constellation/.github/workflows/build-coordinator.yml

108 lines
4.0 KiB
YAML
Raw Normal View History

name: Build and Upload the Coordinator
on:
workflow_dispatch:
push:
branches:
- main
jobs:
build-coordinator:
name: "Build the Coordinator"
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
outputs:
coordinator-name: ${{ steps.copy.outputs.coordinator-name }}
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Install Dependencies
id: prepare
run: sudo apt-get update && sudo apt-get -y install awscli
- name: Build the Coordinator
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.build
outputs: .
push: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
# This ugly bit is necessary if you don't want your cache to grow forever
# till it hits GitHub's limit of 5GB.
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Copy Coordinator to S3 if not exists
id: copy
run: >
aws s3api head-object --bucket ${{ secrets.PUBLIC_BUCKET_NAME }} --key coordinator/$(ls | grep "coordinator-")
|| (
echo "::set-output name=coordinator-name::$(ls | grep "coordinator-")"
&& aws s3 cp ${{ github.workspace }}/ s3://${{ secrets.PUBLIC_BUCKET_NAME }}/coordinator/ --exclude "*" --include "coordinator-*" --include "constellation" --recursive --quiet)
shell: bash {0}
call-coreos:
needs: build-coordinator
if: startsWith(needs.build-coordinator.outputs.coordinator-name, 'coordinator-')
uses: ./.github/workflows/build-coreos.yml
with:
coordinator-name: ${{ needs.build-coordinator.outputs.coordinator-name }}
secrets:
CI_GITHUB_REPOSITORY: ${{ secrets.CI_GITHUB_REPOSITORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
PUBLIC_BUCKET_NAME: ${{ secrets.PUBLIC_BUCKET_NAME }}
SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }}
SSH_PUB_KEY_PATH: ${{ secrets.SSH_PUB_KEY_PATH }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
call-aws-enclave:
needs: build-coordinator
if: startsWith(needs.build-coordinator.outputs.coordinator-name, 'coordinator-')
uses: ./.github/workflows/build-enclave.yml
with:
coordinator-name: ${{ needs.build-coordinator.outputs.coordinator-name }}
secrets:
CI_GITHUB_REPOSITORY: ${{ secrets.CI_GITHUB_REPOSITORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
PUBLIC_BUCKET_NAME: ${{ secrets.PUBLIC_BUCKET_NAME }}
SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }}
SSH_PUB_KEY_PATH: ${{ secrets.SSH_PUB_KEY_PATH }}
call-aws-ami:
needs: call-aws-enclave
uses: ./.github/workflows/build-ami.yml
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}