ci: try build args for container again

Second attempt at supporting container builds that reference specific versions of the Penumbra dependencies. The only changes are that the fallback value to the string 'main' is now in single quotes, rather than double quotes [0], and the "inputs" field has the event prefix. Also made some largely cosmetic changes to source code paths within Containerfile. Revert "Revert "ci: add build args for container"" This reverts commit 0bcb9a4. Revert "Revert "ci: support default build args as gha inputs"" This reverts commit f975cd8. [0] https://docs.github.com/en/actions/learn-github-actions/expressions#literals
penumbra-zone · Aug 4, 2023 · 4f3c069 · 4f3c069
1 parent 0bcb9a4
commit 4f3c069
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 9 deletions.
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -3,6 +3,11 @@ name: Build container image
 on:
   workflow_call:
   workflow_dispatch:
+    inputs:
+      penumbra_version:
+        description: 'Git ref (e.g. branch or tag) of Penumbra repo for building'
+        default: "main"
+        required: true
   push:
     branches:
       - main
@@ -45,7 +50,11 @@ jobs:
           platforms: linux/amd64
           file: Containerfile
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          # We include a tag with the associated Penumbra, e.g. `penumbra-v0.57.0`.
+          # This is important to maintain compatibility with a long-running testnet.
+          tags: ${{ steps.meta.outputs.tags }},penumbra-${{ github.event.inputs.penumbra_version || 'main' }}
+          build-args: |
+            PENUMBRA_VERSION=${{ github.event.inputs.penumbra_version || 'main' }}
           # We disable layer caching to ensure that the most recent penumbra repo is used.
           # Otherwise, the static git url for the repo will always result in a cache hit.
           # TODO: update with dynamic build-args using e.g. current date to bust cache.

diff --git a/Containerfile b/Containerfile
@@ -1,22 +1,26 @@
+ARG PENUMBRA_VERSION=main
+# ARG PENUMBRA_VERSION=v0.54.1
 # Pull from Penumbra container, so we can grab a recent `pcli` without
 # needing to compile from source.
-FROM ghcr.io/penumbra-zone/penumbra:main AS penumbra
-FROM docker.io/rust:1-bullseye AS builder
+FROM ghcr.io/penumbra-zone/penumbra:${PENUMBRA_VERSION} AS penumbra
 
+# Build the osiris binary
+FROM docker.io/rust:1-bullseye AS builder
+ARG PENUMBRA_VERSION=main
 RUN apt-get update && apt-get install -y \
         libssl-dev git-lfs clang
-# Shallow clone since we only want most recent HEAD; this should change
-# if/when we want to support specific refs, such as release tags, for Penumbra deps.
-RUN git clone --depth=1 https://github.com/penumbra-zone/penumbra /app/penumbra
-COPY . /app/osiris
-WORKDIR /app/osiris
+# Clone in Penumbra deps to relative path, required due to git-lfs.
+RUN git clone --depth 1 --branch "${PENUMBRA_VERSION}" https://github.com/penumbra-zone/penumbra /usr/src/penumbra
+COPY . /usr/src/osiris
+WORKDIR /usr/src/osiris
 RUN cargo build --release
 
+# Runtime container, copying in built artifacts
 FROM docker.io/debian:bullseye-slim
 RUN apt-get update && apt-get install -y ca-certificates
 RUN groupadd --gid 1000 penumbra \
         && useradd -m -d /home/penumbra -g 1000 -u 1000 penumbra
-COPY --from=builder /app/osiris/target/release/osiris /usr/bin/osiris
 COPY --from=penumbra /bin/pcli /usr/bin/pcli
+COPY --from=builder /usr/src/osiris/target/release/osiris /usr/bin/osiris
 WORKDIR /home/penumbra
 USER penumbra