: "ubuntu-latest" - generate-dev-image: - type: boolean - default: false - required: false docker-file: type: string default: "ci.dockerfile" required: false - docker-file-dev: - type: string - default: "dev.dockerfile" - required: false graviton-build-host: type: string required: false @@ -67,7 +53,7 @@ on: outputs: image_name: description: "Image Name with Tag generated by this task" - value: "${{ jobs.build-and-push-docker.outputs.image_name }}" + value: "${{ jobs.build.outputs.image_name }}" jobs: build: @@ -85,12 +71,6 @@ jobs: dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }} failure-threshold: none - - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 - if: ${{ inputs.generate-dev-image }} - with: - dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }} - failure-threshold: none - - name: Set up SSH if: inputs.arm-build uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0 @@ -108,13 +88,6 @@ jobs: - endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}" platforms: linux/arm64 - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Echo github event run: echo "Github event ==> ${{ github.event_name }}" @@ -127,11 +100,11 @@ jobs: run: | echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV" - - name: Docker Build for Audit + - name: Docker Build for Audit (AMD64) uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 with: context: ${{ inputs.docker-context }} - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 build-args: | BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} file: ${{ inputs.working-directory }}/${{ inputs.docker-file }} @@ -150,64 +123,6 @@ jobs: name: docker-${{ inputs.image-name }}-img-${{env.DOCKER_TAG_IMAGE }} path: docker-${{ inputs.image-name }}-oci-tar-${{env.DOCKER_TAG_IMAGE }} - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 - # with: - # image-ref: 'ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }}' - # format: 'table' - # exit-code: '1' - # ignore-unfixed: true - # vuln-type: 'os,library' - # severity: 'CRITICAL,HIGH' - # continue-on-error: true - - # - name: Extract Docker metadata - # if: ${{ inputs.generate-dev-image }} - # id: meta - # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - # with: - # annotations: | - # org.opencontainers.image.description="${{ inputs.image-dev-description }}" - # labels: | - # zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }} - # zama.fhevm.description="${{ inputs.image-dev-description }}" - # images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }} - # env: - # DOCKER_METADATA_ANNOTATIONS_LEVELS: index - - # - name: Docker Build Dev Image - # if: ${{ inputs.generate-dev-image }} - # uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 - # timeout-minutes: 360 - # with: - # context: ${{ inputs.docker-context }} - # platforms: linux/amd64,linux/arm64 - # build-args: | - # BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} - # file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }} - # push: false - # pull: false - # tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest - # cache-from: type=gha - # cache-to: type=gha,mode=max - # labels: ${{ steps.meta.outputs.labels }} - # annotations: ${{ steps.meta.outputs.annotations }} - - # - name: Run Trivy vulnerability scanner Dev Image - # if: ${{ inputs.generate-dev-image }} - # uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0 - # with: - # image-ref: 'ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}}' - # format: 'table' - # exit-code: '1' - # ignore-unfixed: true - # vuln-type: 'os,library' - # severity: 'CRITICAL,HIGH' - - # - name: Export image name - # id: export-image - # run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}" - scan-vulns-docker-tarball: runs-on: ubuntu-latest needs: [build] diff --git a/.github/workflows/fhevm-smart-contracts.yml b/.github/workflows/fhevm-smart-contracts.yml index fdeef601..53781c21 100644 --- a/.github/workflows/fhevm-smart-contracts.yml +++ b/.github/workflows/fhevm-smart-contracts.yml @@ -28,11 +28,7 @@ jobs: working-directory: "." push_image: true image-name: "fhevm-smart-contracts" - image-dev-name: "fhevm-smart-contracts-dev" - generate-dev-image: false docker-file: "contracts/operations/docker/ci.dockerfile" - docker-file-dev: "contracts/operations/docker/dev.dockerfile" - image-dev-description: "fhevm smart contracts dev image" arm-build: true secrets: