.github/workflows/build-&-publish-docker-image.yml

name: "Build & Publish Docker Image"

concurrency:
  group: "publish-${{ github.ref }}"
  cancel-in-progress: true

on:
  push: 
    branches: [ master,staging, sprint* ]
    tags: 
      - '*'
  pull_request:
  workflow_dispatch:

env:
  BLOBBER_REGISTRY: ${{ secrets.BLOBBER_REGISTRY }}
  VALIDATOR_REGISTRY: ${{ secrets.VALIDATOR_REGISTRY }}
  DOCKER_CLI_EXPERIMENTAL: enabled

jobs:
  blobber:
    runs-on: [self-hosted, arc-runner]
    steps:
      - name: Set docker image tag
        run: |
          if [[ "${{github.ref}}" == refs/pull/* ]]; then
            tag=${GITHUB_REF/\/merge/}
            echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
          else
            echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
          fi

          echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
          echo "SHA=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}')" >> $GITHUB_ENV

      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: ^1.20 # The Go version to download (if necessary) and use.

      - name: Clone blobber
        uses: actions/checkout@v1

      - name: Set up Docker Buildx
        run: |
          sudo apt-get update -y
          sudo apt-get install wget
          sudo apt-get install ca-certificates curl gnupg lsb-release -y
          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
          sudo apt-get update -y
          sudo apt-get install docker-ce docker-ce-cli containerd.io -y
          export DOCKER_CLI_EXPERIMENTAL=enabled
          docker run --privileged --rm tonistiigi/binfmt --install all
          docker context create blobber_buildx

      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build blobber
        run: |
          SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
          export DOCKER_IMAGE_BASE="${BLOBBER_REGISTRY}:base"
          export DOCKER_IMAGE_SWAGGER="${BLOBBER_REGISTRY}:swagger_test"
          export DOCKER_BUILD="buildx build --platform linux/amd64,linux/arm64 --push"
          export DOCKER_IMAGE_BLOBBER="-t ${BLOBBER_REGISTRY}:${TAG} -t ${BLOBBER_REGISTRY}:${TAG}-${SHORT_SHA}"
          docker buildx create --driver-opt network=host --use --buildkitd-flags '--allow-insecure-entitlement security.insecure' --use blobber_buildx
          ./docker.local/bin/build.base.sh && ./docker.local/bin/build.blobber.sh

  validator:
    runs-on: [self-hosted, arc-runner]
    steps:
      - name: Set docker image tag 
        run: |
          if [[ "${{github.ref}}" == refs/pull/* ]]; then
            tag=${GITHUB_REF/\/merge/}
            echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
          else
            echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
          fi

          echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
          echo "SHA=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}')" >> $GITHUB_ENV

      - name: Setup go
        uses: actions/setup-go@v3
        with:
          go-version: ^1.20 # The Go version to download (if necessary) and use.

      - name: Clone blobber
        uses: actions/checkout@v1

      - name: Set up Docker Buildx
        run: |
          sudo apt-get update -y
          sudo apt-get install wget
          sudo apt-get install ca-certificates curl gnupg lsb-release -y
          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
          sudo apt-get update -y
          sudo apt-get install docker-ce docker-ce-cli containerd.io -y
          export DOCKER_CLI_EXPERIMENTAL=enabled
          docker run --privileged --rm tonistiigi/binfmt --install all
          docker context create blobber_buildx

      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build validator
        run: |
          SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
          export DOCKER_IMAGE_BASE="${VALIDATOR_REGISTRY}:base"
          export DOCKER_BUILD="buildx build --platform linux/amd64,linux/arm64 --push"
          export DOCKER_IMAGE_VALIDATOR="-t ${VALIDATOR_REGISTRY}:${TAG} -t ${VALIDATOR_REGISTRY}:${TAG}-${SHORT_SHA}"
          docker buildx create --driver-opt network=host --use --buildkitd-flags '--allow-insecure-entitlement security.insecure' --use blobber_buildx
          ./docker.local/bin/build.base.sh && ./docker.local/bin/build.validator.sh


  system-tests:
    if: github.event_name != 'workflow_dispatch'
    needs: [blobber, validator]
    runs-on: [ tests-suite ]
    steps:
      - name: "Get current PR"
        uses: jwalton/gh-find-current-pr@v1
        id: findPr
        with:
          github-token: ${{ github.token }}

      - name: "Set PR status as pending"
        uses: 0chain/actions/set-pr-status@master
        if: steps.findPr.outputs.number
        with:
          pr_number: ${{ steps.findPr.outputs.pr }}
          description: "System tests running with default config..."
          state: "pending"
          repository: ${{ github.repository }}
          status_name: "0Chain System Tests"
          target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
          github_token: ${{ github.token }}

      - name: "Setup"
        run: |
          if [[ "${{github.ref}}" == refs/pull/* ]]; then
            tag=${GITHUB_REF/\/merge/}
            echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
          else
            echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
          fi

          echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
          echo "SHORT_SHA=$(([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}') | head -c 8)" >> $GITHUB_ENV
          echo "NETWORK_URL=$(echo dev-${RUNNER_NAME:(-1)}.devnet-0chain.net)" >> $GITHUB_ENV
          echo "RUNNER_NUMBER=${RUNNER_NAME:(-1)}" >> $GITHUB_ENV

      - name: "Deploy 0Chain"
        uses: 0chain/actions/deploy-0chain@master
        with:
          repo_snapshots_branch: "<CURRENT BRANCH WITH FALLBACK TO CURRENT_SPRINT>"
          kube_config: ${{ secrets[format('DEV{0}KC', env.RUNNER_NUMBER)] }}
          teardown_condition: "TESTS_PASSED"
          blobber_image: ${{ env.TAG }}-${{ env.SHORT_SHA }}
          validator_image: ${{ env.TAG }}-${{ env.SHORT_SHA }}
          SUBGRAPH_API_URL: ${{ secrets.SUBGRAPH_API_URL }}
          TENDERLY_FORK_ID: ${{ secrets.TENDERLY_FORK_ID }}
          graphnode_sc: ${{ secrets.GRAPHNODE_SC }}
          graphnode_network: ${{ secrets.GRAPHNODE_NETWORK }}
          graphnode_ethereum_node_url: https://rpc.tenderly.co/fork/${{ secrets.TENDERLY_FORK_ID }}
          svc_account_secret: ${{ secrets.SVC_ACCOUNT_SECRET }}


      - name: "Run System tests"
        uses: 0chain/actions/run-system-tests@master
        with:
          repo_snapshots_branch: "<CURRENT BRANCH WITH FALLBACK TO CURRENT_SPRINT>"
          network: ${{ env.NETWORK_URL }}
          svc_account_secret: ${{ secrets.SVC_ACCOUNT_SECRET }}
          deploy_report_page: false
          archive_results: true
          run_flaky_tests: false
          retry_failures: true
          run_smoke_tests: ${{ github.ref != 'refs/heads/staging' && github.base_ref != 'staging' && github.ref != 'refs/heads/master' && github.base_ref != 'master' }}
          TENDERLY_FORK_ID: ${{ secrets.TENDERLY_FORK_ID }}
          DEVOPS_CHANNEL_WEBHOOK_URL: ${{ secrets.DEVOPS_CHANNEL_WEBHOOK_URL }}
          S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
          S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}

      - name: "Set PR status as ${{ job.status }}"
        if: ${{ (success() || failure()) && steps.findPr.outputs.number }}
        uses: 0chain/actions/set-pr-status@master
        with:
          pr_number: ${{ steps.findPr.outputs.pr }}
          description: "System tests with default config ${{ job.status }}"
          state: ${{ job.status }}
          repository: ${{ github.repository }}
          status_name: "0Chain System Tests"
          target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
          github_token: ${{ github.token }}