name: Regional Docker Builds on: push: branches: - main paths: - 'deploy/docker/**' - 'deploy/compose/docker-compose.*.yml' - 'etc/appsettings.crypto.*.yaml' - 'etc/crypto-plugins-manifest.json' - 'src/__Libraries/StellaOps.Cryptography.Plugin.**' - '.gitea/workflows/docker-regional-builds.yml' pull_request: paths: - 'deploy/docker/**' - 'deploy/compose/docker-compose.*.yml' - 'etc/appsettings.crypto.*.yaml' - 'etc/crypto-plugins-manifest.json' - 'src/__Libraries/StellaOps.Cryptography.Plugin.**' workflow_dispatch: env: REGISTRY: registry.stella-ops.org PLATFORM_IMAGE_NAME: stellaops/platform DOCKER_BUILDKIT: 1 jobs: # Build the base platform image containing all crypto plugins build-platform: name: Build Platform Image (All Plugins) runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ gitea.actor }} password: ${{ secrets.GITEA_TOKEN }} - name: Extract metadata (tags, labels) id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - name: Build and push platform image uses: docker/build-push-action@v5 with: context: . file: ./deploy/docker/Dockerfile.platform target: runtime-base push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:buildcache cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:buildcache,mode=max build-args: | BUILDKIT_INLINE_CACHE=1 - name: Export platform image tag id: platform run: | echo "tag=${{ env.REGISTRY }}/${{ env.PLATFORM_IMAGE_NAME }}:${{ github.sha }}" >> $GITHUB_OUTPUT outputs: platform-tag: ${{ steps.platform.outputs.tag }} # Build regional profile images for each service build-regional-profiles: name: Build Regional Profiles runs-on: ubuntu-latest needs: build-platform permissions: contents: read packages: write strategy: fail-fast: false matrix: profile: [international, russia, eu, china] service: - authority - signer - attestor - concelier - scanner - excititor - policy - scheduler - notify - zastava - gateway - airgap-importer - airgap-exporter - cli steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ gitea.actor }} password: ${{ secrets.GITEA_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/stellaops/${{ matrix.service }} tags: | type=raw,value=${{ matrix.profile }},enable={{is_default_branch}} type=raw,value=${{ matrix.profile }}-${{ github.sha }} type=raw,value=${{ matrix.profile }}-pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }} - name: Build and push regional service image uses: docker/build-push-action@v5 with: context: . file: ./deploy/docker/Dockerfile.crypto-profile target: ${{ matrix.service }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | CRYPTO_PROFILE=${{ matrix.profile }} BASE_IMAGE=${{ needs.build-platform.outputs.platform-tag }} SERVICE_NAME=${{ matrix.service }} # Validate regional configurations validate-configs: name: Validate Regional Configurations runs-on: ubuntu-latest needs: build-regional-profiles strategy: fail-fast: false matrix: profile: [international, russia, eu, china] steps: - name: Checkout repository uses: actions/checkout@v4 - name: Validate crypto configuration YAML run: | # Install yq for YAML validation sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 sudo chmod +x /usr/local/bin/yq # Validate YAML syntax yq eval 'true' etc/appsettings.crypto.${{ matrix.profile }}.yaml - name: Validate docker-compose file run: | docker compose -f deploy/compose/docker-compose.${{ matrix.profile }}.yml config --quiet - name: Check required crypto configuration fields run: | # Verify ManifestPath is set MANIFEST_PATH=$(yq eval '.StellaOps.Crypto.Plugins.ManifestPath' etc/appsettings.crypto.${{ matrix.profile }}.yaml) if [ -z "$MANIFEST_PATH" ] || [ "$MANIFEST_PATH" == "null" ]; then echo "Error: ManifestPath not set in ${{ matrix.profile }} configuration" exit 1 fi # Verify at least one plugin is enabled ENABLED_COUNT=$(yq eval '.StellaOps.Crypto.Plugins.Enabled | length' etc/appsettings.crypto.${{ matrix.profile }}.yaml) if [ "$ENABLED_COUNT" -eq 0 ]; then echo "Error: No plugins enabled in ${{ matrix.profile }} configuration" exit 1 fi echo "Configuration valid: ${{ matrix.profile }}" # Summary job summary: name: Build Summary runs-on: ubuntu-latest needs: [build-platform, build-regional-profiles, validate-configs] if: always() steps: - name: Generate summary run: | echo "## Regional Docker Builds Summary" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "Platform image built successfully: ${{ needs.build-platform.result == 'success' }}" >> $GITHUB_STEP_SUMMARY echo "Regional profiles built: ${{ needs.build-regional-profiles.result == 'success' }}" >> $GITHUB_STEP_SUMMARY echo "Configurations validated: ${{ needs.validate-configs.result == 'success' }}" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### Build Details" >> $GITHUB_STEP_SUMMARY echo "- Commit: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY echo "- Branch: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY echo "- Event: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY