ci: add compatible contracts image for nim-codex docker image (#1186)

* ci: add compatible contracts image for nim-codex docker image * ci: with submodules * ci: with submodules on correct place * ci: remove double dash * ci: avoiding artifact conflicts * ci: add labels to arch images * ci: correct way to add label to arch images * ci: correct contract label * ci: avoid building contracts image and use contracts commit hash * refactor: better way to get the hash
2026-01-02 13:33:10 +00:00 · 2025-04-15 15:52:19 +02:00 · 2025-04-15 15:52:19 +02:00 · 7c7871ac75
commit 7c7871ac75
parent b92f79a654
2 changed files with 50 additions and 4 deletions
--- a/.github/workflows/docker-reusable.yml
+++ b/.github/workflows/docker-reusable.yml
@ -59,6 +59,10 @@ on:
        required: false
        type: string
        default: false
+      contract_image:
+        description: Specifies compatible smart contract image
+        required: false
+        type: string


 env:
@ -71,6 +75,7 @@ env:
  TAG_LATEST: ${{ inputs.tag_latest }}
  TAG_SHA: ${{ inputs.tag_sha }}
  TAG_SUFFIX: ${{ inputs.tag_suffix }}
+  CONTRACT_IMAGE: ${{ inputs.contract_image }}
  # Tests
  TESTS_SOURCE: codex-storage/cs-codex-dist-tests
  TESTS_BRANCH: master
@ -80,8 +85,19 @@ env:


 jobs:
+  compute:
+      name: Compute build ID
+      runs-on: ubuntu-latest
+      outputs:
+        build_id: ${{ steps.build_id.outputs.build_id }}
+      steps:
+        - name: Generate unique build id
+          id: build_id
+          run: echo "build_id=$(openssl rand -hex 5)" >> $GITHUB_OUTPUT
+
  # Build platform specific image
  build:
+    needs: compute
    strategy:
      fail-fast: true
      matrix:
@ -108,11 +124,19 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4

+      - name: Docker - Variables
+        run: |
+          # Create contract label for compatible contract image if specified
+          if [[ -n "${{ env.CONTRACT_IMAGE }}" ]]; then
+            echo "CONTRACT_LABEL=storage.codex.nim-codex.blockchain-image=${{ env.CONTRACT_IMAGE }}" >>$GITHUB_ENV
+          fi
+
      - name: Docker - Meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.DOCKER_REPO }}
+          labels: ${{ env.CONTRACT_LABEL }}

      - name: Docker - Set up Buildx
        uses: docker/setup-buildx-action@v3
@ -147,7 +171,7 @@ jobs:
      - name: Docker - Upload digest
        uses: actions/upload-artifact@v4
        with:
-          name: digests-${{ matrix.target.arch }}
+          name: digests-${{ needs.compute.outputs.build_id }}-${{ matrix.target.arch }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1
@ -159,7 +183,7 @@ jobs:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.meta.outputs.version }}
-    needs: build
+    needs: [build, compute]
    steps:
      - name: Docker - Variables
        run: |
@ -183,11 +207,16 @@ jobs:
          else
            echo "TAG_RAW=false" >>$GITHUB_ENV
          fi
+          
+          # Create contract label for compatible contract image if specified
+          if [[ -n "${{ env.CONTRACT_IMAGE }}" ]]; then
+            echo "CONTRACT_LABEL=storage.codex.nim-codex.blockchain-image=${{ env.CONTRACT_IMAGE }}" >>$GITHUB_ENV
+          fi

      - name: Docker - Download digests
        uses: actions/download-artifact@v4
        with:
-          pattern: digests-*
+          pattern: digests-${{ needs.compute.outputs.build_id }}-*
          merge-multiple: true
          path: /tmp/digests

@ -199,6 +228,7 @@ jobs:
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.DOCKER_REPO }}
+          labels: ${{ env.CONTRACT_LABEL }}
          flavor: |
            latest=${{ env.TAG_LATEST }}
            suffix=${{ env.TAG_SUFFIX }},onlatest=true
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -20,9 +20,25 @@ on:


 jobs:
+  get-contracts-hash:
+    runs-on: ubuntu-latest
+    outputs:
+      hash: ${{ steps.get-hash.outputs.hash }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Get submodule short hash
+        id: get-hash
+        run: |
+          hash=$(git rev-parse --short HEAD:vendor/codex-contracts-eth)
+          echo "hash=$hash" >> $GITHUB_OUTPUT
  build-and-push:
    name: Build and Push
    uses: ./.github/workflows/docker-reusable.yml
+    needs: get-contracts-hash
    with:
      tag_latest: ${{ github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/') }}
-    secrets: inherit
+      contract_image: "codexstorage/codex-contracts-eth:sha-${{ needs.get-contracts-hash.outputs.hash }}"
+    secrets: inherit