chore(ci): bring cross-compiling in line with main repo and improve d… (

#211) Description Bring cross-compiling in line with main repo Build x64 and arm64 docker images Improve docker tagging Motivation and Context Improve multi-arch support How Has This Been Tested? Builds in local fork
tari-project · Dec 6, 2024 · 66b251a · 66b251a
1 parent e4b1c25
commit 66b251a
Show file tree

Hide file tree

Showing 8 changed files with 422 additions and 64 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,13 @@
+.dockerignore
+Dockerfile*
+
+node_modules
+npm-debug.log
+.npmrc
+
+.git
+.gitignore
+.github
+
+target
+
diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
@@ -0,0 +1,221 @@
+---
+name: Build sha-p2pool docker images
+
+'on':
+  push:
+    paths-ignore:
+      - '**/*.md'
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]*'
+    branches:
+      - 'build-all-*'
+      - 'build-dockers-*'
+  schedule:
+    - cron: '05 00 * * *'
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        description: 'override image tag/version'
+      tag_alias:
+        type: string
+        description: 'image tag alias'
+
+env:
+  DOCKER_IMAGE: sha-p2pool
+  DAYS_to_EXPIRE: 30
+
+concurrency:
+  # https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' }}
+
+permissions: {}
+
+jobs:
+  builds_envs_setup:
+    name: Build envs setup
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.envs_setup.outputs.version }}
+
+    steps:
+      - name: Prep docker build environment
+        id: envs_setup
+        shell: bash
+        run: |
+          #TESHA_SHORT=$(git rev-parse --short HEAD)
+          TESHA_SHORT=${GITHUB_SHA::7}
+          if [[ "${{ github.ref }}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
+            VERSION="${{ github.ref_name }}_$(date -u '+%Y%m%d')_${TESHA_SHORT}"
+            echo "TAG_ALIAS=${{ secrets.DOCKER_PROVIDER }}/${{ secrets.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}:${{ github.ref_name }}" >> $GITHUB_ENV
+          else
+            if [ -z "${{ inputs.version }}" ] ; then
+              VERSION="${{ github.ref_name }}_$(date -u '+%Y%m%d')_${TESHA_SHORT}"
+            else
+              VERSION=${{ inputs.version }}
+            fi
+          fi
+          echo "Setting ${VERSION} as docker tag"
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          if [ ! -z "${{ inputs.tag_alias }}" ] ; then
+            echo "Setup tag_alias"
+            echo "TAG_ALIAS=${{ secrets.DOCKER_PROVIDER }}/${{ secrets.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}:${{ inputs.tag_alias }}" >> $GITHUB_ENV
+          fi
+
+  docker_build:
+    name: Docker building
+    needs: builds_envs_setup
+    runs-on: ubuntu-latest
+
+    outputs:
+      version: ${{ steps.envs_setup.outputs.version }}
+
+    permissions:
+      contents: read
+      packages: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: [amd64, arm64]
+
+    steps:
+      - name: Checkout p2pool explorer
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU for Docker
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+
+      - name: Expire setup
+        shell: bash
+        run: |
+          if [[ "${{ github.ref }}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
+            echo "No Expire for release"
+          else
+            echo "EXPIRATION=${{ env.DAYS_to_EXPIRE }}d" >> $GITHUB_ENV
+          fi
+          echo "VERSION=${{ needs.builds_envs_setup.outputs.version }}" >> $GITHUB_ENV
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/${{ env.DOCKER_IMAGE }}
+            ${{ secrets.DOCKER_PROVIDER }}/${{ secrets.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+          labels: |
+            maintainer=${{ github.actor }}
+            quay.expires-after=${{ env.EXPIRATION }}
+            org.opencontainers.image.vendor=TariLabs
+            org.opencontainers.image.title=${{ env.DOCKER_IMAGE }}
+            org.opencontainers.image.description=Multi-arch Docker image for ${{ env.DOCKER_IMAGE }}
+            org.opencontainers.image.url=https://github.com/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          flavor: |
+            suffix=-${{ matrix.platform }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Image Provider
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_PROVIDER }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Docker image build and push
+        id: docker_build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.cross-compile
+          platforms: linux/${{ matrix.platform }}
+          push: true
+          provenance: false
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ env.VERSION }}
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ${{ secrets.DOCKER_PROVIDER }}/${{ secrets.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}:${{ env.VERSION }}-${{ matrix.platform }}
+            ghcr.io/${{ github.repository_owner }}/${{ env.DOCKER_IMAGE }}:latest-${{ matrix.platform }}
+            ${{ secrets.DOCKER_PROVIDER }}/${{ secrets.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}:latest-${{ matrix.platform }}
+            ${{ env.TAG_ALIAS }}
+          outputs: |
+            type=registry,annotation-manifest-descriptor.org.opencontainers.image.title=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }},annotation-manifest-descriptor.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }},annotation.org.opencontainers.image.title=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }},annotation.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }},annotation-index.org.opencontainers.image.title=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }},annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+
+  create-manifest:
+    needs: [ builds_envs_setup, docker_build ]
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Log in to Registries
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ secrets.DOCKER_PROVIDER }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+
+      # Create and push the multi-arch image to both registries
+      - name: Push multi-arch image
+        run: |
+          DVERSION=${{ needs.builds_envs_setup.outputs.version }}
+          for DREGISTRY in ghcr.io quay.io; do
+            if [[ "${DREGISTRY}" == "ghcr.io" ]]; then
+              repo="${{ github.repository_owner }}"
+            else
+              repo="${{ secrets.DOCKER_REPO }}"
+            fi
+
+            echo "Registry run - ${DREGISTRY}"
+            echo "Creating multi-arch image for ${repo}/${{ env.DOCKER_IMAGE }} for ${DVERSION}"
+            docker manifest create \
+              ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:${DVERSION} \
+                --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-amd64 \
+                --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-arm64
+
+            echo "Inspect multi-arch image for ${repo}/${{ env.DOCKER_IMAGE }}"
+            docker manifest inspect ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:${DVERSION} > manifest.json
+            cat manifest.json
+            echo "Pushing multi-arch image for ${repo}/${{ env.DOCKER_IMAGE }}"
+            docker manifest push ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:${DVERSION} || true
+
+            if [[ "${{ github.ref }}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
+              echo "Release Multi-Arch Tag"
+              docker manifest create \
+                ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:${{ github.ref_name }} \
+                  --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-amd64 \
+                  --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-arm64
+              docker manifest push ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:${{ github.ref_name }} || true
+            fi
+
+            echo "Latest Multi-Arch tag"
+            docker manifest create \
+              ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest \
+                --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-amd64 \
+                --amend ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest-arm64
+            #docker manifest annotate ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest --file manifest.json
+            docker manifest push ${DREGISTRY}/${repo}/${{ env.DOCKER_IMAGE }}:latest || true
+
+          done
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
diff --git a/.github/workflows/pr_signed_commits_check.yml b/.github/workflows/pr_signed_commits_check.yml
@@ -0,0 +1,24 @@
+---
+# Checks if the comments are signed or not
+name: PR - Signed commits check
+
+'on':
+  pull_request_target
+
+concurrency:
+  # https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' || github.ref != 'refs/heads/nextnet' || github.ref != 'refs/heads/stagenet' }}
+
+permissions: {}
+
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@v1
diff --git a/.license.ignore b/.license.ignore
@@ -0,0 +1 @@
+./Dockerfile.cross-compile
diff --git a/Cross.toml b/Cross.toml
@@ -36,3 +36,17 @@ passthrough = [
 [target.x86_64-unknown-linux-gnu]
 image = "ubuntu:18.04"
 pre-build = "./scripts/cross_compile_ubuntu_18-pre-build.sh"
+
+[target.x86_64-unknown-linux-gnu.env]
+passthrough = [
+  "PKG_CONFIG_ALLOW_CROSS=true",
+]
+
+[target.riscv64gc-unknown-linux-gnu]
+image = "ubuntu:22.04"
+pre-build = "./scripts/cross_compile_ubuntu_18-pre-build.sh"
+
+[target.riscv64gc-unknown-linux-gnu.env]
+passthrough = [
+  "PKG_CONFIG_ALLOW_CROSS=true",
+]