Skip to content

Commit

Permalink
Merge pull request #1 from ethereum-optimism/zhwrd/adds-circleci-buil…
Browse files Browse the repository at this point in the history 
…d-job

Adds docker build job via circle-ci
  • Loading branch information
@zhwrd
zhwrd authored Mar 6, 2024
2 parents 539dd71 + 7e79db8 commit dd95d06
Showing 1 changed file with 112 additions and 0 deletions.
112 changes: 112 additions & 0 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
version: 2.1

orbs:
gcp-cli: circleci/[email protected]
slack: circleci/[email protected]

commands:
gcp-oidc-authenticate:
description: "Authenticate with GCP using a CircleCI OIDC token."
parameters:
project_id:
type: env_var_name
default: GCP_PROJECT_ID
workload_identity_pool_id:
type: env_var_name
default: GCP_WIP_ID
workload_identity_pool_provider_id:
type: env_var_name
default: GCP_WIP_PROVIDER_ID
service_account_email:
type: env_var_name
default: GCP_SERVICE_ACCOUNT_EMAIL
gcp_cred_config_file_path:
type: string
default: /home/circleci/gcp_cred_config.json
oidc_token_file_path:
type: string
default: /home/circleci/oidc_token.json
steps:
- run:
name: "Create OIDC credential configuration"
command: |
# Store OIDC token in temp file
echo $CIRCLE_OIDC_TOKEN > << parameters.oidc_token_file_path >>
# Create a credential configuration for the generated OIDC ID Token
gcloud iam workload-identity-pools create-cred-config \
"projects/${<< parameters.project_id >>}/locations/global/workloadIdentityPools/${<< parameters.workload_identity_pool_id >>}/providers/${<< parameters.workload_identity_pool_provider_id >>}"\
--output-file="<< parameters.gcp_cred_config_file_path >>" \
--service-account="${<< parameters.service_account_email >>}" \
--credential-source-file=<< parameters.oidc_token_file_path >>
- run:
name: "Authenticate with GCP using OIDC"
command: |
# Configure gcloud to leverage the generated credential configuration
gcloud auth login --brief --cred-file "<< parameters.gcp_cred_config_file_path >>"
# Configure ADC
echo "export GOOGLE_APPLICATION_CREDENTIALS='<< parameters.gcp_cred_config_file_path >>'" | tee -a "$BASH_ENV"
jobs:
docker-release:
environment:
DOCKER_BUILDKIT: 1
parameters:
docker_name:
description: Docker image name
type: string
default: "blob-archiver"
docker_tags:
description: Docker image tags as csv
type: string
registry:
description: Docker registry
type: string
default: "us-docker.pkg.dev"
repo:
description: Docker repo
type: string
default: "oplabs-tools-artifacts/images"
push_tags:
description: Push release push tags
type: boolean
default: false
machine:
image: default
resource_class: xlarge
steps:
- gcp-cli/install
- gcp-oidc-authenticate
- checkout
- run:
name: Configure Docker
command: |
gcloud auth configure-docker <<parameters.registry>>
- run:
name: Build and push
command: |
RAW_TAGS="<<parameters.docker_tags>>"
if [ "$CIRCLE_BRANCH" = "optimism" ]; then
RAW_TAGS="$RAW_TAGS,optimism"
fi
IMAGE_BASE="<<parameters.registry>>/<<parameters.repo>>/<<parameters.docker_name>>"
DOCKER_TAGS=$(echo -ne "$RAW_TAGS" | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n.]/-/g" | sed -e "s|^|-t ${IMAGE_BASE}:|")
docker context create buildx-build
docker buildx create --use buildx-build
docker buildx build --push \
$(echo -ne $DOCKER_TAGS | tr '\n' ' ') \
--platform=linux/arm64,linux/amd64 \
--build-arg VERSION=$CIRCLE_TAG \
--build-arg COMMIT=$CIRCLE_SHA \
--build-arg BUILDNUM=$CIRCLE_BUILD_NUM \
--progress plain \
--provenance false \
-f Dockerfile .
workflows:
main:
jobs:
- docker-release:
name: Push to Docker
docker_tags: <<pipeline.git.revision>>
context:
- oplabs-gcr

0 comments on commit dd95d06

Please sign in to comment.