fix(build): secrets, runner and conditional login

ZcashFoundation · Mar 22, 2024 · 773b0b5 · 773b0b5
1 parent 9dbdfe2
commit 773b0b5
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 8 deletions.
diff --git a/.github/workflows/cd-deploy-nodes-gcp.yml b/.github/workflows/cd-deploy-nodes-gcp.yml
@@ -136,6 +136,8 @@ jobs:
       image_name: zebrad
       no_cache: ${{ inputs.no_cache || false }}
       rust_log: info
+    # This step needs access to Docker Hub secrets to run successfully
+    secrets: inherit
 
   # Test that Zebra works using the default config with the latest Zebra version.
   test-configuration-file:

diff --git a/.github/workflows/ci-integration-tests-gcp.yml b/.github/workflows/ci-integration-tests-gcp.yml
@@ -149,6 +149,9 @@ jobs:
       rust_backtrace: full
       rust_lib_backtrace: full
       rust_log: info
+    # This step needs access to Docker Hub secrets to run successfully
+    secrets: inherit
+
 
   # zebrad cached checkpoint state tests
 

diff --git a/.github/workflows/ci-unit-tests-docker.yml b/.github/workflows/ci-unit-tests-docker.yml
@@ -111,6 +111,8 @@ jobs:
       rust_backtrace: full
       rust_lib_backtrace: full
       rust_log: info
+    # This step needs access to Docker Hub secrets to run successfully
+    secrets: inherit
 
   # Run all the zebra tests, including tests that are ignored by default.
   #

diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml
@@ -68,7 +68,7 @@ jobs:
   build:
     name: Build images
     timeout-minutes: 210
-    runs-on: ubuntu-latest-xl
+    runs-on: ubuntu-latest
     outputs:
       image_digest: ${{ steps.docker_build.outputs.digest }}
       image_name: ${{ fromJSON(steps.docker_build.outputs.metadata)['image.name'] }}
@@ -92,6 +92,8 @@ jobs:
         uses: docker/[email protected]
         with:
           # list of Docker images to use as base name for tags
+          # We only publish images to DockerHub if a release is not a pre-release
+          # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177
           images: |
             us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/${{ inputs.image_name }}
             zfnd/${{ inputs.image_name }},enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}
@@ -139,25 +141,19 @@ jobs:
           password: ${{ steps.auth.outputs.access_token }}
 
       - name: Login to DockerHub
-        # We only publish images to DockerHub if a release is not a pre-release
-        # Ref: https://github.com/orgs/community/discussions/26281#discussioncomment-3251177
-        if: ${{ github.event_name == 'release' && !github.event.release.prerelease }}
         uses: docker/[email protected]
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      # Setup Docker Buildx to allow use of docker cache layers from GH
+      # Setup Docker Buildx to use Docker Build Cloud
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
         with:
           version: "lab:latest"
           driver: cloud
           endpoint: "zfnd/zebra"
-          driver-opts: |
-            network=host
-            image=moby/buildkit:v0.13.0
 
       # Build and push image to Google Artifact Registry, and possibly DockerHub
       - name: Build & push