From d5390be43d0fcdda7a1683c76d95c4d7618ec6a0 Mon Sep 17 00:00:00 2001 From: Ahmad Kaouk <56095276+ahmadkaouk@users.noreply.github.com> Date: Fri, 13 Mar 2026 13:45:41 +0100 Subject: [PATCH] ci: publish validator-set-submitter Docker image on release (#467) ## Summary - Add a new reusable workflow (`task-docker-release-validator-set-submitter.yml`) to build and publish the `datahavenxyz/validator-set-submitter` Docker image to Docker Hub - Wire it into the existing `release.yml` so the submitter image is published on every push to main ## Details - **Triggers**: `workflow_call` (from `release.yml`) and `workflow_dispatch` for manual builds with a custom label/branch - **Tagging**: `latest` + `sha-` on CI pushes; custom label on manual dispatch - **Build**: Uses the Dockerfile at `test/tools/validator-set-submitter/Dockerfile` - **Smoke test**: Pulls the published image and runs `--help` to verify it starts correctly - **Environment**: Requires `production` environment approval before publishing ## Test plan - [ ] Trigger the release workflow manually via `workflow_dispatch` and verify the `datahavenxyz/validator-set-submitter` image is published to Docker Hub - [ ] Verify the smoke test (`--help`) passes in CI - [ ] Merge to main and confirm the submitter image is published --- .github/workflows/release.yml | 8 +- ...docker-release-validator-set-submitter.yml | 105 ++++++++++++++++++ 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/task-docker-release-validator-set-submitter.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e34ed2d1..71708d2e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ on: permissions: contents: read - packages: write # Required for docker-build-release + packages: write # Required for docker build release jobs concurrency: group: release-${{ github.workflow }}-${{ github.ref }} @@ -30,3 +30,9 @@ jobs: secrets: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + + validator-set-submitter-docker-build-release: + uses: ./.github/workflows/task-docker-release-validator-set-submitter.yml + secrets: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/task-docker-release-validator-set-submitter.yml b/.github/workflows/task-docker-release-validator-set-submitter.yml new file mode 100644 index 00000000..bf7a7539 --- /dev/null +++ b/.github/workflows/task-docker-release-validator-set-submitter.yml @@ -0,0 +1,105 @@ +name: Docker Build & Publish Validator Set Submitter (Release) + +on: + workflow_dispatch: + inputs: + label: + description: "Label for the Docker image" + required: true + type: string + branch: + description: "Branch to checkout and build" + required: true + type: string + workflow_call: + secrets: + DOCKERHUB_USERNAME: + description: "Docker Hub username" + required: true + DOCKERHUB_TOKEN: + description: "Docker Hub access token" + required: true + outputs: + image-tag: + description: "The tag portion of the docker image (without registry)" + value: "${{ jobs.build-test-push.outputs.image-tag }}" + +permissions: + contents: read + packages: write + +concurrency: + group: docker-build-release-validator-set-submitter-${{ github.ref }} + cancel-in-progress: true + +jobs: + build-test-push: + runs-on: ubuntu-latest + # Require approval before publishing to Docker Hub + environment: production + outputs: + image-tag: ${{ steps.extract_tag.outputs.image-tag }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.branch || github.ref }} + + - uses: ./.github/workflows/actions/cleanup-runner + + # --- Docker metadata --- + - name: Docker meta (dispatch) + if: github.event_name == 'workflow_dispatch' + id: meta-dispatch + uses: docker/metadata-action@v5 + with: + images: datahavenxyz/validator-set-submitter + flavor: | + latest=false + tags: | + type=raw,value=${{ github.event.inputs.label }} + + - name: Docker meta (CI - main push) + if: github.event_name != 'workflow_dispatch' + id: meta-ci + uses: docker/metadata-action@v5 + with: + images: datahavenxyz/validator-set-submitter + flavor: | + latest=true + tags: | + type=raw,value=latest + type=sha,format=short,prefix=sha- + + - name: Extract tag for job output + id: extract_tag + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + FULL_TAG=$(echo '${{ steps.meta-dispatch.outputs.json }}' | jq -r '.tags[-1]') + else + FULL_TAG=$(echo '${{ steps.meta-ci.outputs.json }}' | jq -r '.tags[-1]') + fi + TAG_ONLY=$(echo "$FULL_TAG" | sed 's|.*:||') + echo "image-tag=$TAG_ONLY" >> $GITHUB_OUTPUT + echo "image-name=datahavenxyz/validator-set-submitter:$TAG_ONLY" >> $GITHUB_OUTPUT + + # --- Build and push Docker image --- + - name: Build and push Docker image + uses: ./.github/workflow-templates/publish-docker + with: + dockerfile: ./test/tools/validator-set-submitter/Dockerfile + context: . + registry: docker.io + registry_username: ${{ secrets.DOCKERHUB_USERNAME }} + registry_password: ${{ secrets.DOCKERHUB_TOKEN }} + image_tags: ${{ steps.meta-dispatch.outputs.tags || steps.meta-ci.outputs.tags }} + image_title: "Validator Set Submitter - Release" + image_description: "Release build of DataHaven validator set submitter" + cache_scope: validator-set-submitter-release-build + + # --- Smoke tests --- + - name: Pull and test submitter --help + run: | + docker pull ${{ steps.extract_tag.outputs.image-name }} + docker run --rm ${{ steps.extract_tag.outputs.image-name }} --help