-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Expand file tree
/
Copy pathgolden-container-images-docker-build-rust.yml
More file actions
98 lines (94 loc) · 3.84 KB
/
golden-container-images-docker-build-rust.yml
File metadata and controls
98 lines (94 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: golden-container-images-docker-build-rust
on:
workflow_dispatch:
inputs:
push_image:
description: 'Push the image to the registry'
default: true
required: true
type: boolean
tag:
description: 'Tag to use for the image'
default: 'latest'
required: true
type: string
pull_request:
permissions: {}
concurrency:
group: golden-rust-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
check-changes:
name: golden-container-images-docker-build-rust/check-changes
permissions:
actions: 'read' # Required to read workflow run information
contents: 'read' # Required to checkout repository code
pull-requests: 'read' # Required to read pull request information
runs-on: ubuntu-latest
outputs:
changes-golden-rust: ${{ steps.filter.outputs.golden-rust }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: 'false'
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
golden-rust:
- '.github/workflows/golden-container-images-docker-build-rust.yml'
- 'golden-container-images/rust-glibc/**'
- toolchain.txt
determine-tag:
name: golden-container-images-docker-build-rust/determine-tag
permissions:
actions: 'read' # Required to read workflow run information
contents: 'read' # Required to checkout repository code
pull-requests: 'read' # Required to read pull request information
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.set-tag.outputs.tag }}
steps:
- name: Checkout Project
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: 'false'
- id: set-tag
env:
TAG: ${{ github.event.inputs.tag }}
WORKSPACE: ${{ github.workspace }}
run: |
if [[ -n "${TAG}" ]]; then
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
else
if [[ -f "${WORKSPACE}/toolchain.txt" ]]; then
echo "tag=$(cat "${WORKSPACE}"/toolchain.txt)" >> "$GITHUB_OUTPUT"
fi
fi
build:
name: golden-container-images-docker-build-rust/build
needs: [check-changes, determine-tag]
if: ${{ needs.check-changes.outputs.changes-golden-rust == 'true' }}
uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@6c72e3dbc894744c1e228fb165f4c4d657e475b6 # v1.0.1
secrets:
AWS_ACCESS_KEY_S3_USER: ${{ secrets.AWS_ACCESS_KEY_S3_USER }}
AWS_SECRET_KEY_S3_USER: ${{ secrets.AWS_SECRET_KEY_S3_USER }}
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
CGR_USERNAME: ${{ secrets.CGR_USERNAME }}
CGR_PASSWORD: ${{ secrets.CGR_PASSWORD }}
permissions:
actions: 'read' # Required to read workflow run information
contents: 'read' # Required to checkout repository code
pull-requests: 'read' # Required to read pull request information
attestations: 'write' # Required to create build attestations
packages: 'write' # Required to publish Docker images
id-token: 'write' # Required for OIDC authentication
with:
use-cgr-secrets: true
working-directory: "."
push_image: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true' || github.event_name != 'workflow_dispatch' && true }}
image-name: "fhevm/gci/rust-glibc"
image-tag: ${{ needs.determine-tag.outputs.tag }}
docker-file: "./golden-container-images/rust-glibc/Dockerfile"
app-cache-dir: "fhevm-golden-rust"
ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', github.event.inputs.tag) || '' }}