lighthouse/.github/workflows/docker.yml
Michael Sproul 1a748699d9 Rust 1.50 fixes (#2199)
## Issue Addressed

https://rustsec.org/advisories/RUSTSEC-2021-0021.html

## Proposed Changes

* Bump `nb-connect` to avoid the above advisory (and migrate from the yanked crate)
* Add a `rustup update stable` to the Docker build to fix this issue: https://github.com/sigp/lighthouse/actions/runs/567075245
2021-02-15 06:09:54 +00:00

99 lines
4.0 KiB
YAML

name: docker
on:
push:
branches:
- unstable
- stable
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
IMAGE_NAME: sigp/lighthouse
jobs:
extract-branch-name:
runs-on: ubuntu-18.04
steps:
- name: Extract branch name
run: echo "::set-output name=BRANCH_NAME::$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
outputs:
BRANCH_NAME: ${{ steps.extract_branch.outputs.BRANCH_NAME }}
build-docker-arm64:
runs-on: ubuntu-18.04
needs: [extract-branch-name]
# We need to enable experimental docker features in order to use `docker buildx`
env:
DOCKER_CLI_EXPERIMENTAL: enabled
steps:
- uses: actions/checkout@v2
- name: Update Rust
run: rustup update stable
- name: Dockerhub login
run: |
echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin
- name: Cross build lighthouse binary
run: |
cargo install cross
make build-aarch64-portable
- name: Move cross-built ARM binary into Docker scope
run: |
mkdir ./bin;
mv ./target/aarch64-unknown-linux-gnu/release/lighthouse ./bin;
- name: Set Env
if: needs.extract-branch-name.outputs.BRANCH_NAME == 'unstable'
run: |
echo "TAG_SUFFIX=-unstable" >> $GITHUB_ENV;
# Install dependencies for emulation. Have to create a new builder to pick up emulation support.
- name: Build ARM64 dockerfile (with push)
run: |
docker run --privileged --rm tonistiigi/binfmt --install arm64
docker buildx create --use --name cross-builder
docker buildx build \
--platform=linux/arm64 \
--file ./Dockerfile.cross . \
--tag ${IMAGE_NAME}:latest-arm64${TAG_SUFFIX} \
--push
build-docker-amd64:
runs-on: ubuntu-18.04
needs: [extract-branch-name]
steps:
- uses: actions/checkout@v2
- name: Update Rust
run: rustup update stable
- name: Dockerhub login
run: |
echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin
- name: Set Env
if: needs.extract-branch-name.outputs.BRANCH_NAME == 'unstable'
run: |
echo "TAG_SUFFIX=-unstable" >> $GITHUB_ENV;
- name: Build AMD64 dockerfile (with push)
run: |
docker build \
--build-arg PORTABLE=true \
--tag ${IMAGE_NAME}:latest-amd64${TAG_SUFFIX} \
--file ./Dockerfile .
docker push ${IMAGE_NAME}:latest-amd64${TAG_SUFFIX}
build-docker-multiarch:
runs-on: ubuntu-18.04
needs: [build-docker-arm64, build-docker-amd64, extract-branch-name]
# We need to enable experimental docker features in order to use `docker manifest`
env:
DOCKER_CLI_EXPERIMENTAL: enabled
steps:
- name: Dockerhub login
run: |
echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin
- name: Set Env
if: needs.extract-branch-name.outputs.BRANCH_NAME == 'unstable'
run: |
echo "TAG_SUFFIX=-unstable" >> $GITHUB_ENV;
- name: Create and push multiarch manifest
run: |
docker manifest create ${IMAGE_NAME}:latest${TAG_SUFFIX} \
--amend ${IMAGE_NAME}:latest-arm64${TAG_SUFFIX} \
--amend ${IMAGE_NAME}:latest-amd64${TAG_SUFFIX};
docker manifest push ${IMAGE_NAME}:latest${TAG_SUFFIX}