*run Docker rust build reusable workflow #171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "*run Docker rust build reusable workflow" | |
on: | |
workflow_call: | |
inputs: | |
GIT_SHA: | |
required: true | |
type: string | |
description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built | |
TARGET_CACHE_ID: | |
required: true | |
type: string | |
description: ID of the docker cache to use for the build | |
FEATURES: | |
required: false | |
type: string | |
description: The cargo features to build. If not specified, none will be built other than those specified in cargo config | |
PROFILE: | |
default: release | |
required: false | |
type: string | |
description: The cargo profile to build. If not specified, the default release profile will be used | |
BUILD_ADDL_TESTING_IMAGES: | |
default: false | |
required: false | |
type: boolean | |
description: Whether to build additional testing images. If not specified, only the base release images will be built | |
TARGET_REGISTRY: | |
default: gcp | |
required: false | |
type: string | |
description: The target docker registry to push to | |
workflow_dispatch: | |
inputs: | |
GIT_SHA: | |
required: true | |
type: string | |
description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built | |
FEATURES: | |
required: false | |
type: string | |
description: The cargo features to build. If not specified, none will be built other than those specified in cargo config | |
PROFILE: | |
default: release | |
required: false | |
type: string | |
description: The cargo profile to build. If not specified, the default release profile will be used | |
BUILD_ADDL_TESTING_IMAGES: | |
default: false | |
required: false | |
type: boolean | |
description: Whether to build additional testing images. If not specified, only the base release images will be built | |
TARGET_REGISTRY: | |
default: gcp | |
required: false | |
type: string | |
description: The target docker registry to push to | |
env: | |
GIT_SHA: ${{ inputs.GIT_SHA }} | |
TARGET_CACHE_ID: ${{ inputs.TARGET_CACHE_ID || inputs.GIT_SHA }} # on workflow_dispatch, the build is one-off, so use the git sha as the cache id instead of another key | |
PROFILE: ${{ inputs.PROFILE }} | |
FEATURES: ${{ inputs.FEATURES }} | |
BUILD_ADDL_TESTING_IMAGES: ${{ inputs.BUILD_ADDL_TESTING_IMAGES }} | |
AWS_ECR_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} | |
GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} | |
TARGET_REGISTRY: ${{ inputs.TARGET_REGISTRY }} | |
permissions: | |
contents: read | |
id-token: write #required for GCP Workload Identity federation which we use to login into Google Artifact Registry | |
jobs: | |
rust-all: | |
runs-on: runs-on,cpu=64,family=c7,hdd=1024,image=aptos-ubuntu-x64,run-id=${{ github.run_id }},spot=co | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.GIT_SHA }} | |
- name: Setup Runs On Cache for Docker | |
uses: runs-on/cache@v4 | |
with: | |
path: | | |
/home/runner/docker-cache.tzst | |
key: docker-buildkit-cache-${{ env.PROFILE }}-${{ env.FEATURES }}${{ hashFiles('Cargo.lock') }} | |
- name: Untar cache if present | |
run: | | |
if [ -f /home/runner/docker-cache.tzst ]; then | |
sudo systemctl stop docker | |
sudo tar --posix -xf /home/runner/docker-cache.tzst -P -C /var/lib/docker --use-compress-program zstdmt . | |
sudo systemctl start docker | |
fi | |
- uses: aptos-labs/aptos-core/.github/actions/docker-setup@main | |
with: | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
- name: Build and Push Rust images | |
run: docker/builder/docker-bake-rust-all.sh | |
env: | |
PROFILE: ${{ env.PROFILE }} | |
FEATURES: ${{ env.FEATURES }} | |
BUILD_ADDL_TESTING_IMAGES: ${{ env.BUILD_ADDL_TESTING_IMAGES }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
TARGET_REGISTRY: ${{ env.TARGET_REGISTRY }} | |
- name: Prepare Docker for Caching | |
run: | | |
if [ ! -f /home/runner/docker-cache.tzst ]; then | |
sudo systemctl stop docker | |
sudo tar --posix -cf /home/runner/docker-cache.tzst -P -C /var/lib/docker --use-compress-program zstdmt . | |
fi | |