chore(kms-connector): add acl check retries (#1855) #115
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: kms-connector-docker-build | |
| on: | |
| workflow_call: | |
| secrets: | |
| AWS_ACCESS_KEY_S3_USER: | |
| required: true | |
| AWS_SECRET_KEY_S3_USER: | |
| required: true | |
| BLOCKCHAIN_ACTIONS_TOKEN: | |
| required: true | |
| GHCR_READ_TOKEN: | |
| required: true | |
| CGR_USERNAME: | |
| required: true | |
| CGR_PASSWORD: | |
| required: true | |
| outputs: | |
| db_migration_build_result: | |
| description: "Result of the build-db-migration job" | |
| value: ${{ jobs.build-db-migration.result }} | |
| gw_listener_build_result: | |
| description: "Result of the build-gw-listener job" | |
| value: ${{ jobs.build-gw-listener.result }} | |
| kms_worker_build_result: | |
| description: "Result of the build-kms-worker job" | |
| value: ${{ jobs.build-kms-worker.result }} | |
| tx_sender_build_result: | |
| description: "Result of the build-tx-sender job" | |
| value: ${{ jobs.build-tx-sender.result }} | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| inputs: | |
| build_db_migration: | |
| description: "Enable/disable build for KMS Connector's DB Migration" | |
| type: boolean | |
| default: true | |
| build_gw_listener: | |
| description: "Enable/disable build for KMS Connector's Gateway Listener" | |
| type: boolean | |
| default: true | |
| build_kms_worker: | |
| description: "Enable/disable build for KMS Connector's KMS Worker" | |
| type: boolean | |
| default: true | |
| build_tx_sender: | |
| description: "Enable/disable build for KMS Connector's Transaction Sender" | |
| type: boolean | |
| default: true | |
| push: | |
| branches: | |
| - main | |
| permissions: {} | |
| concurrency: | |
| group: kms-connector-build-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| ######################################################################## | |
| # DB MIGRATION # | |
| ######################################################################## | |
| check-changes-db-migration: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| secrets: &check_changes_secrets | |
| GHCR_READ_TOKEN: ${{ secrets.GHCR_READ_TOKEN }} | |
| permissions: &check_changes_permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| pull-requests: 'read' # Required to read pull request information | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/kms-connector/db-migration | |
| filters: | | |
| db-migration: | |
| - .github/workflows/kms-connector-docker-build.yml | |
| - kms-connector/connector-db/** | |
| build-db-migration: | |
| needs: check-changes-db-migration | |
| if: | | |
| github.event_name == 'release' | |
| || (github.event_name != 'workflow_dispatch' && needs.check-changes-db-migration.outputs.changes == 'true') | |
| || (github.event_name == 'workflow_dispatch' && inputs.build_db_migration) | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| secrets: &docker_secrets | |
| AWS_ACCESS_KEY_S3_USER: ${{ secrets.AWS_ACCESS_KEY_S3_USER }} | |
| AWS_SECRET_KEY_S3_USER: ${{ secrets.AWS_SECRET_KEY_S3_USER }} | |
| BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | |
| CGR_USERNAME: ${{ secrets.CGR_USERNAME }} | |
| CGR_PASSWORD: ${{ secrets.CGR_PASSWORD }} | |
| permissions: &docker_permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| pull-requests: 'read' # Required to read pull request information | |
| attestations: 'write' # Required to create build attestations | |
| packages: 'write' # Required to publish Docker images | |
| id-token: 'write' # Required for OIDC authentication | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/kms-connector/db-migration" | |
| docker-file: "kms-connector/connector-db/Dockerfile" | |
| app-cache-dir: "fhevm-kms-connector-db-migration" | |
| rust-toolchain-file-path: kms-connector/rust-toolchain.toml | |
| re-tag-db-migration-image: | |
| needs: check-changes-db-migration | |
| if: | | |
| needs.check-changes-db-migration.outputs.changes != 'true' && github.event_name == 'push' | |
| permissions: &re-tag-image-permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| packages: 'write' # Required to publish Docker images | |
| id-token: 'write' # Required for OIDC authentication | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/kms-connector/db-migration" | |
| previous-tag-or-commit: ${{ needs.check-changes-db-migration.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # GATEWAY LISTENER # | |
| ######################################################################## | |
| check-changes-gw-listener: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/kms-connector/gw-listener | |
| filters: | | |
| gw-listener: | |
| - .github/workflows/kms-connector-docker-build.yml | |
| - kms-connector/crates/gw-listener/** | |
| - kms-connector/crates/utils/** | |
| - kms-connector/Cargo.* | |
| - gateway-contracts/rust-bindings/** | |
| build-gw-listener: | |
| needs: check-changes-gw-listener | |
| if: | | |
| github.event_name == 'release' | |
| || (github.event_name != 'workflow_dispatch' && needs.check-changes-gw-listener.outputs.changes == 'true') | |
| || (github.event_name == 'workflow_dispatch' && inputs.build_gw_listener) | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/kms-connector/gw-listener" | |
| docker-file: "./kms-connector/crates/gw-listener/Dockerfile" | |
| app-cache-dir: "fhevm-kms-connector-gw-listener" | |
| rust-toolchain-file-path: kms-connector/rust-toolchain.toml | |
| re-tag-gw-listener-image: | |
| needs: check-changes-gw-listener | |
| if: | | |
| needs.check-changes-gw-listener.outputs.changes != 'true' && github.event_name == 'push' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/kms-connector/gw-listener" | |
| previous-tag-or-commit: ${{ needs.check-changes-gw-listener.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # KMS WORKER # | |
| ######################################################################## | |
| check-changes-kms-worker: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/kms-connector/kms-worker | |
| filters: | | |
| kms-worker: | |
| - .github/workflows/kms-connector-docker-build.yml | |
| - kms-connector/crates/kms-worker/** | |
| - kms-connector/crates/utils/** | |
| - kms-connector/Cargo.* | |
| - gateway-contracts/rust-bindings/** | |
| - host-contracts/rust-bindings/** | |
| build-kms-worker: | |
| needs: check-changes-kms-worker | |
| if: | | |
| github.event_name == 'release' | |
| || (github.event_name != 'workflow_dispatch' && needs.check-changes-kms-worker.outputs.changes == 'true') | |
| || (github.event_name == 'workflow_dispatch' && inputs.build_kms_worker) | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/kms-connector/kms-worker" | |
| docker-file: "./kms-connector/crates/kms-worker/Dockerfile" | |
| app-cache-dir: "fhevm-kms-connector-kms-worker" | |
| rust-toolchain-file-path: kms-connector/rust-toolchain.toml | |
| re-tag-kms-worker-image: | |
| needs: check-changes-kms-worker | |
| if: | | |
| needs.check-changes-kms-worker.outputs.changes != 'true' && github.event_name == 'push' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/kms-connector/kms-worker" | |
| previous-tag-or-commit: ${{ needs.check-changes-kms-worker.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # TRANSACTION SENDER # | |
| ######################################################################## | |
| check-changes-tx-sender: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/kms-connector/tx-sender | |
| filters: | | |
| tx-sender: | |
| - .github/workflows/kms-connector-docker-build.yml | |
| - kms-connector/crates/tx-sender/** | |
| - kms-connector/crates/utils/** | |
| - kms-connector/Cargo.* | |
| - gateway-contracts/rust-bindings/** | |
| build-tx-sender: | |
| needs: check-changes-tx-sender | |
| if: | | |
| github.event_name == 'release' | |
| || (github.event_name != 'workflow_dispatch' && needs.check-changes-tx-sender.outputs.changes == 'true') | |
| || (github.event_name == 'workflow_dispatch' && inputs.build_tx_sender) | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/kms-connector/tx-sender" | |
| docker-file: "./kms-connector/crates/tx-sender/Dockerfile" | |
| app-cache-dir: "fhevm-kms-connector-tx-sender" | |
| rust-toolchain-file-path: kms-connector/rust-toolchain.toml | |
| re-tag-tx-sender-image: | |
| needs: check-changes-tx-sender | |
| if: | | |
| needs.check-changes-tx-sender.outputs.changes != 'true' && github.event_name == 'push' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/kms-connector/tx-sender" | |
| previous-tag-or-commit: ${{ needs.check-changes-tx-sender.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} |