chore(ci/rust): post docker images to gcp for rust binaries (#19246) #663
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: branch build | |
| on: | |
| push: | |
| branches: | |
| - 'develop' | |
| pull_request: | |
| branches: | |
| - 'develop' | |
| paths: | |
| - 'ops/docker/**' | |
| - 'packages/contracts-bedrock/**' | |
| - 'docker-bake.hcl' | |
| - '.github/workflows/branches.yaml' | |
| - 'ops/scripts/compute-git-versions.sh' | |
| - 'op-rbuilder/**' | |
| - 'rust/**' | |
| schedule: | |
| # Daily builds at 2 AM UTC (matches CircleCI schedule) | |
| - cron: '0 2 * * *' | |
| jobs: | |
| prep: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| versions: ${{ steps.prep.outputs.versions }} | |
| date: ${{ steps.prep.outputs.date }} | |
| steps: | |
| - name: Harden the runner | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event_name == 'schedule' && 'develop' || '' }} | |
| - uses: ./.github/actions/docker-build-prep | |
| id: prep | |
| build: | |
| needs: prep | |
| # only build if push to develop, scheduled run, or PR from a local branch (not a fork) | |
| if: github.event_name == 'push' || github.event_name == 'schedule' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| - op-node | |
| - op-batcher | |
| - op-faucet | |
| - op-program | |
| - op-proposer | |
| - op-challenger | |
| - op-dispute-mon | |
| - op-conductor | |
| - da-server | |
| - op-supervisor | |
| - op-supernode | |
| - op-test-sequencer | |
| - cannon | |
| - op-dripper | |
| - op-interop-mon | |
| - op-interop-filter | |
| - op-rbuilder | |
| - kona-node | |
| - kona-client | |
| - kona-host | |
| - op-reth | |
| uses: ethereum-optimism/factory/.github/workflows/docker.yaml@f8f3cb4800e538003134fb5f50cc734c2c98d762 | |
| with: | |
| mode: bake | |
| image_name: ${{ matrix.image_name }} | |
| bake_file: docker-bake.hcl | |
| target: ${{ matrix.image_name }} | |
| gcp_project_id: ${{ vars.GCP_PROJECT_ID_OPLABS_TOOLS_ARTIFACTS }} | |
| registry: us-docker.pkg.dev/oplabs-tools-artifacts/images | |
| env: | | |
| GIT_VERSION=${{ fromJson(needs.prep.outputs.versions)[matrix.image_name] }} | |
| set: | | |
| *.args.GIT_COMMIT=${{ github.sha }} | |
| *.args.GIT_DATE=${{ needs.prep.outputs.date }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| attestations: write | |
| build-fork: | |
| needs: prep | |
| # only build if PR from a fork | |
| if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| - op-node | |
| - op-batcher | |
| - op-faucet | |
| - op-program | |
| - op-proposer | |
| - op-challenger | |
| - op-dispute-mon | |
| - op-conductor | |
| - da-server | |
| - op-supervisor | |
| - op-supernode | |
| - op-test-sequencer | |
| - cannon | |
| - op-dripper | |
| - op-interop-mon | |
| - op-interop-filter | |
| - op-rbuilder | |
| - kona-node | |
| - kona-client | |
| - kona-host | |
| - op-reth | |
| uses: ethereum-optimism/factory/.github/workflows/docker.yaml@f8f3cb4800e538003134fb5f50cc734c2c98d762 | |
| with: | |
| mode: bake | |
| image_name: ${{ matrix.image_name }} | |
| bake_file: docker-bake.hcl | |
| target: ${{ matrix.image_name }} | |
| tag: 24h | |
| registry: ttl.sh/${{ github.sha }} | |
| env: | | |
| GIT_VERSION=${{ fromJson(needs.prep.outputs.versions)[matrix.image_name] }} | |
| set: | | |
| *.args.GIT_COMMIT=${{ github.sha }} | |
| *.args.GIT_DATE=${{ needs.prep.outputs.date }} | |
| permissions: | |
| contents: read | |
| check-cross-platform: | |
| needs: [build, build-fork] | |
| if: always() && (needs.build.result == 'success' || needs.build-fork.result == 'success') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| - op-node | |
| - op-batcher | |
| - op-faucet | |
| - op-program | |
| - op-proposer | |
| - op-challenger | |
| - op-dispute-mon | |
| - op-conductor | |
| - da-server | |
| - op-supervisor | |
| - op-supernode | |
| - op-test-sequencer | |
| - cannon | |
| - op-dripper | |
| - op-interop-mon | |
| - op-interop-filter | |
| - op-rbuilder | |
| - kona-node | |
| - kona-host | |
| - kona-client | |
| - op-reth | |
| runner: | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-arm | |
| exclude: | |
| # Rust images use ENTRYPOINT, so the version check command differs | |
| - image_name: op-rbuilder | |
| - image_name: kona-node | |
| - image_name: kona-host | |
| - image_name: kona-client | |
| - image_name: op-reth | |
| runs-on: ${{ matrix.runner }} | |
| env: | |
| IMAGE: ${{ needs.build-fork.result == 'success' && format('ttl.sh/{0}/{1}:24h', github.sha, matrix.image_name) || format('us-docker.pkg.dev/oplabs-tools-artifacts/images/{0}:{1}', matrix.image_name, github.sha) }} | |
| steps: | |
| - name: Run image | |
| run: docker run $IMAGE ${{ matrix.image_name }} --version | |
| # Separate cross-platform check for Rust images (they use ENTRYPOINT instead of CMD) | |
| check-cross-platform-rust: | |
| needs: [build, build-fork] | |
| if: always() && (needs.build.result == 'success' || needs.build-fork.result == 'success') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| - op-rbuilder | |
| - kona-node | |
| - kona-host | |
| - kona-client | |
| - op-reth | |
| runner: | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-arm | |
| runs-on: ${{ matrix.runner }} | |
| env: | |
| IMAGE: ${{ needs.build-fork.result == 'success' && format('ttl.sh/{0}/{1}:24h', github.sha, matrix.image_name) || format('us-docker.pkg.dev/oplabs-tools-artifacts/images/{0}:{1}', matrix.image_name, github.sha) }} | |
| steps: | |
| - name: Run image | |
| run: docker run $IMAGE --version |