Skip to content

Merge pull-request #383 #341

Merge pull-request #383

Merge pull-request #383 #341

Workflow file for this run

name: artifacts-build
on:
push:
tags:
- v*.*.*
branches:
- main
pull_request:
workflow_dispatch: # Allows manual invocation
jobs:
lfs-to-github-cache:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
submodules: true
- name: Generate Cache Key
id: cache-key
run: |
cache_filenames=$(make cache-filenames)
openssl sha256 $cache_filenames | openssl sha256 | awk '{ print "key="$2 }' >> $GITHUB_OUTPUT
printf "filenames<<EOF\n%s\nEOF\n" "$(printf "%s" "$cache_filenames" | tr ' ' '\n')" >> $GITHUB_OUTPUT
- name: Cache
id: cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
lookup-only: true
key: lfs-${{steps.cache-key.outputs.key}}
path: ${{steps.cache-key.outputs.filenames}}
- name: Setup Checkout
if: steps.cache.outputs.cache-hit != 'true'
run: |
make cache
build:
name: Build Toolchain Artifacts
runs-on: ubuntu-latest
needs:
- lfs-to-github-cache
strategy:
matrix:
include:
- target: qos_host.oci.x86_64.tar
- target: qos_enclave.oci.x86_64.tar
- target: qos_client.oci.x86_64.tar
timeout-minutes: 50
steps:
- name: Checkout sources
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
submodules: true
- name: Generate Cache Key
id: cache-key
run: |
cache_filenames=$(make cache-filenames)
openssl sha256 $cache_filenames | openssl sha256 | awk '{ print "key="$2 }' >> $GITHUB_OUTPUT
printf "filenames<<EOF\n%s\nEOF\n" "$(printf "%s" "$cache_filenames" | tr ' ' '\n')" >> $GITHUB_OUTPUT
- name: Cache
id: cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
fail-on-cache-miss: true
key: lfs-${{steps.cache-key.outputs.key}}
path: ${{steps.cache-key.outputs.filenames}}
- name: Run `make out/${{ matrix.target }}`
shell: 'script -q -e -c "bash {0}"'
run: |
touch cache/toolchain.tgz
make -d toolchain-restore-mtime toolchain out/${{ matrix.target }}
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: ${{ matrix.target }}
path: out/${{ matrix.target }}
retention-days: 1
upload_to_ecr:
name: Upload toolchain artifacts to ECR
runs-on: ubuntu-latest
needs:
- build
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
aws-region: us-east-1
role-to-assume: arn:aws:iam::799078726966:role/github-qos
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
- name: Download Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: Upload images to ECR
env:
images: >-
qos_client
qos_enclave
qos_host
tags: >-
${{ github.ref == format('refs/heads/{0}', 'main') && 'latest' || '' }}
${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
${{ github.event_name == 'push' && github.ref_name || '' }}
run: |
skopeo login \
--username "${{ steps.login-ecr.outputs.docker_username_799078726966_dkr_ecr_us_east_1_amazonaws_com }}" \
--password "${{ steps.login-ecr.outputs.docker_password_799078726966_dkr_ecr_us_east_1_amazonaws_com }}" \
${{ steps.login-ecr.outputs.registry }}
for image in ${images}; do
skopeo copy --all \
"oci-archive:./${image}.oci.x86_64.tar/${image}.oci.x86_64.tar" \
"docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}"
for tag in ${tags}; do
skopeo copy --all \
"docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}" \
"docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:${tag}"
done
done
upload_to_ghcr:
name: Upload toolchain artifacts to GHCR
runs-on: ubuntu-latest
needs:
- build
permissions:
contents: read
packages: write
steps:
- name: Download Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: Upload images to GHCR
env:
images: >-
qos_client
qos_enclave
qos_host
tags: >-
${{ github.ref == format('refs/heads/{0}', 'main') && 'latest' || '' }}
${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
${{ github.event_name == 'push' && github.ref_name || '' }}
run: |
skopeo login \
--username "${{ github.actor }}" \
--password "${{ secrets.GITHUB_TOKEN }}" \
ghcr.io
for image in ${images}; do
skopeo copy --all \
"oci-archive:./${image}.oci.x86_64.tar/${image}.oci.x86_64.tar" \
"docker://ghcr.io/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}"
for tag in ${tags}; do
skopeo copy --all \
"docker://ghcr.io/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}" \
"docker://ghcr.io/tkhq/${image}:${tag}"
done
done