name: Publish docker image on: schedule: - cron: "0 3 * * *" workflow_dispatch: inputs: git_ref: type: string required: true default: main description: "Git branch/tag revision to build" image_tag: type: string required: true default: trunk description: "docker image tag" local_ydb_ref: type: string required: true default: main description: "Git branch/tag revision to builld local_ydb" jobs: provide-runner: name: Start self-hosted YC runner timeout-minutes: 5 runs-on: ubuntu-latest outputs: label: ${{steps.start-yc-runner.outputs.label}} instance-id: ${{steps.start-yc-runner.outputs.instance-id}} steps: - name: Start YC runner id: start-yc-runner uses: yc-actions/yc-github-runner@v1 with: mode: start yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }} github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} folder-id: ${{secrets.YC_FOLDER}} image-id: fd8earpjmhevh8h6ug5o # TODO: create constant disk-size: ${{vars.DISK_SIZE && vars.DISK_SIZE || '1023GB'}} disk-type: network-ssd-nonreplicated cores: 32 memory: 64GB core-fraction: 100 zone-id: ru-central1-b subnet-id: ${{secrets.YC_SUBNET}} prepare-vm: name: Prepare runner needs: provide-runner runs-on: [ self-hosted, "${{ needs.provide-runner.outputs.label }}" ] steps: - name: install docker shell: bash run: | apt-get update apt-get install -y --no-install-recommends docker.io build: needs: - provide-runner - prepare-vm runs-on: "${{ needs.provide-runner.outputs.label }}" steps: - name: Checkout .github and local_ydb uses: actions/checkout@v4 with: ref: main path: main sparse-checkout: | .github ydb/public/tools/local_ydb/ - name: Checkout uses: actions/checkout@v4 with: ref: ${{ inputs.git_ref || 'main' }} path: ydb - name: get revision shell: bash id: get-sha working-directory: ydb run: | echo "SHA=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Log in to the Container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/${{ github.repository_owner }}/local-ydb labels: | ydb.revision=${{ steps.get-sha.outputs.SHA }} org.opencontainers.image.revision=${{ steps.get-sha.outputs.SHA }} tags: | type=schedule,pattern=nightly type=raw,value=${{ inputs.image_tag || 'trunk' }} - name: Build and push docker image uses: docker/build-push-action@v4 with: push: true context: . file: main/.github/docker/Dockerfile tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64 provenance: false cache-from: type=s3,name=local_ydb,region=ru-central1,bucket=${{ vars.AWS_BUCKET }},endpoint_url=${{ vars.AWS_ENDPOINT }},access_key_id=${{ secrets.AWS_KEY_ID }},secret_access_key=${{ secrets.AWS_KEY_VALUE }} cache-to: type=s3,name=local_ydb,region=ru-central1,bucket=${{ vars.AWS_BUCKET }},endpoint_url=${{ vars.AWS_ENDPOINT }},access_key_id=${{ secrets.AWS_KEY_ID }},secret_access_key=${{ secrets.AWS_KEY_VALUE }},mode=max secrets: | "ccache_remote_storage=${{ vars.REMOTE_CACHE_URL && format('http://{0}{1}', secrets.REMOTE_CACHE_AUTH, vars.REMOTE_CACHE_URL) || ''}}" release-runner: name: Release self-hosted YC runner if provided on-demand needs: - provide-runner - build runs-on: ubuntu-latest if: always() steps: - name: Stop YC runner uses: yc-actions/yc-github-runner@v1 with: mode: stop yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }} github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} label: ${{ needs.provide-runner.outputs.label }} instance-id: ${{ needs.provide-runner.outputs.instance-id }}