-
Notifications
You must be signed in to change notification settings - Fork 0
198 lines (179 loc) · 8.11 KB
/
docker.yml
File metadata and controls
198 lines (179 loc) · 8.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
name: Docker Container
on:
push:
branches: [main]
pull_request:
branches: [main]
release:
types: [published]
workflow_dispatch:
inputs:
include_duckdb:
description: 'Build images with DuckDB support enabled'
required: false
type: boolean
default: false
deploy_phala:
description: 'Deploy the dstack image to Phala after build'
required: false
type: boolean
default: false
image_version:
description: 'Manual image version to tag/deploy, without leading v. Defaults to the selected ref name.'
required: false
type: string
default: ''
env:
REGISTRY: ghcr.io
IMAGE_NAME: tinycloudlabs/tinycloud-node
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Resolve optional build features
id: build_features
run: |
FEATURES=""
IMAGE_SUFFIX=""
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.include_duckdb }}" = "true" ]; then
FEATURES="duckdb"
IMAGE_SUFFIX="-duckdb"
fi
echo "cargo_features=${FEATURES}" >> "$GITHUB_OUTPUT"
echo "image_suffix=${IMAGE_SUFFIX}" >> "$GITHUB_OUTPUT"
echo "manual_version=${{ inputs.image_version }}" >> "$GITHUB_OUTPUT"
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},suffix=${{ steps.build_features.outputs.image_suffix }}
type=semver,pattern={{major}}.{{minor}},suffix=${{ steps.build_features.outputs.image_suffix }}
type=semver,pattern={{major}},suffix=${{ steps.build_features.outputs.image_suffix }}
type=raw,value=${{ steps.build_features.outputs.manual_version }}${{ steps.build_features.outputs.image_suffix }},enable=${{ github.event_name == 'workflow_dispatch' && steps.build_features.outputs.manual_version != '' }}
type=sha,prefix=
type=raw,value=latest${{ steps.build_features.outputs.image_suffix }},enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name == 'release' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: CARGO_FEATURES=${{ steps.build_features.outputs.cargo_features }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-dstack:
runs-on: ubuntu-latest
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Resolve optional build features
id: build_features
run: |
FEATURES="dstack"
IMAGE_SUFFIX=""
SHA_PREFIX="dstack-"
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.include_duckdb }}" = "true" ]; then
FEATURES="dstack duckdb"
IMAGE_SUFFIX="-duckdb"
SHA_PREFIX="dstack-duckdb-"
fi
echo "cargo_features=${FEATURES}" >> "$GITHUB_OUTPUT"
echo "image_suffix=${IMAGE_SUFFIX}" >> "$GITHUB_OUTPUT"
echo "sha_prefix=${SHA_PREFIX}" >> "$GITHUB_OUTPUT"
echo "manual_version=${{ inputs.image_version }}" >> "$GITHUB_OUTPUT"
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},suffix=-dstack${{ steps.build_features.outputs.image_suffix }}
type=semver,pattern={{major}}.{{minor}},suffix=-dstack${{ steps.build_features.outputs.image_suffix }}
type=semver,pattern={{major}},suffix=-dstack${{ steps.build_features.outputs.image_suffix }}
type=raw,value=${{ steps.build_features.outputs.manual_version }}-dstack${{ steps.build_features.outputs.image_suffix }},enable=${{ github.event_name == 'workflow_dispatch' && steps.build_features.outputs.manual_version != '' }}
type=sha,prefix=${{ steps.build_features.outputs.sha_prefix }}
type=raw,value=dstack${{ steps.build_features.outputs.image_suffix }},enable={{is_default_branch}}
- name: Build and push dstack Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: CARGO_FEATURES=${{ steps.build_features.outputs.cargo_features }}
cache-from: type=gha,scope=dstack
cache-to: type=gha,mode=max,scope=dstack
deploy-phala:
runs-on: ubuntu-latest
needs: [build, build-dstack]
if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && inputs.deploy_phala)
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Phala CLI
run: npm install -g phala
- name: Update compose with release tag
run: |
if [ "${{ github.event_name }}" = "release" ]; then
TAG="${{ github.event.release.tag_name }}"
else
TAG="${{ inputs.image_version }}"
if [ -z "${TAG}" ]; then
if [ "${GITHUB_REF_TYPE}" != "tag" ]; then
echo "::error::workflow_dispatch deploy_phala requires image_version unless the workflow is run from a tag"
exit 1
fi
TAG="${GITHUB_REF_NAME}"
fi
fi
# metadata-action emits {{version}} without the leading v (e.g. 1.3.0).
# Strip a leading v from the tag to match the pushed image tag.
VERSION="${TAG#v}"
DUCKDB_SUFFIX=""
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.include_duckdb }}" = "true" ]; then
DUCKDB_SUFFIX="-duckdb"
fi
# The prod CVM uses the dstack-suffixed image. Replace the floating
# ":dstack" tag in the checked-in compose with the versioned tag
# built by the build-dstack job (e.g. ":1.3.0-dstack" or
# ":1.3.0-dstack-duckdb").
sed -i "s|ghcr.io/tinycloudlabs/tinycloud-node:dstack|ghcr.io/tinycloudlabs/tinycloud-node:${VERSION}-dstack${DUCKDB_SUFFIX}|g" docker-compose.dstack-postgres.yaml
echo "Resolved image tag: ghcr.io/tinycloudlabs/tinycloud-node:${VERSION}-dstack${DUCKDB_SUFFIX}"
cat docker-compose.dstack-postgres.yaml
- name: Deploy to Phala Cloud
env:
PHALA_CLOUD_API_KEY: ${{ secrets.PHALA_CLOUD_API_KEY }}
# Update the existing prod CVM (name: tinycloud-node) in the
# Tiny Cloud workspace. The PHALA_CLOUD_API_KEY secret is
# workspace-scoped and must be issued from that workspace.
run: phala deploy --cvm-id tinycloud-node -c docker-compose.dstack-postgres.yaml --wait