ci: build and publish docker image on tag#1818
Conversation
KolbyML
left a comment
KolbyML
left a comment
There was a problem hiding this comment.
The changes look generally look good. I don't think we should be specifying sudo for docker login though.
| - State network nodes: | ||
| ```bash | ||
| ansible-playbook playbook.yml --tags state-network |
There was a problem hiding this comment.
When we wrap up history and I start working on State again, I will likely be doing deploys to the state nodes outside the standard release cycle.
I am just stating this, as this was un-commented out and the warning was removed.
There was a problem hiding this comment.
Discussed in a call. Will leave the state-network in, and we can remove it once we stop deploying regular releases.
looks good
carver
left a comment
carver
left a comment
There was a problem hiding this comment.
Looks good, with a fix or two. I'm happy to review again if you want, but no need to block on me if you have solutions you're happy with.
| git checkout master | ||
| git pull --ff-only upstream master | ||
| ``` | ||
| ```bash |
There was a problem hiding this comment.
Does this indent affect the rendering?
There was a problem hiding this comment.
Yes, makes them aligned with bullet points.
Original:
My version:
| - docker-build: | ||
| name: docker_build_trin | ||
| target: trin | ||
| tags: << pipeline.git.tag >>-$(git rev-parse --short HEAD) stable prod |
There was a problem hiding this comment.
I don't expect this git command to work here. The repo checkout happens as a step inside the job, so I don't think it's available yet.
It does look like pipeline.git.revision should give access to it though. Just need to select the first few characters of it, because that value is the whole SHA hash.
There was a problem hiding this comment.
I was surprised as well, but it actually works! I used #1817 to test how it works (I remove tag filter and disabled actual publishing).
It worked because it inlined the parameter inside job. Check the result here:
Check: https://app.circleci.com/pipelines/github/ethereum/trin/7758/workflows/77e527f9-b579-49a6-9b04-9392a4a2821f/jobs/37651
I also checked that saving and loading image in different job preserves all tags:
https://app.circleci.com/pipelines/github/ethereum/trin/7758/workflows/77e527f9-b579-49a6-9b04-9392a4a2821f/jobs/37653
There was a problem hiding this comment.
I tried to use pipeline.git.revision but I didn't know how to extract only first couple of characters (before passing it as a parameter).
There was a problem hiding this comment.
I was surprised as well, but it actually works! I used #1817 to test how it works (I remove tag filter and disabled actual publishing).
It worked because it inlined the parameter inside job.
Ah, neat! Good to know 👍🏻
I tried to use pipeline.git.revision but I didn't know how to extract only first couple of characters (before passing it as a parameter).
Yeah, there's no reason to use the CI revision value if the git command works 👍🏻
|
Added few clarifying comments, and added explanation for |
3 participants
What was wrong?
We would like to revisit and update our docker image tagging, and simplify release process.
See #1816 for details.
Note: It's my first time doing circleci config.
How was it fixed?
I modified circleci config file in following ways:
docker-buildanddocker-publishjobstargetparameter, e.g. trin vs bridge) and which tag to set ("latest" vs "vX.Y.Z")docker-build-bridgeanddocker-publish-bridgeno longer neededv<git-tag>-<git-commit>,stableandproddocker tagslatest- built automatically on every push to master<git-tag>-<git-commit>- version tag (immutable), corresponds to every individual git tagstable- updated automatically to match the latest version tagprod- same asstable, but we use it for deploying for production fleetI also updated trin book to reflect these changes.