Skip to content

N
nebula
Commit d4d8d970 authored by Matthew Slipper's avatar Matthew Slipper
Browse files
Options

ci: Combine release jobs, add release approval 

Combines the Docker build/publish jobs into one, and makes them all depend on a `hold` job that asks for approval. The `hold` step allows someone from the `release-managers` security group to approve the build before it is released. Without this step, tags created by automation tools like GitHub Actions will not be pushed.
parent c8ab4754
Hide whitespace changes
Inline Side-by-side
Showing with 65 additions and 74 deletions
.circleci/config.yml
View file @ d4d8d970
...@@ -189,8 +189,22 @@ jobs: ...@@ -189,8 +189,22 @@ jobs:
DOCKER_TAGS=$(echo -ne <<parameters.docker_tags>> | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n]/-/g" | sed -e "s|^|${IMAGE_BASE}:|") DOCKER_TAGS=$(echo -ne <<parameters.docker_tags>> | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n]/-/g" | sed -e "s|^|${IMAGE_BASE}:|")
echo -ne $DOCKER_TAGS | tr ' ' '\n' | xargs -L1 docker push echo -ne $DOCKER_TAGS | tr ' ' '\n' | xargs -L1 docker push
docker-tag-op-stack-release: docker-release:
environment:
DOCKER_BUILDKIT: 1
parameters: parameters:
docker_name:
description: Docker image name
type: string
docker_tags:
description: Docker image tags as csv
type: string
docker_file:
description: Path to Dockerfile
type: string
docker_context:
description: Docker build context
type: string
registry: registry:
description: Docker registry description: Docker registry
type: string type: string
...@@ -199,17 +213,35 @@ jobs: ...@@ -199,17 +213,35 @@ jobs:
description: Docker repo description: Docker repo
type: string type: string
default: "oplabs-tools-artifacts/images" default: "oplabs-tools-artifacts/images"
docker: machine:
- image: cimg/python:3.7 image: ubuntu-2204:2022.07.1
resource_class: small resource_class: xlarge
steps: steps:
- gcp-cli/install - gcp-cli/install
- gcp-oidc-authenticate - gcp-oidc-authenticate
- checkout - checkout
- run: - run:
name: Tag name: Build
command: |
IMAGE_BASE="<<parameters.registry>>/<<parameters.repo>>/<<parameters.docker_name>>"
DOCKER_TAGS=$(echo -ne <<parameters.docker_tags>> | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n]/-/g" | sed -e "s|^|-t ${IMAGE_BASE}:|")
docker build \
$(echo -ne $DOCKER_TAGS | tr '\n' ' ') \
-f <<parameters.docker_file>> \
<<parameters.docker_context>>
- run:
name: Configure Docker
command: | command: |
gcloud auth configure-docker <<parameters.registry>> gcloud auth configure-docker <<parameters.registry>>
- run:
name: Publish
command: |
IMAGE_BASE="<<parameters.registry>>/<<parameters.repo>>/<<parameters.docker_name>>"
DOCKER_TAGS=$(echo -ne <<parameters.docker_tags>> | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n]/-/g" | sed -e "s|^|${IMAGE_BASE}:|")
echo -ne $DOCKER_TAGS | tr ' ' '\n' | xargs -L1 docker push
- run:
name: Tag
command: |
./ops/scripts/ci-docker-tag-op-stack-release.sh <<parameters.registry>>/<<parameters.repo>> $CIRCLE_TAG $CIRCLE_SHA1 ./ops/scripts/ci-docker-tag-op-stack-release.sh <<parameters.registry>>/<<parameters.repo>> $CIRCLE_TAG $CIRCLE_SHA1
contracts-bedrock-tests: contracts-bedrock-tests:
...@@ -1117,113 +1149,66 @@ workflows: ...@@ -1117,113 +1149,66 @@ workflows:
- op-proposer-docker-build - op-proposer-docker-build
release: release:
jobs: jobs:
- docker-build: - hold:
name: op-node-docker-build type: approval
context: oplabs-gcr-release
- docker-release:
name: op-node-docker-release
filters: filters:
tags: tags:
only: /^op-[a-z0-9\-]*\/v.*/ only: /^op-node\/v.*/
branches: branches:
ignore: /.*/ ignore: /.*/
docker_file: op-node/Dockerfile docker_file: op-node/Dockerfile
docker_name: op-node docker_name: op-node
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>> docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
docker_context: . docker_context: .
- docker-publish:
name: op-node-docker-publish
filters:
tags:
only: /^op-[a-z0-9\-]*\/v.*/
branches:
ignore: /.*/
docker_name: op-node
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
context: context:
- oplabs-gcr - oplabs-gcr-release
requires: requires:
- op-node-docker-build - hold
- docker-build: - docker-release:
name: op-batcher-docker-build name: op-batcher-docker-release
filters: filters:
tags: tags:
only: /^op-[a-z0-9\-]*\/v.*/ only: /^op-batcher\/v.*/
branches: branches:
ignore: /.*/ ignore: /.*/
docker_file: op-batcher/Dockerfile docker_file: op-batcher/Dockerfile
docker_name: op-batcher docker_name: op-batcher
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>> docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
docker_context: . docker_context: .
- docker-publish:
name: op-batcher-docker-publish
filters:
tags:
only: /^op-[a-z0-9\-]*\/v.*/
branches:
ignore: /.*/
docker_name: op-batcher
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
context: context:
- oplabs-gcr - oplabs-gcr-release
requires: requires:
- op-batcher-docker-build - hold
- docker-build: - docker-release:
name: op-proposer-docker-build name: op-proposer-docker-release
filters: filters:
tags: tags:
only: /^op-[a-z0-9\-]*\/v.*/ only: /^op-proposer\/v.*/
branches: branches:
ignore: /.*/ ignore: /.*/
docker_file: op-proposer/Dockerfile docker_file: op-proposer/Dockerfile
docker_name: op-proposer docker_name: op-proposer
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>> docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
docker_context: . docker_context: .
- docker-publish:
name: op-proposer-docker-publish
filters:
tags:
only: /^op-[a-z0-9\-]*\/v.*/
branches:
ignore: /.*/
docker_name: op-proposer
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
context: context:
- oplabs-gcr - oplabs-gcr-release
requires: requires:
- op-proposer-docker-build - hold
- docker-build: - docker-build:
name: op-migrate-docker-build name: op-migrate-docker-release
filters: filters:
tags: tags:
only: /^op-[a-z0-9\-]*\/v.*/ only: /^op-migrate\/v.*/
branches: branches:
ignore: /.*/ ignore: /.*/
docker_file: op-chain-ops/Dockerfile docker_file: op-chain-ops/Dockerfile
docker_name: op-migrate docker_name: op-migrate
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>> docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
docker_context: . docker_context: .
- docker-publish:
name: op-migrate-docker-publish
filters:
tags:
only: /^op-[a-z0-9\-]*\/v.*/
branches:
ignore: /.*/
docker_name: op-migrate
docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
context:
- oplabs-gcr
requires:
- op-migrate-docker-build
- docker-tag-op-stack-release:
name: docker-tag-op-stack-release
filters:
tags:
only: /^op-[a-z0-9\-]*\/v.*/
branches:
ignore: /.*/
requires:
- op-node-docker-publish
- op-proposer-docker-publish
- op-batcher-docker-publish
- op-migrate-docker-publish
context: context:
- oplabs-gcr-release - oplabs-gcr-release
requires:
- hold
\ No newline at end of file
ops/scripts/ci-docker-tag-op-stack-release.sh
View file @ d4d8d970
...@@ -35,5 +35,11 @@ fi ...@@ -35,5 +35,11 @@ fi
echo "Tagging $SOURCE_IMAGE_TAG with '$IMAGE_TAG'" echo "Tagging $SOURCE_IMAGE_TAG with '$IMAGE_TAG'"
gcloud container images add-tag -q "$SOURCE_IMAGE_TAG" "$TARGET_IMAGE_TAG" gcloud container images add-tag -q "$SOURCE_IMAGE_TAG" "$TARGET_IMAGE_TAG"
# Do not tag with latest if the release is a release candidate.
if [[ "$IMAGE_TAG" == *"rc"* ]]; then
echo "Not tagging with 'latest' because the release is a release candidate."
exit 0
fi
echo "Tagging $SOURCE_IMAGE_TAG with 'latest'" echo "Tagging $SOURCE_IMAGE_TAG with 'latest'"
gcloud container images add-tag -q "$SOURCE_IMAGE_TAG" "$TARGET_IMAGE_TAG_LATEST" gcloud container images add-tag -q "$SOURCE_IMAGE_TAG" "$TARGET_IMAGE_TAG_LATEST"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment