diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000000..83ba1f7792e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,244 @@ +name: CI + +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +# common variable is defined in the workflow +# repo env variable doesn't work for PR from forks +env: + CI_IMAGE: "paritytech/ci-unified:bullseye-1.81.0-2024-09-11-v202409111034" + +jobs: + set-variables: + # This workaround sets the container image for each job using 'set-variables' job output. + # env variables don't work for PR from forks, so we need to use outputs. + runs-on: ubuntu-latest + outputs: + CI_IMAGE: ${{ steps.set_image.outputs.CI_IMAGE }} + VERSION: ${{ steps.version.outputs.VERSION }} + steps: + - name: Set image + id: set_image + run: echo "CI_IMAGE=${{ env.CI_IMAGE }}" >> $GITHUB_OUTPUT + - name: Define version + id: version + run: | + export COMMIT_SHA=${{ github.sha }} + export COMMIT_SHA_SHORT=${COMMIT_SHA:0:8} + export REF_NAME=${{ github.ref_name }} + export REF_SLUG=${REF_NAME//\//_} + if [[ ${REF_SLUG} == "master" ]] + then + VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT} + echo "VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT}" >> $GITHUB_OUTPUT + else + VERSION=${REF_SLUG} + echo "VERSION=${REF_SLUG}" >> $GITHUB_OUTPUT + fi + echo "set VERSION=${VERSION}" + + fmt: + name: Cargo fmt + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Cargo fmt + run: cargo +nightly fmt --all -- --check + + # todo: fixme + clippy: + name: Clippy + runs-on: ubuntu-latest + needs: [set-variables] + continue-on-error: true + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + # disabled until the jobs is fixed + # - name: Rust Cache + # uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + # with: + # cache-on-failure: true + # cache-all-crates: true + + - name: Clippy + run: SKIP_WASM_BUILD=1 cargo clippy --all-targets --locked --workspace + + spellcheck: + name: Spellcheck + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Spellcheck + run: cargo spellcheck check --cfg=.config/spellcheck.toml --checkers hunspell -m 1 $(find . -type f -name '*.rs' ! -path "./target/*" ! -name 'codegen_runtime.rs' ! -name 'weights.rs') + + # todo: fixme + check: + name: Check + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + # disabled until the jobs is fixed + # - name: Rust Cache + # uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + # with: + # cache-on-failure: true + # cache-all-crates: true + + - name: Check + run: SKIP_WASM_BUILD=1 time cargo check --locked --workspace + + test: + name: Test + runs-on: parity-large + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Rust Cache + uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + with: + cache-on-failure: true + cache-all-crates: true + + - name: Test + run: | + cargo fetch + CARGO_NET_OFFLINE=true SKIP_WASM_BUILD=1 time cargo test --workspace + + # do we really need this check? + deny: + name: Deny + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + # this job is allowed to fail, only licenses check is important + continue-on-error: true + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Deny + run: | + cargo deny check advisories --hide-inclusion-graph + cargo deny check bans sources --hide-inclusion-graph + + deny-licenses: + name: Deny License + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Deny License + run: cargo deny check licenses --hide-inclusion-graph + + check-rustdocs: + name: Check Rustdocs + runs-on: ubuntu-latest + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Rust Cache + uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + with: + cache-on-failure: true + cache-all-crates: true + + - name: Check Rustdocs + run: cargo doc --no-deps --all --workspace --document-private-items + + build: + name: Build + runs-on: parity-large + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Rust Cache + uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + with: + cache-on-failure: true + cache-all-crates: true + + - name: Build and pack artifact + run: | + cargo fetch + CARGO_NET_OFFLINE=true time cargo build --release --workspace + mkdir -p ./artifacts + strip ./target/release/substrate-relay + mv -v ./target/release/substrate-relay ./artifacts/ + mv -v ./deployments/local-scripts/bridge-entrypoint.sh ./artifacts/ + mv -v ./ci.Dockerfile ./artifacts/ + + - name: upload artifacts + uses: actions/upload-artifact@v4 + with: + name: build + path: ./artifacts/ + retention-days: 2 + + build_docker: + name: Build docker image + runs-on: ubuntu-latest + needs: [set-variables, build] + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: build + - name: Make scripts executable + run: | + chmod +x bridge-entrypoint.sh + chmod +x substrate-relay + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./ci.Dockerfile + push: false + tags: | + docker.io/paritytech/substrate-relay:${{ env.VERSION }} + docker.io/paritytech/bridges-common-relay:${{ env.VERSION }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000000..bcb4eecc8b7 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,129 @@ +name: Deploy + +on: + push: + tags: + - v* + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +# common variable is defined in the workflow +# repo env variable doesn't work for PR from forks +env: + CI_IMAGE: "paritytech/ci-unified:bullseye-1.81.0-2024-09-11-v202409111034" + +#to use reusable workflow +permissions: + id-token: write + contents: read + +jobs: + set-variables: + # This workaround sets the container image for each job using 'set-variables' job output. + # env variables don't work for PR from forks, so we need to use outputs. + runs-on: ubuntu-latest + outputs: + CI_IMAGE: ${{ steps.set_image.outputs.CI_IMAGE }} + VERSION: ${{ steps.version.outputs.VERSION }} + steps: + - name: Set image + id: set_image + run: echo "CI_IMAGE=${{ env.CI_IMAGE }}" >> $GITHUB_OUTPUT + - name: Define version + id: version + run: | + export COMMIT_SHA=${{ github.sha }} + export COMMIT_SHA_SHORT=${COMMIT_SHA:0:8} + export REF_NAME=${{ github.ref_name }} + export REF_SLUG=${REF_NAME//\//_} + if [[ ${REF_SLUG} == "master" ]] + then + VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT} + echo "VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT}" >> $GITHUB_OUTPUT + else + VERSION=${REF_SLUG} + echo "VERSION=${REF_SLUG}" >> $GITHUB_OUTPUT + fi + echo "set VERSION=${VERSION}" + + build: + name: Build + runs-on: parity-large + needs: [set-variables] + container: + image: ${{ needs.set-variables.outputs.CI_IMAGE }} + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Build and pack artifact + run: | + cargo fetch + CARGO_NET_OFFLINE=true time cargo build --release --workspace + mkdir -p ./artifacts + strip ./target/release/substrate-relay + mv -v ./target/release/substrate-relay ./artifacts/ + mv -v ./deployments/local-scripts/bridge-entrypoint.sh ./artifacts/ + mv -v ./ci.Dockerfile ./artifacts/ + + - name: upload artifacts + uses: actions/upload-artifact@v4 + with: + name: build + path: ./artifacts/ + retention-days: 2 + + build_push_docker: + name: Build docker image + runs-on: ubuntu-latest + environment: tags + needs: [set-variables, build] + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + steps: + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: build + - name: Make scripts executable + run: | + chmod +x bridge-entrypoint.sh + chmod +x substrate-relay + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./ci.Dockerfile + push: true + tags: | + docker.io/paritytech/substrate-relay:${{ env.VERSION }} + docker.io/paritytech/bridges-common-relay:${{ env.VERSION }} + + deploy-westend: + name: Deploy Westend + runs-on: ubuntu-latest + environment: parity-testnet + needs: [set-variables, build_push_docker] + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + ARGOCD_SERVER: "argocd-chains.teleport.parity.io" + steps: + - name: Deploy to ArgoCD + uses: paritytech/argocd-deployment-action@main + with: + environment: "parity-testnet" + tag: "${{ env.VERSION }}" + app_name: "bridges-common-relay" + app_packages: "headers-a,headers-b,parachains-a,parachains-b,messages-a,messages-b" + argocd_server: ${{ env.ARGOCD_SERVER }} + teleport_token: ${{ env.APP }} + teleport_app_name: "argocd-chains" + argocd_auth_token: ${{ secrets.ARGOCD_AUTH_TOKEN }} diff --git a/.github/workflows/gitspiegel-trigger.yml b/.github/workflows/gitspiegel-trigger.yml deleted file mode 100644 index dce3aaf2fec..00000000000 --- a/.github/workflows/gitspiegel-trigger.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: gitspiegel sync - -# This workflow doesn't do anything, it's only use is to trigger "workflow_run" -# webhook, that'll be consumed by gitspiegel -# This way, gitspiegel won't do mirroring, unless this workflow runs, -# and running the workflow is protected by GitHub - -on: - pull_request: - types: - - opened - - synchronize - - unlocked - - ready_for_review - - reopened - -jobs: - sync: - runs-on: ubuntu-latest - steps: - - name: Do nothing - run: echo "let's go" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 2605a6374a2..00000000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,407 +0,0 @@ -stages: - - test - - build - - publish - - publish-docker-description - - deploy - -variables: - GIT_STRATEGY: fetch - GIT_DEPTH: 100 - CARGO_INCREMENTAL: 0 - ARCH: "x86_64" - CI_IMAGE: "paritytech/ci-unified:bullseye-1.81.0-2024-09-11-v202409111034" - RUST_BACKTRACE: full - BUILDAH_IMAGE: "quay.io/buildah/stable:v1.29" - BUILDAH_COMMAND: "buildah --storage-driver overlay2" - -default: - cache: {} - interruptible: true - retry: - max: 2 - when: - - runner_system_failure - - unknown_failure - - api_failure - -.collect-artifacts: &collect-artifacts - artifacts: - name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}" - when: on_success - expire_in: 7 days - paths: - - artifacts/ - -.kubernetes-build: &kubernetes-build - tags: - - kubernetes-parity-build - -.docker-env: &docker-env - image: "${CI_IMAGE}" - before_script: - - rustup show - - cargo --version - - rustup +nightly show - - cargo +nightly --version - tags: - - linux-docker-vm-c2 - -.test-refs: &test-refs - rules: - - if: $CI_PIPELINE_SOURCE == "pipeline" - - if: $CI_PIPELINE_SOURCE == "web" - - if: $CI_PIPELINE_SOURCE == "schedule" - - if: $CI_COMMIT_REF_NAME == "master" - - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - -.test-only-refs: &test-only-refs - rules: - - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - -.publish-refs: &publish-refs - rules: - # won't run on the CI image update pipeline - - if: $CI_PIPELINE_SOURCE == "pipeline" - when: never - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]{4}-[0-9]{2}-[0-9]{2}.*$/ # i.e. v2021-09-27, v2021-09-27-1 - # there are two types of nightly pipelines: - # 1. this one is triggered by the schedule with $PIPELINE == "nightly", it's for releasing. - # this job runs only on nightly pipeline with the mentioned variable, against `master` branch - - if: $CI_PIPELINE_SOURCE == "schedule" && $PIPELINE == "nightly" - -.nightly-test: &nightly-test - rules: - # 2. another is triggered by scripts repo $CI_PIPELINE_SOURCE == "pipeline" it's for the CI image - # update, it also runs all the nightly checks. - - if: $CI_PIPELINE_SOURCE == "pipeline" - -.deploy-refs: &deploy-refs - rules: - - if: $CI_PIPELINE_SOURCE == "pipeline" - when: never - - if: $SCHEDULED_JOB - when: never - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - when: manual - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]{4}-[0-9]{2}-[0-9]{2}.*$/ # i.e. v2021-09-27, v2021-09-27-1 - when: manual - - - -#### stage: test - -clippy-nightly: - stage: test - <<: *docker-env - <<: *test-refs - variables: - RUSTFLAGS: "-D warnings" - script: - - SKIP_WASM_BUILD=1 cargo clippy --all-targets --locked --workspace - -fmt: - stage: test - <<: *docker-env - <<: *test-refs - script: - - cargo +nightly fmt --all -- --check - -spellcheck: - stage: test - <<: *docker-env - <<: *test-refs - script: - - cargo spellcheck check --cfg=.config/spellcheck.toml --checkers hunspell -m 1 $(find . -type f -name '*.rs' ! -path "./target/*" ! -name 'codegen_runtime.rs' ! -name 'weights.rs') - -check: - stage: test - <<: *docker-env - <<: *test-refs - script: &check-script - - SKIP_WASM_BUILD=1 time cargo check --locked --verbose --workspace - -check-nightly: - stage: test - <<: *docker-env - <<: *nightly-test - script: - - rustup default nightly - - *check-script - -test: - stage: test - <<: *docker-env - <<: *test-refs -# variables: -# RUSTFLAGS: "-D warnings" - script: &test-script - - time cargo fetch - # Enable this, when you see: "`cargo metadata` can not fail on project `Cargo.toml`" - #- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"` - #- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"kusama-runtime\").manifest_path"` - - CARGO_NET_OFFLINE=true SKIP_WASM_BUILD=1 time cargo test --verbose --workspace - -test-nightly: - stage: test - <<: *docker-env - <<: *nightly-test - script: - - rustup default nightly - - *test-script - -deny: - stage: test - <<: *docker-env - <<: *nightly-test - <<: *collect-artifacts - script: - - cargo deny check advisories --hide-inclusion-graph - - cargo deny check bans sources --hide-inclusion-graph - after_script: - - mkdir -p ./artifacts - - echo "___Complete logs can be found in the artifacts___" - - cargo deny check advisories 2> advisories.log - - cargo deny check bans sources 2> bans_sources.log - # this job is allowed to fail, only licenses check is important - allow_failure: true - -deny-licenses: - stage: test - <<: *docker-env - <<: *test-refs - <<: *collect-artifacts - script: - - cargo deny check licenses --hide-inclusion-graph - after_script: - - mkdir -p ./artifacts - - echo "___Complete logs can be found in the artifacts___" - - cargo deny check licenses 2> licenses.log - -check-rustdoc: - stage: test - <<: *docker-env - <<: *test-refs - variables: - SKIP_WASM_BUILD: 1 - RUSTDOCFLAGS: "-Dwarnings" - script: - - time cargo doc --workspace --verbose --no-deps --all-features - -partial-repo-pallets-build-test: - stage: test - <<: *docker-env - <<: *nightly-test - script: - - ./scripts/verify-pallets-build.sh --no-revert - # we may live with failing partial repo build, it is just a signal for us - allow_failure: true - -build: - stage: test - rules: - # won't run on the CI image update pipeline - - if: $CI_PIPELINE_SOURCE == "pipeline" - when: never - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]{4}-[0-9]{2}-[0-9]{2}.*$/ # i.e. v2021-09-27, v2021-09-27-1 - - if: $CI_PIPELINE_SOURCE == "schedule" && $PIPELINE == "nightly" - - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - <<: *docker-env - <<: *collect-artifacts - # master - script: &build-script - - time cargo fetch - # Enable this, when you see: "`cargo metadata` can not fail on project `Cargo.toml`" - #- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"` - #- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"kusama-runtime\").manifest_path"` - - CARGO_NET_OFFLINE=true time cargo build --release --verbose --workspace - after_script: - # Prepare artifacts - - mkdir -p ./artifacts - - strip ./target/release/substrate-relay - - mv -v ./target/release/substrate-relay ./artifacts/ - - mv -v ./deployments/local-scripts/bridge-entrypoint.sh ./artifacts/ - - mv -v ./ci.Dockerfile ./artifacts/ - -build-nightly: - stage: build - <<: *docker-env - <<: *collect-artifacts - <<: *nightly-test - script: - - rustup default nightly - - *build-script - -#### stage: publish - -# check that images can be built -.build-image: &build-image - <<: *kubernetes-build - image: $BUILDAH_IMAGE - <<: *test-only-refs - variables: &build-image-variables - GIT_STRATEGY: none - DOCKERFILE: ci.Dockerfile - needs: - - job: build - artifacts: true - script: - # trim "-build-docker" from job name - - export DOCKER_IMAGE_NAME="${CI_JOB_NAME::-13}" - - if [[ "${CI_JOB_NAME::-13}" == "bridges-common-relay" ]]; then - export BRIDGES_PROJECT="substrate-relay"; - else - export BRIDGES_PROJECT="${CI_JOB_NAME::-13}"; - fi - - export IMAGE_NAME=docker.io/paritytech/${DOCKER_IMAGE_NAME} - - echo "Building ${IMAGE_NAME}" - - cd ./artifacts - - $BUILDAH_COMMAND build - --format=docker - --build-arg VCS_REF="${CI_COMMIT_SHORT_SHA}" - --build-arg BUILD_DATE="$(date +%d-%m-%Y)" - --build-arg PROJECT="${BRIDGES_PROJECT}" - --build-arg VERSION="${VERSION}" - --tag "${IMAGE_NAME}:latest" - --file "${DOCKERFILE}" . - -substrate-relay-build-docker: - stage: publish - <<: *build-image - -bridges-common-relay-build-docker: - stage: publish - <<: *build-image - variables: - <<: *build-image-variables - BRIDGES_PROJECT: substrate-relay - DOCKER_IMAGE_NAME: bridges-common-relay - -# build and publish images -.build-push-image: &build-push-image - <<: *kubernetes-build - image: $BUILDAH_IMAGE - <<: *publish-refs - variables: &image-variables - GIT_STRATEGY: none - DOCKERFILE: ci.Dockerfile - BRIDGES_PROJECT: "${CI_JOB_NAME}" - DOCKER_IMAGE_NAME: "${CI_JOB_NAME}" - IMAGE_NAME: docker.io/paritytech/$DOCKER_IMAGE_NAME - needs: - - job: build - artifacts: true - before_script: - - echo "Starting docker image build/push with name '${IMAGE_NAME}' for '${BRIDGES_PROJECT}' with Dockerfile = '${DOCKERFILE}'" - - if [[ "${CI_COMMIT_TAG}" ]]; then - VERSION=${CI_COMMIT_TAG}; - elif [[ "${CI_COMMIT_REF_NAME}" ]]; then - VERSION=$(echo ${CI_COMMIT_REF_NAME} | sed -r 's#/+#-#g'); - fi - # When building from version tags (v1.0, v2.1rc1, ...) we'll use "production" to tag - # docker image. In all other cases, it'll be "latest". - - if [[ $CI_COMMIT_REF_NAME =~ ^v[0-9]+\.[0-9]+.*$ ]]; then - FLOATING_TAG="production"; - else - FLOATING_TAG="latest"; - fi - - echo "Effective tags = ${VERSION} sha-${CI_COMMIT_SHORT_SHA} ${FLOATING_TAG}" - - echo "Full docker image name = ${IMAGE_NAME}" - script: - - test "${Docker_Hub_User_Parity}" -a "${Docker_Hub_Pass_Parity}" || - ( echo "no docker credentials provided"; exit 1 ) - - cd ./artifacts - - $BUILDAH_COMMAND build - --format=docker - --build-arg VCS_REF="${CI_COMMIT_SHORT_SHA}" - --build-arg BUILD_DATE="$(date +%d-%m-%Y)" - --build-arg PROJECT="${BRIDGES_PROJECT}" - --build-arg VERSION="${VERSION}" - --tag "${IMAGE_NAME}:${VERSION}" - --tag "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}" - --tag "${IMAGE_NAME}:${FLOATING_TAG}" - --file "${DOCKERFILE}" . - # The job will success only on the protected branch - - echo "${Docker_Hub_Pass_Parity}" | - buildah login --username "${Docker_Hub_User_Parity}" --password-stdin docker.io - - $BUILDAH_COMMAND info - - $BUILDAH_COMMAND push --format=v2s2 "${IMAGE_NAME}:${VERSION}" - - $BUILDAH_COMMAND push --format=v2s2 "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}" - - $BUILDAH_COMMAND push --format=v2s2 "${IMAGE_NAME}:${FLOATING_TAG}" - after_script: - - env REGISTRY_AUTH_FILE= buildah logout --all - -substrate-relay: - stage: publish - <<: *build-push-image - -bridges-common-relay: - stage: publish - <<: *build-push-image - variables: - <<: *image-variables - BRIDGES_PROJECT: substrate-relay - DOCKER_IMAGE_NAME: bridges-common-relay - -# Publish Docker images description to hub.docker.com - -.publish-docker-image-description: - stage: publish-docker-description - image: paritytech/dockerhub-description - variables: - DOCKER_USERNAME: $Docker_Hub_User_Parity - DOCKER_PASSWORD: $Docker_Hub_Pass_Parity - README_FILEPATH: $CI_PROJECT_DIR/docs/${CI_JOB_NAME}.README.md - rules: - - if: $CI_COMMIT_REF_NAME == "master" - changes: - - docs/${CI_JOB_NAME}.README.md - script: - - export DOCKERHUB_REPOSITORY="paritytech/${CI_JOB_NAME:10}" - - cd / && sh entrypoint.sh - tags: - - kubernetes-parity-build - -dockerhub-substrate-relay: - extends: .publish-docker-image-description - variables: - SHORT_DESCRIPTION: "substrate-relay" - -dockerhub-bridges-common-relay: - extends: .publish-docker-image-description - variables: - SHORT_DESCRIPTION: "bridges-common-relay" - -# FIXME: publish binaries - -deploy-bridges-common-relay-testnet: - <<: *deploy-refs - <<: *kubernetes-build - needs: - - job: bridges-common-relay - stage: deploy - image: argoproj/argocd:v2.5.5 - environment: parity-testnet - variables: - ARGOCD_OPTS: --grpc-web --grpc-web-root-path /parity-testnet - APP: bridges-common-relay - before_script: - - if [[ "${CI_COMMIT_TAG}" ]]; then - VERSION=${CI_COMMIT_TAG}; - elif [[ "${CI_COMMIT_REF_NAME}" ]]; then - VERSION=$(echo ${CI_COMMIT_REF_NAME} | sed -r 's#/+#-#g'); - fi - script: - - echo "Starting deploy version=${VERSION}" - - argocd app list - - argocd app set $APP - --helm-set headers-a.image.tag=$VERSION - --helm-set headers-b.image.tag=$VERSION - --helm-set parachains-a.image.tag=$VERSION - --helm-set parachains-b.image.tag=$VERSION - --helm-set messages-a.image.tag=$VERSION - --helm-set messages-b.image.tag=$VERSION - - argocd app sync $APP --async diff --git a/ci.Dockerfile b/ci.Dockerfile index b419f6be54d..86df388a580 100644 --- a/ci.Dockerfile +++ b/ci.Dockerfile @@ -8,16 +8,16 @@ ENV RUST_BACKTRACE 1 ENV DEBIAN_FRONTEND=noninteractive RUN set -eux; \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - curl ca-certificates libssl-dev && \ + apt-get update && \ + apt-get install -y --no-install-recommends \ + curl ca-certificates libssl-dev && \ update-ca-certificates && \ - groupadd -g 1000 user && \ - useradd -u 1000 -g user -s /bin/sh -m user && \ - # apt clean up - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + groupadd -g 1000 user && \ + useradd -u 1000 -g user -s /bin/sh -m user && \ + # apt clean up + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # switch to non-root user USER user @@ -29,6 +29,8 @@ ARG PROJECT=substrate-relay COPY --chown=user:user ./${PROJECT} ./ COPY --chown=user:user ./bridge-entrypoint.sh ./ +RUN echo ${PROJECT} + # check if executable works in this container RUN ./${PROJECT} --version