Skip to content

Commit

Permalink
update CI deploy.sh file (#17)
Browse files Browse the repository at this point in the history 
* update ci deploy.sh file

* rename fmt check

* add google container registry docker image push
  • Loading branch information
@pranshi06
pranshi06 authored Sep 20, 2024
1 parent f02e059 commit 745e2a0
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 64 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/check-format.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Postgres NDC format
name: BigQuery NDC format

on:
push:
Expand Down
32 changes: 16 additions & 16 deletions .github/workflows/ship.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,20 +75,20 @@ jobs:
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
useDaemon: false # attempt to stop hanging on cleanup

# - id: gcloud-auth
# name: Authenticate to Google Cloud 🔑
# uses: google-github-actions/auth@v2
# with:
# token_format: access_token
# service_account: "[email protected]"
# workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github"

# - name: Login to Google Container Registry 📦
# uses: "docker/login-action@v3"
# with:
# registry: "us-docker.pkg.dev"
# username: "oauth2accesstoken"
# password: "${{ steps.gcloud-auth.outputs.access_token }}"
- id: gcloud-auth
name: Authenticate to Google Cloud 🔑
uses: google-github-actions/auth@v2
with:
token_format: access_token
service_account: "[email protected]"
workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github"

- name: Login to Google Container Registry 📦
uses: "docker/login-action@v3"
with:
registry: "us-docker.pkg.dev"
username: "oauth2accesstoken"
password: "${{ steps.gcloud-auth.outputs.access_token }}"

- name: Login to GitHub Container Registry 📦
uses: docker/login-action@v3
Expand All @@ -97,8 +97,8 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# - name: Push Docker images to Google Container Registry 🚢
# run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-bigquery'
- name: Push Docker images to Google Container Registry 🚢
run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-bigquery'

- name: Push Docker images to GitHub Packages 🚢
run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-bigquery'
Expand Down
111 changes: 64 additions & 47 deletions ci/deploy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,47 +2,66 @@
#
# To get the skopeo dependency automatically, run with:
#
# $ nix run .#publish-docker-image <github-ref>
# $ nix run .#publish-docker-image <github-ref> <image>
#
set -euo pipefail

if [ -z "${1+x}" ]; then
echo "Expected argument of the form refs/heads/<branch name> or refs/tags/<tag name>."
echo "(In a Github workflow the variable github.ref has this format)"
DRY_RUN=false
if [[ "${1:-}" == '-n' || "${1:-}" == '--dry-run' ]]; then
DRY_RUN=true
echo "$(tput bold)$(tput setaf 1)DRY RUN; some steps will be skipped$(tput sgr0)"
shift
fi

if [[ $# -ne 2 ]]; then
echo >&2 "Usage: ${0} [-n|--dry-run] REF IMAGE"
echo >&2
echo >&2 ' REF should be in the form "refs/heads/<branch>" or "refs/tags/<tag>"'
echo >&2 ' (in a Github workflow the variable "github.ref" has this format)'
echo >&2
echo >&2 ' IMAGE is the path of the Docker image, e.g. "ghcr.io/hasura/ndc-postgres"'
echo >&2
echo >&2 ' "--dry-run" will not push anything, but it will still build'
exit 1
fi

github_ref="$1"
binary_image_name="$2" # ie, 'ndc-postgres'
image="$2"

image_path="ghcr.io/hasura/${binary_image_name}"
# Runs the given command, unless `--dry-run` was set.
function run {
if "$DRY_RUN"; then
echo "$(tput bold)$(tput setaf 1)not running:$(tput sgr0) $*"
else
echo "$(tput bold)$(tput setaf 2)running:$(tput sgr0) $*"
"$@"
fi
}

# Assumes that the given ref is a branch name. Sets a tag for a docker image of
# the form:
#
# dev-main-20230601T1933-bffd555
# --- ---- ------------- -------
# ↑ ↑ ↑ ↑
# prefix "dev" branch | commit hash
# |
# commit date & time (UTC)
# dev-main-bffd555
# --- ---- -------
# ↑ ↑ ↑
# prefix "dev" | commit hash
# branch
#
# Additionally sets a branch tag assuming this is the latest tag for the given
# branch. The branch tag has the form: dev-main
# Also sets the 'latest' tag
# Also sets a tag with just the branch short hash
function set_dev_tags {
local branch="$1"
# replace '/' in branch name with '-'
# replace '.' and '/' in branch name with '-'
local tidy_branch
tidy_branch="$(echo "${branch}" | tr "//" -)"
local branch_prefix="dev-$tidy_branch"
tidy_branch="$(tr './' '-' <<< "$branch")"
local branch_prefix="dev-${tidy_branch}"
local version
version=$(
TZ=UTC0 git show \
--quiet \
--date='format-local:%Y%m%dT%H%M' \
--format="$branch_prefix-%cd-%h"
)
export docker_tags=("$version" "$branch_prefix")
local short_hash
short_hash="$(git rev-parse --short=9 HEAD)"
version="${branch_prefix}-${short_hash}"
export docker_tags=("$version" "$branch_prefix" "$short_hash" "latest")
}

# The Github workflow passes a ref of the form refs/heads/<branch name> or
Expand All @@ -57,65 +76,63 @@ function set_dev_tags {
#
# If the input is a branch, set docker tags via `set_dev_tags`.
function set_docker_tags {
local input="$1"
local input
input="$1"
if [[ $input =~ ^refs/tags/(v.*)$ ]]; then
local tag="${BASH_REMATCH[1]}"
export docker_tags=("$tag")
export docker_tags=("$tag" "latest")
elif [[ $input =~ ^refs/heads/(.*)$ ]]; then
local branch="${BASH_REMATCH[1]}"
set_dev_tags "$branch"
else
export docker_tags=()
export docker_tags=("latest")
fi
}

function publish_multi_arch {
local input="$1"

local input
local image_archive
local image_path_for_arch

architectures=('aarch64' 'x86_64')

input="$1"
set_docker_tags "$input"

architectures=("aarch64" "x86_64")

# do nothing if no tags found
if [[ ${#docker_tags[@]} == 0 ]]; then
echo "The given ref, $input, was not a release tag or a branch - will not publish a docker image"
echo "The given ref, ${input}, was not a release tag or a branch - will not publish a docker image"
exit
fi

# build and push the individual images for each architecture
for arch in "${architectures[@]}"; do
# build the docker image
nix build .#"${binary_image_name}"-docker-"${arch}"-linux
echo "Will publish docker image with tags: ${docker_tags[*]}"
image_archive="docker-archive://$(nix build --print-out-paths ".#docker-${arch}-linux")"

# grab result from ./result
ls -lh result
local image_archive
image_archive=docker-archive://"$(readlink -f result)"
echo "Will publish docker image with tags: ${docker_tags[*]}"
skopeo inspect "$image_archive"

local image_path_for_arch
image_path_for_arch="${image_path}-${arch}"

image_path_for_arch="${image}-${arch}"
for tag in "${docker_tags[@]}"; do
echo
echo "Pushing docker://$image_path_for_arch:$tag"
skopeo copy "$image_archive" docker://"$image_path_for_arch:$tag"
echo "Pushing docker://${image_path_for_arch}:${tag}"
run skopeo copy "$image_archive" "docker://${image_path_for_arch}:${tag}"
done
done

# now create and push the manifest
for tag in "${docker_tags[@]}"; do
echo "Creating manifest for $image_path:$tag"
echo "Creating manifest for ${image}:${tag}"
# create a manifest referencing both architectures
# i did not use a loop here, forgive me
docker manifest create \
"$image_path:$tag" \
--amend "${image_path}-aarch64:$tag" \
--amend "${image_path}-x86_64:$tag"
run docker manifest create \
"$image:$tag" \
--amend "${image}-aarch64:${tag}" \
--amend "${image}-x86_64:${tag}"

# push manifest as the main image
docker manifest push "$image_path:$tag"
run docker manifest push "${image}:${tag}"
done
}

Expand Down

0 comments on commit 745e2a0

Please sign in to comment.