Merge branch 'dev' of github.com:maticnetwork/polygon-token-list into SPEC-889-github-workflow-for-docker-publish

sshrihar · sshrihar · commit 160fae08058d · 2025-02-10T20:54:06.000+04:00
diff --git a/.github/workflows/docker_publish_gcp.yaml b/.github/workflows/docker_publish_gcp.yaml
@@ -0,0 +1,94 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: false
+        type: string
+        default: "staging"
+      core_app:
+        required: true
+        type: string
+        description: "Core App Name"
+        default: "api-polygon-tokens"
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  REGISTRY: europe-west2-docker.pkg.dev/prj-polygonlabs-shared-prod/polygonlabs-docker-prod
+  IMAGE_NAME: ${{ inputs.core_app }}-${{ inputs.environment }}
+  OIDC_PROVIDER: projects/23849419004/locations/global/workloadIdentityPools/polygonlabs-shared-prod/providers/oidc-shared-prod
+  OIDC_SERVICE_ACCOUNT: shared-prod-oidc-sa@prj-polygonlabs-shared-prod.iam.gserviceaccount.com
+
+jobs:
+  docker-release:
+    name: Build and push docker image to GitHub Container Registry
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: 18.16.1
+
+      - name: Cache dependencies
+        id: cache
+        uses: actions/cache@v3
+        with:
+          path: ./node_modules
+          key: modules-${{ hashFiles('package-lock.json') }}
+          restore-keys: |
+            modules-${{ hashFiles('package-lock.json') }}-
+
+      - name: Check cache hit
+        id: check_cache
+        if: steps.cache.outcome != 'failure'
+        run: echo "cache_hit=${{ steps.cache.outputs.cache-hit == 'true' }}" >> $GITHUB_OUTPUT
+
+      - name: Install dependencies
+        if: steps.check_cache.outputs.cache_hit != 'true'
+        run: npm ci
+
+      - name: Build tokenlists
+        run: npm run build
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Authenticate with GCP via OIDC
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: ${{ env.OIDC_PROVIDER }}
+          service_account: ${{ env.OIDC_SERVICE_ACCOUNT }}
+
+      - name: Configure Artifact Registry authentication
+        run: |
+          echo '{"credHelpers": {"europe-west2-docker.pkg.dev": "gcloud"}}' > ~/.docker/config.json
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          flavor: |
+            latest=false
+
+      - name: Push to GCP Artifact Registry
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
