version: 2.1 orbs: gcp-cli: circleci/gcp-cli@3.0.1 commands: gcp-oidc-authenticate: description: "Authenticate with GCP using a CircleCI OIDC token." parameters: project_id: type: env_var_name default: GCP_PROJECT_ID workload_identity_pool_id: type: env_var_name default: GCP_WIP_ID workload_identity_pool_provider_id: type: env_var_name default: GCP_WIP_PROVIDER_ID service_account_email: type: env_var_name default: GCP_SERVICE_ACCOUNT_EMAIL gcp_cred_config_file_path: type: string default: /home/circleci/gcp_cred_config.json oidc_token_file_path: type: string default: /home/circleci/oidc_token.json steps: - run: name: "Create OIDC credential configuration" command: | # Store OIDC token in temp file echo $CIRCLE_OIDC_TOKEN > << parameters.oidc_token_file_path >> # Create a credential configuration for the generated OIDC ID Token gcloud iam workload-identity-pools create-cred-config \ "projects/${<< parameters.project_id >>}/locations/global/workloadIdentityPools/${<< parameters.workload_identity_pool_id >>}/providers/${<< parameters.workload_identity_pool_provider_id >>}"\ --output-file="<< parameters.gcp_cred_config_file_path >>" \ --service-account="${<< parameters.service_account_email >>}" \ --credential-source-file=<< parameters.oidc_token_file_path >> - run: name: "Authenticate with GCP using OIDC" command: | # Configure gcloud to leverage the generated credential configuration gcloud auth login --brief --cred-file "<< parameters.gcp_cred_config_file_path >>" # Configure ADC echo "export GOOGLE_APPLICATION_CREDENTIALS='<< parameters.gcp_cred_config_file_path >>'" | tee -a "$BASH_ENV" jobs: docker-release: environment: DOCKER_BUILDKIT: 1 parameters: docker_name: description: Docker image name type: string default: "op-geth" docker_tags: description: Docker image tags as csv type: string registry: description: Docker registry type: string default: "us-docker.pkg.dev" repo: description: Docker repo type: string default: "oplabs-tools-artifacts/images" machine: image: ubuntu-2204:2022.07.1 resource_class: xlarge steps: - gcp-cli/install - gcp-oidc-authenticate - checkout - run: name: Configure Docker command: | gcloud auth configure-docker <> - run: name: Build and push command: | IMAGE_BASE="<>/<>/<>" DOCKER_TAGS=$(echo -ne <> | sed "s/,/\n/g" | sed "s/[^a-zA-Z0-9\n.]/-/g" | sed -e "s|^|-t ${IMAGE_BASE}:|") docker context create buildx-build docker buildx create --use buildx-build docker buildx build --push \ $(echo -ne $DOCKER_TAGS | tr '\n' ' ') \ --platform=linux/arm64,linux/amd64 \ --build-arg VERSION=$CIRCLE_TAG \ --build-arg COMMIT=$CIRCLE_SHA \ --build-arg BUILDNUM=$CIRCLE_BUILD_NUM \ --progress plain \ -f Dockerfile . build-geth: docker: - image: cimg/go:1.18 resource_class: medium steps: - checkout - run: command: go run build/ci.go install unit-test: resource_class: medium docker: - image: cimg/go:1.18 steps: - checkout - run: command: go run build/ci.go test lint-geth: resource_class: medium docker: - image: cimg/go:1.18 steps: - checkout - run: command: go run build/ci.go lint workflows: main: jobs: - build-geth: name: Build geth - unit-test: name: Run unit tests for geth - lint-geth: name: Run linter over geth - docker-release: name: Push to Docker docker_tags: <> context: - oplabs-gcr release: jobs: - hold: type: approval filters: tags: only: /^v.*/ branches: ignore: /.*/ - docker-release: name: Push to Docker filters: tags: only: /^v.*/ branches: ignore: /.*/ docker_tags: <>,<> context: - oplabs-gcr-release requires: - hold