feat: DEVOPS-1247 move Scilla pipeline to GCP

Zilliqa · Feb 7, 2024 · 68f23ed · 68f23ed
1 parent 4768752
commit 68f23ed
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 21 deletions.
diff --git a/.github/workflows/ci-image-dev.yml b/.github/workflows/ci-image-dev.yml
@@ -18,6 +18,9 @@ jobs:
       contents: write
     name: build
     runs-on: docker
+    env:
+      GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev
+      GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_STG_REGISTRY_PROJECT_ID }}/zilliqa-private
     steps:
     - name: Clean environment
       # Prune the Docker resources created over 10 days before the current execution (change the value for a more/less aggressive cleanup).
@@ -36,10 +39,9 @@ jobs:
       with:
         file: docker/Dockerfile
         push: true
-        tag: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com/scilla
+        tag: ${{ env.GCP_REGISTRY }}/scilla
         tag-length: 8
-        registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com
-        aws-region: ${{ secrets.AWS_REGION_ZILLIQA }}
-        role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }}
-        oidc-role: ${{ secrets.OIDC_ROLE }}
+        registry: ${{ env.GCP_REGISTRY_DOMAIN }}
+        workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+        service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}"
         cache-key: ${{ github.event.repository.name }}
diff --git a/.github/workflows/ci-image-release.yml b/.github/workflows/ci-image-release.yml
@@ -17,6 +17,9 @@ jobs:
       id-token: write
       contents: write
     runs-on: docker
+    env:
+      GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev
+      GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_PRD_REGISTRY_PROJECT_ID }}/zilliqa-private
     steps:
     - name: 'Checkout scm ${{ inputs.commitOrTag }}'
       uses: actions/checkout@v3
@@ -42,17 +45,16 @@ jobs:
           echo "latest=false" >> $GITHUB_OUTPUT
         fi
       shell: bash
-    - name: Docker build and push
+    - name: Docker build and push (GCP)
       uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v1
       with:
         file: docker/Dockerfile
         push: true
-        tag: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com/scilla:${{ steps.set-tag.outputs.tag }}
+        tag: ${{ env.GCP_REGISTRY }}/scilla:${{ steps.set-tag.outputs.tag }}
         tag-latest: ${{ steps.check-latest.outputs.latest }}
-        registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com
-        aws-region: ${{ secrets.AWS_REGION_ZILLIQA }}
-        role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }}
-        oidc-role: ${{ secrets.OIDC_ROLE }}
+        registry: ${{ env.GCP_REGISTRY_DOMAIN }}
+        workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+        service-account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}"
         cache-key: ${{ github.event.repository.name }}
     - name: Docker build and push (Dockerhub)
       uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v1

diff --git a/.github/workflows/ci-image-test.yml b/.github/workflows/ci-image-test.yml
@@ -10,6 +10,7 @@ on:
   pull_request:
     branches:
       - 'master'
+  push:
 
 jobs:
   run-tests:
@@ -18,6 +19,9 @@ jobs:
       contents: write
     name: tests
     runs-on: docker
+    env:
+      GCP_REGISTRY_DOMAIN: asia-docker.pkg.dev
+      GCP_REGISTRY: asia-docker.pkg.dev/${{ secrets.GCP_STG_REGISTRY_PROJECT_ID }}/zilliqa-private
     steps:
     - name: Clean environment
       # Prune the Docker resources created over 10 days before the current execution (change the value for a more/less aggressive cleanup).
@@ -31,19 +35,23 @@ jobs:
       with:
         fetch-depth: 0
         ref: ${{ inputs.commitOrTag }}
-    - name: Configure AWS Credentials
-      uses: Zilliqa/gh-actions-workflows/actions/configure-aws-credentials@v1
+    - name: "Configure GCP Credentials"
+      id: google-auth
+      uses: "google-github-actions/auth@v1"
       with:
-        role-to-assume: ${{ secrets.ECR_DEPLOYER_ROLE }}
-        oidc-role: ${{ secrets.OIDC_ROLE }}
-        aws-region: ${{ secrets.AWS_REGION_ZILLIQA }}
-    - name: Login to the registry
+        token_format: "access_token"
+        workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+        service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}"
+        create_credentials_file: true
+    - name: Login to the GCP registry
       uses: docker/login-action@v2
       with:
-        registry: ${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }}.dkr.ecr.${{ secrets.AWS_REGION_ZILLIQA }}.amazonaws.com
+        registry: ${{ env.GCP_REGISTRY_DOMAIN }}
+        username: "oauth2accesstoken"
+        password: "${{ steps.google-auth.outputs.access_token }}"
     - name: Build Docker images
       run: |
-        DOCKER_BUILDKIT=1 docker build -t scilla:tests --build-arg ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_ZILLIQA }} -f docker/Dockerfile.test .
+        DOCKER_BUILDKIT=1 docker build -t scilla:tests --build-arg REGISTRY=${{ env.GCP_REGISTRY }} -f docker/Dockerfile.test .
       shell: bash
     - name: Run make test
       run: |

diff --git a/docker/Dockerfile.test b/docker/Dockerfile.test
@@ -1,6 +1,6 @@
-ARG ACCOUNT_ID
+ARG REGISTRY
 
-FROM ${ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/scilla:429e2f9
+FROM ${REGISTRY}/scilla:69dbcd05
 
 ENV VCPKG_ROOT="/vcpkg"
 ENV SCILLA_REPO_ROOT="/scilla/0"