Skip to content

Commit

Permalink
chore: move aws key to secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@saiintbrisson
saiintbrisson committed Dec 24, 2024
1 parent 8120422 commit 6dfaeda
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/build-docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,14 @@ jobs:
run: echo "SANITIZED_REF=$(echo "${GITHUB_REF##*/}" | tr '/' '-')" >> $GITHUB_ENV

- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
push: true
build-args: |
secret-envs: |
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
build-args: |
SCCACHE_BUCKET=torus-substrate-cache
SCCACHE_ENDPOINT=${{ secrets.SCCACHE_ENDPOINT }}
SCCACHE_REGION=auto
Expand Down
9 changes: 5 additions & 4 deletions docker/node.dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
FROM debian:12-slim AS builder

ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG SCCACHE_BUCKET
ARG SCCACHE_ENDPOINT
ARG SCCACHE_REGION=auto
Expand All @@ -26,7 +24,9 @@ ENV PATH=/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbi
RUN curl https://sh.rustup.rs -sSf | \
sh -s -- -y --profile=minimal --default-toolchain=1.82.0

RUN if [ -n "$AWS_ACCESS_KEY_ID" ]; then \
RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=aws-secret-key,env=AWS_SECRET_ACCESS_KEY \
if [ -n "$AWS_ACCESS_KEY_ID" ]; then \
curl https://github.com/mozilla/sccache/releases/download/v0.9.0/sccache-v0.9.0-x86_64-unknown-linux-musl.tar.gz \
-Lo sccache-v0.9.0-x86_64-unknown-linux-musl.tar.gz && \
tar -xzf sccache-v0.9.0-x86_64-unknown-linux-musl.tar.gz --strip-components=1 \
Expand All @@ -36,7 +36,8 @@ RUN if [ -n "$AWS_ACCESS_KEY_ID" ]; then \
fi && \
cargo build -p torus-node --release --locked

RUN if [ -n "$AWS_ACCESS_KEY_ID" ]; then \
RUN --mount=type=secret,id=aws-key-id,env=AWS_ACCESS_KEY_ID \
if [ -n "$AWS_ACCESS_KEY_ID" ]; then \
./sccache --show-stats; \
fi

Expand Down

0 comments on commit 6dfaeda

Please sign in to comment.