@@ -2,88 +2,168 @@ name: Build and publish Docker images for Energy Tracker
22
33on :
44 push :
5- branches : [ "main", "staging" ]
5+ branches : [ "staging", "main" ]
6+ pull_request :
7+ branches : [ "staging", "main" ]
68
79env :
810 REGISTRY : ghcr.io
9- PROVER_IMAGE_NAME : ${{ github.repository }}
10- STREAMR_IMAGE_NAME : ${{ github.repository }}/streamr-client
1111
12+ permissions :
13+ contents : read
14+ packages : write
15+ attestations : write
16+ id-token : write
1217
1318jobs :
14- build-and-push-prover-image :
15- runs-on : ubuntu-latest
16- permissions :
17- contents : read
18- packages : write
19- attestations : write
20- id-token : write
19+ build-platform :
20+ strategy :
21+ matrix :
22+ include :
23+ - platform : linux/amd64
24+ runner : ubuntu-latest
25+ arch : amd64
26+ - platform : linux/arm64
27+ runner : ubuntu-24.04-arm
28+ arch : arm64
29+
30+ runs-on : ${{ matrix.runner }}
31+
2132 steps :
2233 - name : Checkout repository
2334 uses : actions/checkout@v5
24- - name : Log in to the Container registry
35+
36+ - name : Normalize image names
37+ run : |
38+ echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
39+ echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV
40+
41+ name : Free disk space
42+ uses : jlumbroso/free-disk-space@main
43+ with :
44+ tool-cache : true
45+ android : true
46+ dotnet : true
47+ haskell : true
48+ large-packages : true
49+ docker-images : true
50+ swap-storage : true
51+
52+ - name : Set up Docker Buildx
53+ uses : docker/setup-buildx-action@v3
54+
55+ - name : Log in to GitHub Container Registry
2556 if : github.event_name != 'pull_request'
26- uses : docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
57+ uses : docker/login-action@v3
2758 with :
2859 registry : ${{ env.REGISTRY }}
2960 username : ${{ github.actor }}
3061 password : ${{ secrets.GITHUB_TOKEN }}
31- - name : Extract metadata (tags, labels) for Docker
32- id : meta
33- uses : docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
34- with :
35- images : ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}
36- - name : Build and push Docker image
37- id : push
38- uses : docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
62+
63+ # Prover image - push by digest with repository name
64+ - name : Build Prover image (single platform)
65+ id : build-prover
66+ uses : docker/build-push-action@v6
3967 with :
4068 context : .
69+ platforms : ${{ matrix.platform }}
70+ push : ${{ github.event_name != 'pull_request' }}
71+ outputs : type=image,name=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }},push-by-digest=true
72+ cache-from : type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache-${{ matrix.arch }}
73+ cache-to : type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache-${{ matrix.arch }},mode=max
74+
75+ # Streamr client image - push by digest with repository name
76+ - name : Build Streamr client image (single platform)
77+ id : build-streamr
78+ uses : docker/build-push-action@v6
79+ with :
80+ context : ./streamr-client
81+ platforms : ${{ matrix.platform }}
4182 push : ${{ github.event_name != 'pull_request' }}
42- tags : ${{ steps.meta.outputs.tags }}
43- labels : ${{ steps.meta.outputs.labels }}
44- - name : Generate artifact attestation
83+ outputs : type=image,name=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }},push-by-digest=true
84+ cache-from : type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache-${{ matrix.arch }}
85+ cache-to : type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache-${{ matrix.arch }},mode=max
86+
87+ - name : Save digests to files
88+ if : github.event_name != 'pull_request'
89+ run : |
90+ echo ${{ steps.build-prover.outputs.digest }} > digests-${{ matrix.arch }}-prover-digest.txt
91+ echo ${{ steps.build-streamr.outputs.digest }} > digests-${{ matrix.arch }}-streamr-digest.txt
92+
93+ name : Upload digests artifact
4594 if : github.event_name != 'pull_request'
46- uses : actions/attest-build-provenance@v3
95+ uses : actions/upload-artifact@v4
4796 with :
48- subject-name : ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}
49- subject-digest : ${{ steps.push.outputs.digest }}
50- push-to-registry : true
97+ name : digests-${{ matrix.arch }}
98+ path : |
99+ digests-${{ matrix.arch }}-prover-digest.txt
100+ digests-${{ matrix.arch }}-streamr-digest.txt
51101
52- build-and-push-streamr-image :
102+ create-manifests :
103+ needs : build-platform
104+ if : github.event_name != 'pull_request'
53105 runs-on : ubuntu-latest
54- permissions :
55- contents : read
56- packages : write
57- attestations : write
58- id-token : write
106+
59107 steps :
60- - name : Checkout repository
61- uses : actions/checkout@v5
62- - name : Log in to the Container registry
63- if : github.event_name != 'pull_request'
64- uses : docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
108+ - name : Normalize image names
109+ run : |
110+ echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
111+ echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV
112+
113+ name : Download all digests
114+ uses : actions/download-artifact@v4
115+ with :
116+ pattern : digests-*
117+ merge-multiple : true
118+
119+ - name : Log in to GitHub Container Registry
120+ uses : docker/login-action@v3
65121 with :
66122 registry : ${{ env.REGISTRY }}
67123 username : ${{ github.actor }}
68124 password : ${{ secrets.GITHUB_TOKEN }}
69- - name : Extract metadata (tags, labels) for Docker
70- id : meta
71- uses : docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
72- with :
73- images : ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}
74- - name : Build and push Docker image
75- id : push
76- uses : docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
125+
126+ - name : Set up Docker Buildx
127+ uses : docker/setup-buildx-action@v3
128+
129+ - name : Extract metadata for Prover image
130+ id : meta-prover
131+ uses : docker/metadata-action@v5
77132 with :
78- context : ./streamr-client
79- push : ${{ github.event_name != 'pull_request' }}
80- tags : ${{ steps.meta.outputs.tags }}
81- labels : ${{ steps.meta.outputs.labels }}
82-
83- - name : Generate artifact attestation
84- if : github.event_name != 'pull_request'
85- uses : actions/attest-build-provenance@v3
133+ images : ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}
134+
135+ - name : Create multi-arch manifest for Prover
136+ run : |
137+ AMD64_DIGEST=$(cat digests-amd64-prover-digest.txt)
138+ ARM64_DIGEST=$(cat digests-arm64-prover-digest.txt)
139+ echo AMD64_DIGEST=$AMD64_DIGEST
140+ echo ARM64_DIGEST=$ARM64_DIGEST
141+ TAGS=(${{ steps.meta-prover.outputs.tags }})
142+ TAG_ARGS=""
143+ for tag in "${TAGS[@]}"; do
144+ TAG_ARGS="$TAG_ARGS --tag $tag"
145+ done
146+ docker buildx imagetools create $TAG_ARGS \
147+ ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}@$AMD64_DIGEST \
148+ ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}@$ARM64_DIGEST
149+
150+ name : Extract metadata for Streamr client image
151+ id : meta-streamr
152+ uses : docker/metadata-action@v5
86153 with :
87- subject-name : ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}
88- subject-digest : ${{ steps.push.outputs.digest }}
89- push-to-registry : true
154+ images : ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}
155+
156+ - name : Create multi-arch manifest for Streamr client
157+ run : |
158+ AMD64_DIGEST=$(cat digests-amd64-streamr-digest.txt)
159+ ARM64_DIGEST=$(cat digests-arm64-streamr-digest.txt)
160+ echo AMD64_DIGEST=$AMD64_DIGEST
161+ echo ARM64_DIGEST=$ARM64_DIGEST
162+ TAGS=(${{ steps.meta-streamr.outputs.tags }})
163+ TAG_ARGS=""
164+ for tag in "${TAGS[@]}"; do
165+ TAG_ARGS="$TAG_ARGS --tag $tag"
166+ done
167+ docker buildx imagetools create $TAG_ARGS \
168+ ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}@$AMD64_DIGEST \
169+ ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}@$ARM64_DIGEST
0 commit comments