Fix celo-rebase-18 failing tests #976
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build Scan | |
| on: | |
| pull_request: | |
| branches: | |
| - 'master' | |
| - 'celo*' | |
| push: | |
| branches: | |
| - 'master' | |
| - 'celo*' | |
| workflow_dispatch: | |
| jobs: | |
| detect-files-changed: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| files-changed: ${{ steps.detect-files-changed.outputs.all_changed_files }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Detect files changed | |
| id: detect-files-changed | |
| uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 | |
| with: | |
| separator: ',' | |
| # Build op-node op-batcher op-proposer using docker-bake | |
| build-op-stack: | |
| runs-on: ubuntu-latest | |
| needs: detect-files-changed | |
| if: | | |
| contains(needs.detect-files-changed.outputs.files-changed, 'go.sum') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'ops/docker') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-node/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-batcher/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-conductor/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-challenger/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-dispute-mon/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-proposer/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-service/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, '.github/workflows/docker-build-scan.yaml') || | |
| github.event_name == 'workflow_dispatch' || | |
| true | |
| permissions: | |
| contents: read | |
| id-token: write | |
| security-events: write | |
| env: | |
| GIT_COMMIT: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| GIT_DATE: ${{ github.event.head_commit.timestamp }} | |
| IMAGE_TAGS: ${{ (github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/celo')) && 'latest,' || '') }}${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| REGISTRY: us-west1-docker.pkg.dev | |
| REPOSITORY: blockchaintestsglobaltestnet/dev-images | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Login at GCP Artifact Registry | |
| uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@v2.0 | |
| with: | |
| workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos' | |
| service-account: 'celo-optimism-gh@devopsre.iam.gserviceaccount.com' | |
| docker-gcp-registries: us-west1-docker.pkg.dev | |
| # We need a custom steps as it's using docker bake | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| uses: docker/bake-action@v5 | |
| with: | |
| push: true | |
| source: . | |
| files: docker-bake.hcl | |
| targets: op-node,op-batcher,op-proposer,op-conductor,op-dispute-mon | |
| # Attest images | |
| attest-op-stack: | |
| runs-on: ubuntu-latest | |
| needs: [detect-files-changed, build-op-stack] | |
| if: | | |
| contains(needs.detect-files-changed.outputs.files-changed, 'go.sum') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'ops/docker') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-node/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-batcher/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-conductor/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-challenger/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-dispute-mon/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-proposer/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, 'op-service/') || | |
| contains(needs.detect-files-changed.outputs.files-changed, '.github/workflows/docker-build-scan.yaml') || | |
| github.event_name == 'workflow_dispatch' || | |
| true | |
| permissions: | |
| contents: read | |
| id-token: write | |
| attestations: write | |
| artifact-metadata: write | |
| env: | |
| GIT_COMMIT: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| GIT_DATE: ${{ github.event.head_commit.timestamp }} | |
| IMAGE_TAGS: ${{ (github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/celo')) && 'latest,' || '') }}${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| REGISTRY: us-west1-docker.pkg.dev | |
| REPOSITORY: blockchaintestsglobaltestnet/dev-images | |
| steps: | |
| - uses: 'google-github-actions/auth@v2' | |
| id: auth1 | |
| with: | |
| workload_identity_provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos | |
| service_account: celo-optimism-gh@devopsre.iam.gserviceaccount.com | |
| token_format: access_token | |
| - name: Auth w/ registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: us-west1-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth1.outputs.access_token }} | |
| - name: Set up crane | |
| uses: imjasonh/setup-crane@v0.4 | |
| - name: Resolve op-node image digest | |
| id: op_node_digest | |
| run: | | |
| digest="$(crane digest "${REGISTRY}/${REPOSITORY}/op-node:${GIT_COMMIT}")" | |
| echo "digest=${digest}" >> "$GITHUB_OUTPUT" | |
| - name: Attest op-node image | |
| uses: actions/attest@v4.1.0 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/op-node | |
| subject-digest: ${{ steps.op_node_digest.outputs.digest }} | |
| push-to-registry: true | |
| - name: Resolve op-batcher image digest | |
| id: op_batcher_digest | |
| run: | | |
| digest="$(crane digest "${REGISTRY}/${REPOSITORY}/op-batcher:${GIT_COMMIT}")" | |
| echo "digest=${digest}" >> "$GITHUB_OUTPUT" | |
| - name: Attest op-batcher image | |
| uses: actions/attest@v4.1.0 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/op-batcher | |
| subject-digest: ${{ steps.op_batcher_digest.outputs.digest }} | |
| push-to-registry: true | |
| - name: Resolve op-proposer image digest | |
| id: op_proposer_digest | |
| run: | | |
| digest="$(crane digest "${REGISTRY}/${REPOSITORY}/op-proposer:${GIT_COMMIT}")" | |
| echo "digest=${digest}" >> "$GITHUB_OUTPUT" | |
| - name: Attest op-proposer image | |
| uses: actions/attest@v4.1.0 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/op-proposer | |
| subject-digest: ${{ steps.op_proposer_digest.outputs.digest }} | |
| push-to-registry: true | |
| - name: Resolve op-conductor image digest | |
| id: op_conductor_digest | |
| run: | | |
| digest="$(crane digest "${REGISTRY}/${REPOSITORY}/op-conductor:${GIT_COMMIT}")" | |
| echo "digest=${digest}" >> "$GITHUB_OUTPUT" | |
| - name: Attest op-conductor image | |
| uses: actions/attest@v4.1.0 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/op-conductor | |
| subject-digest: ${{ steps.op_conductor_digest.outputs.digest }} | |
| push-to-registry: true | |
| - name: Resolve op-dispute-mon image digest | |
| id: op_dispute_mon_digest | |
| run: | | |
| digest="$(crane digest "${REGISTRY}/${REPOSITORY}/op-dispute-mon:${GIT_COMMIT}")" | |
| echo "digest=${digest}" >> "$GITHUB_OUTPUT" | |
| - name: Attest op-dispute-mon image | |
| uses: actions/attest@v4.1.0 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/op-dispute-mon | |
| subject-digest: ${{ steps.op_dispute_mon_digest.outputs.digest }} | |
| push-to-registry: true |