Skip to content

Deploy

Deploy #88

Workflow file for this run

# Copyright 2022, Proofcraft Pt Ltd
#
# SPDX-License-Identifier: BSD-2-Clause
# Build and deploy standard set of docker containers
name: Deploy
on:
push:
branches:
- master
workflow_dispatch:
schedule:
# every Thu at 17:03, i.e. once a week at not-quite a full hour
- cron: "3 17 * * 4"
jobs:
tag:
runs-on: ubuntu-latest
name: Create tag
outputs:
tag: ${{ steps.date.outputs.tag }}
snapshot_date: ${{ steps.date.outputs.snapshot_date }}
steps:
- name: Get date
id: date
run: |
export SNAPSHOT_DATE=$(basename $(curl -ILs -o /dev/null -w %{url_effective} http://snapshot.debian.org/archive/debian/$(date -u +%Y%m%dT%H%M00Z)/) )
echo "snapshot_date=${SNAPSHOT_DATE}" >> $GITHUB_OUTPUT
echo "tag=$(date '+%Y_%m_%d')" >> $GITHUB_OUTPUT
# There is unfortunately no point in parallelising the build of the different
# images, because they depend on each other. So sequential is the best we can do.
# We still split of the l4v build, because the GitHub runner otherwise runs out of
# disk space.
build:
name: Docker
runs-on: ubuntu-latest
needs: tag
env:
TAG: ${{ needs.tag.outputs.tag }}
SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }}
steps:
- uses: actions/checkout@v4
- name: "Build trustworthysystems/sel4"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b sel4
docker tag trustworthysystems/sel4:latest trustworthysystems/sel4:${TAG}
# the following will also build the plain camkes image:
- name: "Build trustworthysystems/camkes-cakeml-rust"
run: |
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b camkes -s cakeml -s rust
docker tag trustworthysystems/camkes:latest trustworthysystems/camkes:${TAG}
docker tag trustworthysystems/camkes-cakeml-rust:latest \
trustworthysystems/camkes-cakeml-rust:${TAG}
- name: Authenticate
if: ${{ github.repository_owner == 'seL4' }}
run: docker login -u ${{secrets.DOCKER_USER}} -p ${{secrets.DOCKER_TOKEN}}
- name: "Push trustworthysystems/sel4"
if: ${{ github.repository_owner == 'seL4' }}
run: |
docker push trustworthysystems/sel4:${TAG}
docker tag trustworthysystems/sel4:${TAG} trustworthysystems/sel4:latest
docker push trustworthysystems/sel4:latest
- name: "Push trustworthysystems/camkes"
if: ${{ github.repository_owner == 'seL4' }}
run: |
docker push trustworthysystems/camkes:${TAG}
docker tag trustworthysystems/camkes:${TAG} trustworthysystems/camkes:latest
docker push trustworthysystems/camkes:latest
- name: "Push trustworthysystems/camkes-cakeml-rust"
if: ${{ github.repository_owner == 'seL4' }}
run: |
docker push trustworthysystems/camkes-cakeml-rust:${TAG}
docker tag trustworthysystems/camkes-cakeml-rust:${TAG} \
trustworthysystems/camkes-cakeml-rust:latest
docker push trustworthysystems/camkes-cakeml-rust:latest
build-l4v:
name: Docker (l4v)
runs-on: ubuntu-latest
needs: [tag, build]
env:
TAG: ${{ needs.tag.outputs.tag }}
SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }}
steps:
- uses: actions/checkout@v4
- name: "Build trustworthysystems/l4v"
run: |
docker pull trustworthysystems/camkes:${TAG}
./build.sh -e SNAPSHOT_DATE=${SNAPSHOT_DATE} -v -b l4v
docker tag trustworthysystems/l4v:latest trustworthysystems/l4v:${TAG}
- name: Authenticate
if: ${{ github.repository_owner == 'seL4' }}
run: docker login -u ${{secrets.DOCKER_USER}} -p ${{secrets.DOCKER_TOKEN}}
- name: "Push trustworthysystems/l4v"
if: ${{ github.repository_owner == 'seL4' }}
run: |
docker push trustworthysystems/l4v:${TAG}
docker tag trustworthysystems/l4v:${TAG} trustworthysystems/l4v:latest
docker push trustworthysystems/l4v:latest