celo-org · jcortejoso · Apr 18, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
diff --git a/.github/workflows/add-docker-tag.yaml b/.github/workflows/add-docker-tag.yaml
@@ -3,27 +3,23 @@ name: Add Tags to Blockchain Release Images
 on:
   workflow_dispatch:
     inputs:
-      origin-tag:
-        description: 'Original tag'
+      source-image:
+        description: Container source image (registry/image:tag)
         required: true
         type: string
-      destination-tag:
-        description: 'Tag to add'
+      destination-image:
+        description: Container destination image (registry/image:tag)
         required: true
-        type: choice
-        options:
-          - alfajores
-          - mainnet
+        type: string
   workflow_call:
     inputs:
-      origin-tag:
-        description: 'Original tag'
+      source-image:
+        description: Container source image (registry/image:tag)
         required: true
         type: string
-      destination-tag:
-        description: 'Tag to add'
+      destination-image:
+        description: Container destination image (registry/image:tag)
         required: true
-        default: 'baklava'
         type: string
 
 jobs:
@@ -33,23 +29,19 @@ jobs:
       contents: 'read'
       id-token: 'write'
     steps:
-      - id: 'auth-gcp-master'
-        name: 'Authenticate to Google Cloud'
-        uses: 'google-github-actions/auth@v2'
+      - id: auth-gcp-master
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
         with:
           workload_identity_provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-add-tag/providers/github-by-repos'
           service_account: '[email protected]'
-          access_token_lifetime: '20m'
-
-      - name: 'Set up Cloud SDK'
-        uses: 'google-github-actions/setup-gcloud@v2'
+          access_token_lifetime: '10m'
 
-      - id: add-tag-devopsre
+      - name: Install regctl
         run: |
-          gcloud container images add-tag us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth:${{ inputs.origin-tag }} us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth:${{ inputs.destination-tag }}
-          gcloud container images add-tag us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth-all:${{ inputs.origin-tag }} us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth-all:${{ inputs.destination-tag }}
+          curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 > regctl
+          chmod 755 regctl
 
-      - id: add-tag-celo-org
+      - name: Use regctl to copy images (add tags)
         run: |
-          gcloud container images add-tag us-docker.pkg.dev/celo-org/us.gcr.io/geth:${{ inputs.origin-tag }} us-docker.pkg.dev/celo-org/us.gcr.io/geth:${{ inputs.destination-tag }}
-          gcloud container images add-tag us-docker.pkg.dev/celo-org/us.gcr.io/geth-all:${{ inputs.origin-tag }} us-docker.pkg.dev/celo-org/us.gcr.io/geth-all:${{ inputs.destination-tag }}
+          regctl image copy {{ inputs.source-image }} {{ inputs.destination-image }}
diff --git a/.github/workflows/build-sign-commit-images.yaml b/.github/workflows/build-sign-commit-images.yaml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-container-geth-sha:
+  build-container-geth:
     runs-on: [self-hosted, blockchain, 8-cpu]
     permissions:
       contents: read
@@ -16,71 +16,59 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Login at GCP Artifact Registry
-        # v2.0 is main at feb 1 2023
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
+        uses: celo-org/reusable-workflows/.github/actions/[email protected]
         with:
           workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos'
           service-account: '[email protected]'
           docker-gcp-registries: us-west1-docker.pkg.dev
       - name: Build and push container
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
+        uses: celo-org/reusable-workflows/.github/actions/[email protected].4
         with:
           platforms: linux/amd64,linux/arm64
           registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth
           tags: ${{ github.sha }}
           context: .
           dockerfile: Dockerfile
-          push: ${{ fromJSON(true) }}
-          trivy: ${{ fromJSON(true) }}
+          push: true
 
-  build-container-geth-master:
+  build-container-geth-all:
     runs-on: [self-hosted, blockchain, 8-cpu]
-    if: github.ref == 'refs/heads/master'
     permissions:
       contents: read
       id-token: write
       security-events: write
     steps:
       - uses: actions/checkout@v4
       - name: Login at GCP Artifact Registry
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
+        uses: celo-org/reusable-workflows/.github/actions/[email protected].4
         with:
-          workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
-          service-account: '[email protected]'
+          workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain-dev/providers/github-by-repos'
+          service-account: 'celo-blockchain-dev@devopsre.iam.gserviceaccount.com'
           docker-gcp-registries: us-west1-docker.pkg.dev
       - name: Build and push container
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
+        uses: celo-org/reusable-workflows/.github/actions/[email protected].4
         with:
           platforms: linux/amd64,linux/arm64
-          registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth
-          tags: master
+          registry: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all
+          tags: ${{ github.sha }}
           context: .
-          dockerfile: Dockerfile
-          push: ${{ fromJSON(true) }}
-          trivy: ${{ fromJSON(true) }}
+          dockerfile: Dockerfile.alltools
+          push: true
 
-  build-container-geth-all-master:
-    runs-on: [self-hosted, blockchain, 8-cpu]
+  add-geth-master-tag:
     if: github.ref == 'refs/heads/master'
-    permissions:
-      contents: read
-      id-token: write
-      security-events: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login at GCP Artifact Registry
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
-        with:
-          workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
-          service-account: '[email protected]'
-          docker-gcp-registries: us-west1-docker.pkg.dev
-      - name: Build and push container
-        uses: celo-org/reusable-workflows/.github/actions/[email protected]
-        with:
-          platforms: linux/amd64,linux/arm64
-          registry: us-west1-docker.pkg.dev/devopsre/celo-blockchain-public/geth-all
-          tags: master
-          context: .
-          dockerfile: Dockerfile.alltools
-          push: ${{ fromJSON(true) }}
-          trivy: ${{ fromJSON(true) }}
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - build-container-geth
+    with:
+      source-image: us-west1-docker.pkg.dev/devopsre/dev-images/geth:${{ github.sha }}
+      destination-image: us-west1-docker.pkg.dev/devopsre/dev-images/geth:master
+
+  add-geth-all-master-tag:
+    if: github.ref == 'refs/heads/master'
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - build-container-geth-all
+    with:
+      source-image: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all:${{ github.sha }}
+      destination-image: us-west1-docker.pkg.dev/devopsre/dev-images/geth-all:master
diff --git a/.github/workflows/build-sign-release-images.yaml b/.github/workflows/build-sign-release-images.yaml
@@ -53,8 +53,7 @@ jobs:
           echo "MAJOR_MINOR=${semver[0]}.${semver[1]}" >> $GITHUB_OUTPUT
 
   build-container-geth-dev:
-    # v2.0 is main at Feb 2 2024
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
     if: startsWith(github.ref, 'refs/heads/release')
     needs:
       - replace-branch-name
@@ -69,7 +68,7 @@ jobs:
       trivy: true
 
   build-container-geth-all-dev:
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected].4
     if: startsWith(github.ref, 'refs/heads/release')
     needs:
       - replace-branch-name
@@ -84,7 +83,7 @@ jobs:
       trivy: true
 
   build-container-geth-devopsre:
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected].4
     if: startsWith(github.ref, 'refs/tags/v') && false
     needs:
       - replace-tag-v
@@ -99,7 +98,7 @@ jobs:
       trivy: true
 
   build-container-geth-all-devopsre:
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected].4
     if: startsWith(github.ref, 'refs/tags/v') && false
     needs:
       - replace-tag-v
@@ -114,29 +113,29 @@ jobs:
       trivy: true
 
   build-container-geth-celo-org:
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected].4
     if: startsWith(github.ref, 'refs/tags/v')
     needs:
       - replace-tag-v
     with:
       workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
       service-account: '[email protected]'
-      artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth
+      artifact-registry: us.gcr.io/celo-org/geth
       tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
       platforms: linux/amd64,linux/arm64
       context: .
       file: Dockerfile
       trivy: true
 
   build-container-geth-all-celo-org:
-    uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+    uses: celo-org/reusable-workflows/.github/workflows/[email protected].4
     if: startsWith(github.ref, 'refs/tags/v')
     needs:
       - replace-tag-v
     with:
       workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-blockchain/providers/github-by-repos'
       service-account: '[email protected]'
-      artifact-registry: us-docker.pkg.dev/celo-org/us.gcr.io/geth-all
+      artifact-registry: us.gcr.io/celo-org/geth-all
       tags: ${{ needs.replace-tag-v.outputs.replaced-tag }}
       platforms: linux/amd64,linux/arm64
       context: .
@@ -146,32 +145,78 @@ jobs:
   # TODO(): The next worfklows assume that the latest pushed is effectively the latest tag
   # This can be problematic for cases when have multiple active release branches (i.e: 1.9.x and 1.10.x) and 
   # we tag a new release on 1.9.x, the latest pushed for bakalva and 1 tags will be 1.9.x and not 1.10.x
-  add-baklava-tag:
-    if: startsWith(github.ref, 'refs/tags/v')
+  add-baklava-geth-tag:
     uses: ./.github/workflows/add-docker-tag.yaml
     needs:
       - replace-tag-v
       - build-container-geth-celo-org
     with:
-      origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
-      destination-tag: v-baklava
+      source-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth:baklava
 
-  add-major-tag:
-    if: startsWith(github.ref, 'refs/tags/v')
+  add-baklava-geth-all-tag:
     uses: ./.github/workflows/add-docker-tag.yaml
     needs:
       - replace-tag-v
       - build-container-geth-celo-org
     with:
-      origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
-      destination-tag: ${{ needs.replace-tag-v.outputs.major }}
+      source-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth-all:baklava
 
-  add-major-minor-tag:
-    if: startsWith(github.ref, 'refs/tags/v')
+  add-mainnet-geth-tag:
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - replace-tag-v
+      - build-container-geth-celo-org
+    with:
+      source-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth:mainnet
+
+  add-mainnet-geth-all-tag:
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - replace-tag-v
+      - build-container-geth-celo-org
+    with:
+      source-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth-all:mainnet
+
+  add-major-geth-tag:
+    if: github.ref == 'refs/heads/master'
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - replace-tag-v
+      - build-container-geth-celo-org
+    with:
+      source-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.major }}
+
+  add-major-geth-all-tag:
+    if: github.ref == 'refs/heads/master'
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - replace-tag-v
+      - build-container-geth-celo-org
+    with:
+      source-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.major }}
+
+  add-minor-geth-tag:
+    if: github.ref == 'refs/heads/master'
+    uses: ./.github/workflows/add-docker-tag.yaml
+    needs:
+      - replace-tag-v
+      - build-container-geth-celo-org
+    with:
+      source-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth:${{ needs.replace-tag-v.outputs.major-minor }}
+
+  add-minor-geth-all-tag:
+    if: github.ref == 'refs/heads/master'
     uses: ./.github/workflows/add-docker-tag.yaml
     needs:
       - replace-tag-v
       - build-container-geth-celo-org
     with:
-      origin-tag: ${{ needs.replace-tag-v.outputs.replaced-tag }}
-      destination-tag: ${{ needs.replace-tag-v.outputs.major-minor }}
+      source-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.replaced-tag }}
+      destination-image: us.gcr.io/celo-org/geth-all:${{ needs.replace-tag-v.outputs.major-minor }}
diff --git a/Dockerfile b/Dockerfile
@@ -33,7 +33,7 @@ FROM debian:bookworm-slim
 ARG COMMIT_SHA
 
 RUN apt update &&\
-    apt install -y ca-certificates wget &&\
+    apt install -y ca-certificates wget curl &&\
     rm -rf /var/cache/apt &&\
     rm -rf /var/lib/apt/lists/* &&\
     ln -sf /bin/bash /bin/sh

diff --git a/Dockerfile.alltools b/Dockerfile.alltools
@@ -13,7 +13,7 @@ FROM debian:bookworm
 ARG COMMIT_SHA
 
 RUN apt update &&\
-    apt install -y ca-certificates wget &&\
+    apt install -y ca-certificates wget curl &&\
     rm -rf /var/cache/apt &&\
     rm -rf /var/lib/apt/lists/* &&\
     ln -sf /bin/bash /bin/sh