Automate docker image push (#4937)

### Changes - [x] Move the push to dockerhub step from the main pipeline to the release one in the nightly group - [x] Use a bash script that collect the image from the artifacts to push to dockerhub and respect `test` and `nightly` tags - [x] Ditch the nix solution to push to dockerhub - [x] Add a block before pushing the release tag to dockerhub ### Issues fix #4900
cardano-foundation · Jan 13, 2025 · 5226b92 · 5226b92
2 parents cb7e56c + c164467
commit 5226b92
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 140 deletions.
diff --git a/.buildkite/docker-build-push.nix b/.buildkite/docker-build-push.nix
diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
@@ -625,22 +625,6 @@ steps:
         agents:
           system: x86_64-linux
 
-      - block: Docker Build
-        depends_on: []
-        if: build.env("TEST_RC") == "TRUE"
-        key: docker-build-block
-
-      - label: Push Docker Image
-        depends_on:
-          - docker-build
-        key: build-docker
-        command:
-          - "mkdir -p config && echo '{ outputs = _: { dockerHubRepoName = \"cardanofoundation/cardano-wallet\"; }; }'  > config/flake.nix"
-          - "nix build .#pushDockerImage --override-input hostNixpkgs \"path:$(nix eval --impure -I $NIX_PATH --expr '(import <nixpkgs> {}).path')\" --override-input customConfig path:./config -o docker-build-push"
-          - "./docker-build-push"
-        agents:
-          system: x86_64-linux
-
   - group: Docker Checks
     depends_on:
       - docker-artifacts

diff --git a/.buildkite/release.yml b/.buildkite/release.yml
@@ -47,6 +47,8 @@ steps:
           RELEASE: false
         agents:
           system: x86_64-linux
+        concurrency: 1
+        concurrency_group: push-swagger-nightly-or-test
 
       - label: Push nightly or test release tag
         key: push-nightly-or-test-tag
@@ -66,6 +68,8 @@ steps:
           system: x86_64-linux
         env:
           RELEASE: false
+        concurrency: 1
+        concurrency_group: push-release-nightly-or-test
 
       - label: Push nightly or test release artifacts
         depends_on: push-nightly-or-test-release
@@ -75,6 +79,18 @@ steps:
           system: x86_64-linux
         env:
           RELEASE: false
+        concurrency: 1
+        concurrency_group: push-release-nightly-or-test
+
+      - label: Push image to dockerhub
+        commands:
+          - nix develop path:$RELEASE_SCRIPTS_DIR -c $RELEASE_SCRIPTS_DIR/push-to-dockerhub.sh
+        agents:
+          system: x86_64-linux
+        env:
+          RELEASE: false
+        concurrency: 1
+        concurrency_group: push-dockerhub-nightly-or-test
 
   - group: Release
     depends_on: nightly-or-test
@@ -93,6 +109,8 @@ steps:
           RELEASE: true
         agents:
           system: x86_64-linux
+        concurrency: 1
+        concurrency_group: push-swagger-release
 
       - label: Push release tag
         key: push-release-tag
@@ -113,6 +131,8 @@ steps:
           system: x86_64-linux
         env:
           RELEASE: true
+        concurrency: 1
+        concurrency_group: push-release-release
 
       - label: Push release artifacts
         depends_on: push-release
@@ -122,16 +142,25 @@ steps:
           system: x86_64-linux
         env:
           RELEASE: true
+        concurrency: 1
+        concurrency_group: push-release-release
 
-      - label: Push Docker Image
-        depends_on:
-          - create-release
-        command:
-          - "mkdir -p config && echo '{ outputs = _: { dockerHubRepoName = \"cardanofoundation/cardano-wallet\"; }; }'  > config/flake.nix"
-          - "nix build .#pushDockerImage --override-input hostNixpkgs \"path:$(nix eval --impure -I $NIX_PATH --expr '(import <nixpkgs> {}).path')\" --override-input customConfig path:./config -o docker-build-push"
-          - "./docker-build-push"
+      - block: Push to dockerhub
+        key: push-dockerhub
+        depends_on: create-release
+
+      - label: Push to dockerhub
+        depends_on: push-dockerhub
+        artifact_paths:
+          - ./artifacts/*.tgz
+        commands:
+          - nix develop path:$RELEASE_SCRIPTS_DIR -c $RELEASE_SCRIPTS_DIR/push-to-dockerhub.sh
         agents:
           system: x86_64-linux
+        env:
+          RELEASE: true
+        concurrency: 1
+        concurrency_group: push-dockerhub-release
 
       - label: Update Documentation Links
         depends_on: create-release

diff --git a/flake.nix b/flake.nix
@@ -388,11 +388,7 @@
           // rec {
             dockerImage =
               mkDockerImage (mkPackages walletProject.projectCross.musl64);
-            pushDockerImage = import ./.buildkite/docker-build-push.nix {
-              hostPkgs = import hostNixpkgs { inherit system; };
-              inherit dockerImage;
-              inherit (config) dockerHubRepoName;
-            };
+
           } // (lib.optionalAttrs buildPlatform.isLinux {
             nixosTests = import ./nix/nixos/tests {
               inherit pkgs;

diff --git a/scripts/buildkite/release/push-to-dockerhub.sh b/scripts/buildkite/release/push-to-dockerhub.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -euox pipefail
+
+TRIGGERED_BY=$(buildkite-agent meta-data get base-build)
+NEW_GIT_TAG=$(buildkite-agent meta-data get release-version)
+TEST_RC=$(buildkite-agent meta-data get test-rc)
+CABAL_VERSION=$(buildkite-agent meta-data get release-cabal-version)
+
+if [ "$RELEASE" == "false" ]; then
+    if [ "$TEST_RC" == "TRUE" ]; then
+        TAG="test"
+    else
+        TAG="nightly"
+    fi
+else
+    TAG=$NEW_GIT_TAG
+fi
+
+main_build=$(curl -H "Authorization: Bearer $BUILDKITE_API_TOKEN" \
+    -X GET "https://api.buildkite.com/v2/builds" \
+    | jq ".[] | select(.meta_data.\"triggered-by\" == \"$TRIGGERED_BY\")" \
+    | jq .number)
+
+mkdir -p artifacts
+
+repo="cardanofoundation/cardano-wallet"
+
+artifact() {
+    local artifact_name=$1
+    # shellcheck disable=SC2155
+    local artifact_value=$(curl -H "Authorization: Bearer $BUILDKITE_API_TOKEN" \
+        -X GET "https://api.buildkite.com/v2/organizations/cardano-foundation/pipelines/cardano-wallet/builds/$main_build/artifacts?per_page=100" \
+        | jq -r " [.[] | select(.filename == \"$artifact_name\")][0] \
+        | .download_url")
+    curl -H "Authorization: Bearer $BUILDKITE_API_TOKEN" -L \
+        -o "artifacts/$artifact_name" \
+        "$artifact_value"
+    docker login -u cfhal -p "$DOCKER_HUB_TOKEN"
+    docker load -i "artifacts/$artifact_name"
+    local image_name="$repo:$TAG"
+    if [ "$RELEASE" == "false" ]; then
+        local loaded_image_name="$repo:$CABAL_VERSION"
+        docker tag "$loaded_image_name" "$image_name"
+        docker push "$image_name"
+    else
+        local latest_image_name="$repo:latest"
+        docker push "$image_name"
+        docker tag "$image_name" "$latest_image_name"
+        docker push "$latest_image_name"
+    fi
+}
+
+artifact "cardano-wallet-$NEW_GIT_TAG-docker-image.tgz"