name: Publish Docker Images on: workflow_dispatch: push: tags: - "v*" jobs: # Shared base (toolchain + r0vm), single source of truth in # lez/docker/risc0-base.Dockerfile. Built and pushed once so the service # builds below can pull it as the `risc0_base` named context. The # docker-container builder resolves named contexts from the registry (not the # host image store), so the base must be pushed, not just loaded. risc0_base: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to registry uses: docker/login-action@v3 with: registry: ${{ secrets.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push risc0 base image uses: docker/build-push-action@v5 with: context: . file: ./lez/docker/risc0-base.Dockerfile push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ github.repository }}/risc0_base:sha-${{ github.sha }} cache-from: type=gha,scope=risc0-base cache-to: type=gha,mode=max,scope=risc0-base publish: needs: risc0_base runs-on: ubuntu-latest strategy: matrix: include: - name: sequencer_service dockerfile: ./lez/sequencer/service/Dockerfile build_args: | STANDALONE=false - name: sequencer_service-standalone dockerfile: ./lez/sequencer/service/Dockerfile build_args: | STANDALONE=true - name: indexer_service dockerfile: ./lez/indexer/service/Dockerfile build_args: "" - name: explorer_service dockerfile: ./lez/explorer_service/Dockerfile build_args: "" steps: - uses: actions/checkout@v5 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to registry uses: docker/login-action@v3 with: registry: ${{ secrets.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ secrets.DOCKER_REGISTRY }}/${{ github.repository }}/${{ matrix.name }} tags: | type=ref,event=tag type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha,prefix=sha- type=raw,value=latest,enable={{is_default_branch}} - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ${{ matrix.dockerfile }} push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: ${{ matrix.build_args }} build-contexts: risc0_base=docker-image://${{ secrets.DOCKER_REGISTRY }}/${{ github.repository }}/risc0_base:sha-${{ github.sha }} cache-from: type=gha cache-to: type=gha,mode=max