forked from paritytech/cumulus
-
Notifications
You must be signed in to change notification settings - Fork 2
133 lines (110 loc) · 4.32 KB
/
release-50_docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Release - Docker
# This workflow listens to pubished releases.
# It includes releases and pre-releases.
# It fetches the binaries, checks sha256 and GPG
# signatures, then builds an injected docker
# image and publishes it.
on:
release:
types:
- published
jobs:
docker_build_publish:
env:
BINARY: polkadot-parachain
TMP: tmp
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ github.event.release.tag_name }}
- name: Prepare temp folder
run: |
mkdir ${TMP}
ls -al
- name: Fetch files from release
working-directory: ${{ env.TMP }}
run: |
echo "Repo: ${{ github.event.repository.full_name }}"
echo "Name: ${{ github.event.release.name }}"
echo "Tag: ${{ github.event.release.tag_name }}"
echo "Draft: ${{ github.event.release.draft }}"
echo "Prerelease: ${{ github.event.release.prerelease }}"
echo "Assets: ${{ github.event.release.assets }}"
for f in $BINARY $BINARY.asc $BINARY.sha256; do
URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
echo " - Fetching $f from $URL"
wget "$URL" -O "$f"
done
chmod a+x $BINARY
ls -al
- name: Check files
working-directory: ${{ env.TMP }}
run: |
ls -al *$BINARY*
shasum -a 256 -c $BINARY.sha256
sha_result=$?
KEY_PARITY_SEC=9D4B2B6EB8F97156D19669A9FF0812D491B96798
KEY_CHEVDOR=2835EAF92072BC01D188AF2C4A092B93E97CE1E2
KEYSERVER=keyserver.ubuntu.com
gpg --keyserver $KEYSERVER --receive-keys $KEY_PARITY_SEC
if [[ ${{ github.event.release.prerelease }} == "true" ]]; then
gpg --keyserver $KEYSERVER --receive-keys $KEY_CHEVDOR
fi
gpg --verify $BINARY.asc
gpg_result=$?
echo sha_result: $sha_result
echo gpg_result: $gpg_result
# If it fails, it would fail earlier but a second check
# does not hurt in case of refactoring...
if [[ $sha_result -ne 0 || $gpg_result -ne 0 ]]; then
echo "Check failed, exiting with error"
exit 1
else
echo "Checks passed"
fi
- name: Build injected image
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ORG: parity
run: |
export OWNER=$DOCKERHUB_ORG
mkdir -p target/release
cp -f ${TMP}/$BINARY* target/release/
./docker/scripts/build-injected-image.sh
- name: Login to Dockerhub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Tag and Publish
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ORG: parity
run: |
docker run --pull never --rm $DOCKERHUB_ORG/$BINARY --version
VERSION=$(docker run --pull never --rm $DOCKERHUB_ORG/$BINARY --version | awk '{ print $2 }' )
SEMVER=$( echo $VERSION | cut -f1 -d- )
GITREF=$( echo $VERSION | cut -f2 -d- )
PRE=${{ github.event.release.prerelease }}
PRE_STR=""
echo "SEMVER=$SEMVER"
echo "GITREF=$GITREF"
echo "PRE=$PRE"
# Build a tag such as:
# 1.2.3-8a1201273 or
# 1.2.3-pre-8a1201273 for pre-releases
[[ $PRE == "true" ]] && PRE_STR="-pre"
TAG=${SEMVER}${PRE_STR}-${GITREF}
echo "PRE_STR=$PRE_STR"
echo "TAG=$TAG"
docker tag $DOCKERHUB_ORG/$BINARY $DOCKERHUB_ORG/$BINARY:$TAG
docker push $DOCKERHUB_ORG/$BINARY:$TAG
if [[ $PRE != "true" ]]; then
docker tag $DOCKERHUB_ORG/$BINARY $DOCKERHUB_ORG/$BINARY:latest
docker tag $DOCKERHUB_ORG/$BINARY $DOCKERHUB_ORG/$BINARY:$SEMVER
docker push $DOCKERHUB_ORG/$BINARY:latest
docker push $DOCKERHUB_ORG/$BINARY:$SEMVER
fi
docker images | grep $DOCKERHUB_ORG/$BINARY