Skip to content

Commit

Permalink
ci: Build and publish container in CI
Browse files Browse the repository at this point in the history
* Check that container builds on PR
* Publish container from master branch
  • Loading branch information
NickeZ committed Aug 19, 2024
1 parent 22ca579 commit f3d1dea
Show file tree
Hide file tree
Showing 8 changed files with 113 additions and 1 deletion.
23 changes: 23 additions & 0 deletions .ci/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
CI Design guidelines

* Keep as much of scripting as possible in scripts and outside of github action yaml files
* The docker image is rebuilt if the `Dockerfile` or `.containerversion` file is modified.
* If there are changes in the `Dockerfile`, then `.containerversion` must be updated with an
unpublished version number.
* When there are changes to `Dockerfile` and `.containerversion` the master branch job will
publish that version as the latest to docker hub.
* On pull request events github will checkout a version of the tree that is PR branch merged into
the base branch. When we look for what is modifed we can diff HEAD^1 to HEAD.

o-----o <-- Pull requst branch
/ \
o--o--o------o <-- (HEAD)
\
github.base_ref (base being merged into, typically master)

* On push events we get hashes of last commit before and after the push. And the last commit after
is checked out. When we look for what changed we can diff github.event.before to HEAD.

o--o--o------o <-- github.event.after (HEAD)
\
github.event.before
8 changes: 8 additions & 0 deletions .ci/build-container
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

set -e

CONTAINER_REPO=shiftcrypto/firmware_v2
CONTAINER_VERSION=$(cat .containerversion)

docker build --no-cache -t $CONTAINER_REPO:latest -t $CONTAINER_REPO:$CONTAINER_VERSION .
14 changes: 14 additions & 0 deletions .ci/check-container-sources-modified
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash
#
# This script works on merge commits. <rev>^1 means the first parent of <rev>.
#
# When the github action creates a temporary merge commit for a pull request, the first parent will
# be the base (the branch being merged into).

set -e

if git diff --name-only HEAD^1 HEAD | grep -E '^(\.containerversion|Dockerfile)' >/dev/null; then
echo "modified=true"
exit
fi
echo "modified=false"
14 changes: 14 additions & 0 deletions .ci/check-container-version-published
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash

set -e

CONTAINER_REPO=shiftcrypto/firmware_v2
CONTAINER_VERSION=$(cat .containerversion)

# docker manifest returns 1 (error) if the container doesn't exist and 0 (success) if it does.
if docker manifest inspect $CONTAINER_REPO:$CONTAINER_VERSION > /dev/null; then
>&2 echo Container version \'$CONTAINER_VERSION\' exists.
echo container-published=true
exit
fi
echo container-published=false
9 changes: 9 additions & 0 deletions .ci/publish-container
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash

set -e

CONTAINER_REPO=shiftcrypto/firmware_v2
CONTAINER_VERSION=$(cat .containerversion)

docker push $CONTAINER_REPO:latest
docker push $CONTAINER_REPO:$CONTAINER_VERSION
16 changes: 15 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
- master

jobs:
linux-docker:
ci:
runs-on: ubuntu-22.04
steps:
- name: Clone the repo
Expand All @@ -17,8 +17,22 @@ jobs:
fetch-depth: 0
fetch-tags: true
submodules: recursive

- name: Check if container should be published
id: checks
run: ./.ci/check-container-version-published >> $GITHUB_OUTPUT

- name: Build container
if: steps.checks.outputs.container-published == 'false'
run: ./.ci/build-container

- name: Publish container
if: steps.checks.outputs.container-published == 'false'
run: ./.ci/publish-container

- name: Pull CI container image
run: ./.ci/pull-container

- name: Run CI in container
env:
COMPARE_REV: ${{ github.event.before }}
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/pr-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,21 @@ jobs:
submodules: recursive
fetch-depth: 0

- name: Check if container files was modified and if container version already exists
id: checks
run: |
./.ci/check-container-sources-modified >> "$GITHUB_OUTPUT"
./.ci/check-container-version-published >> "$GITHUB_OUTPUT"
- name: Build container image
if: steps.checks.outputs.modified == 'true'
run: |
if "${{ steps.checks.outputs.container-published }}" == "true"; then
echo "::error::Container modified but version $(cat .containerversion) already published"
exit 1
fi
./.ci/build-container
- name: Pull container image
run: ./.ci/pull-container

Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/prt-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,21 @@ jobs:
echo "merge commit parents:"
git log -1 --format="Head %H, Parents %P"
- name: Check if container files was modified and if container version already exists
id: checks
run: |
./.ci/check-container-sources-modified >> "$GITHUB_OUTPUT"
./.ci/check-container-version-published >> "$GITHUB_OUTPUT"
- name: Build container image
if: steps.checks.outputs.modified == 'true'
run: |
if "${{ steps.checks.outputs.container-published }}" == "true"; then
echo "::error::Container modified but version $(cat .containerversion) already published"
exit 1
fi
./.ci/build-container
- name: Pull container image
run: ./.ci/pull-container

Expand Down

0 comments on commit f3d1dea

Please sign in to comment.