mirror of
https://github.com/neondatabase/neon.git
synced 2026-05-29 11:00:38 +00:00
8619e6295a
## Currently our build docker file is located in the build repo it makes sense to have it as a part of our neon repo ## Summary of changes We had the docker file that we use to build our binary and other tools resided in the build repo It made sense to bring the docker file to its repo where it has been used So that the contributors can also view it and amend if required It will reduce the maintenance. Docker file changes and code changes can be accommodated in same PR Also, building the image and pushing it to ECR is abstracted in a reusable workflow. Ideal is to use that for any other jobs too ## Checklist before requesting a review - [x] Moved the docker file used to build the binary from the build repo to the neon repo - [x] adding gh workflow to build and push the image - [x] adding gh workflow to tag the pushed image - [x] update readMe file --------- Co-authored-by: Abhijeet Patil <abhijeet@neon.tech> Co-authored-by: Alexander Bayandin <alexander@neon.tech>
131 lines
4.5 KiB
YAML
131 lines
4.5 KiB
YAML
name: 'Update build tools image tag'
|
|
|
|
# This workflow it used to update tag of build tools in ECR.
|
|
# The most common use case is adding/moving `pinned` tag to `${GITHUB_RUN_IT}` image.
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
from-tag:
|
|
description: 'Source tag'
|
|
required: true
|
|
type: string
|
|
to-tag:
|
|
description: 'Destination tag'
|
|
required: true
|
|
type: string
|
|
default: 'pinned'
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -euo pipefail {0}
|
|
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_DEV }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY_DEV }}
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
tag-image:
|
|
runs-on: [ self-hosted, gen3, small ]
|
|
container: golang:1.19-bullseye
|
|
|
|
env:
|
|
IMAGE: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools
|
|
FROM_TAG: ${{ inputs.from-tag }}
|
|
TO_TAG: ${{ inputs.to-tag }}
|
|
outputs:
|
|
next-digest-buildtools: ${{ steps.next-digest.outputs.next-digest-buildtools }}
|
|
prev-digest-buildtools: ${{ steps.prev-digest.outputs.prev-digest-buildtools }}
|
|
|
|
steps:
|
|
- name: Install Crane & ECR helper
|
|
run: |
|
|
go install github.com/google/go-containerregistry/cmd/crane@a54d64203cffcbf94146e04069aae4a97f228ee2 # v0.16.1
|
|
go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
|
|
|
|
- name: Configure ECR login
|
|
run: |
|
|
mkdir /github/home/.docker/
|
|
echo "{\"credsStore\":\"ecr-login\"}" > /github/home/.docker/config.json
|
|
|
|
- name: Get source image digest
|
|
id: next-digest
|
|
run: |
|
|
NEXT_DIGEST=$(crane digest ${IMAGE}:${FROM_TAG} || true)
|
|
if [ -z "${NEXT_DIGEST}" ]; then
|
|
echo >&2 "Image ${IMAGE}:${FROM_TAG} does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Current ${IMAGE}@${FROM_TAG} image is ${IMAGE}@${NEXT_DIGEST}"
|
|
echo "next-digest-buildtools=$NEXT_DIGEST" >> $GITHUB_OUTPUT
|
|
|
|
- name: Get destination image digest (if already exists)
|
|
id: prev-digest
|
|
run: |
|
|
PREV_DIGEST=$(crane digest ${IMAGE}:${TO_TAG} || true)
|
|
if [ -z "${PREV_DIGEST}" ]; then
|
|
echo >&2 "Image ${IMAGE}:${TO_TAG} does not exist (it's ok)"
|
|
else
|
|
echo >&2 "Current ${IMAGE}@${TO_TAG} image is ${IMAGE}@${PREV_DIGEST}"
|
|
|
|
echo "prev-digest-buildtools=$PREV_DIGEST" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Tag image
|
|
run: |
|
|
crane tag "${IMAGE}:${FROM_TAG}" "${TO_TAG}"
|
|
|
|
rollback-tag-image:
|
|
needs: tag-image
|
|
if: ${{ !success() }}
|
|
|
|
runs-on: [ self-hosted, gen3, small ]
|
|
container: golang:1.19-bullseye
|
|
|
|
env:
|
|
IMAGE: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools
|
|
FROM_TAG: ${{ inputs.from-tag }}
|
|
TO_TAG: ${{ inputs.to-tag }}
|
|
|
|
steps:
|
|
- name: Install Crane & ECR helper
|
|
run: |
|
|
go install github.com/google/go-containerregistry/cmd/crane@a54d64203cffcbf94146e04069aae4a97f228ee2 # v0.16.1
|
|
go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
|
|
|
|
- name: Configure ECR login
|
|
run: |
|
|
mkdir /github/home/.docker/
|
|
echo "{\"credsStore\":\"ecr-login\"}" > /github/home/.docker/config.json
|
|
|
|
- name: Restore previous tag if needed
|
|
run: |
|
|
NEXT_DIGEST="${{ needs.tag-image.outputs.next-digest-buildtools }}"
|
|
PREV_DIGEST="${{ needs.tag-image.outputs.prev-digest-buildtools }}"
|
|
|
|
if [ -z "${NEXT_DIGEST}" ]; then
|
|
echo >&2 "Image ${IMAGE}:${FROM_TAG} does not exist, nothing to rollback"
|
|
exit 0
|
|
fi
|
|
|
|
if [ -z "${PREV_DIGEST}" ]; then
|
|
# I guess we should delete the tag here/untag the image, but crane does not support it
|
|
# - https://github.com/google/go-containerregistry/issues/999
|
|
|
|
echo >&2 "Image ${IMAGE}:${TO_TAG} did not exist, but it was created by the job, no need to rollback"
|
|
|
|
exit 0
|
|
fi
|
|
|
|
CURRENT_DIGEST=$(crane digest "${IMAGE}:${TO_TAG}")
|
|
if [ "${CURRENT_DIGEST}" == "${NEXT_DIGEST}" ]; then
|
|
crane tag "${IMAGE}@${PREV_DIGEST}" "${TO_TAG}"
|
|
|
|
echo >&2 "Successfully restored ${TO_TAG} tag from ${IMAGE}@${CURRENT_DIGEST} to ${IMAGE}@${PREV_DIGEST}"
|
|
else
|
|
echo >&2 "Image ${IMAGE}:${TO_TAG}@${CURRENT_DIGEST} is not required to be restored"
|
|
fi
|