update github CI (#946)

* feat: Configure l2geth Docker pipeline to push latest tag (#831)

* push latest tag

* push latest tag on release published

* use metadata-action to define tags

* test

* push ref name on push tag or push latest tag on publishing release

* update

---------

Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com>

Author: 0xmountaintop

.github/workflows/docker-arm64.yaml

@@ -0,0 +1,41 @@
+name: Docker-arm64
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "tag of this image (suffix -arm64 is added automatically)"
+        required: true
+        type: string
+
+jobs:
+  build-and-push-arm64-image:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch:
+          - aarch64
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Set up QEMU
+        run: |
+          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+          docker buildx create --name multiarch --driver docker-container --use
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build docker image
+        uses: docker/build-push-action@v2
+        with:
+          platforms: linux/arm64
+          context: .
+          file: Dockerfile
+          push: true
+          tags: scrolltech/l2geth:${{inputs.tag}}-arm64

.github/workflows/docker.yaml

@@ -4,6 +4,8 @@ on:
   push:
     tags:
       - '*'
+  release:
+    types: [published]
 
 jobs:
   build-and-push:
@@ -15,6 +17,16 @@ jobs:
       uses: docker/setup-qemu-action@v2
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
+    - name: Extract docker metadata
+      id: meta
+      uses: docker/metadata-action@v3
+      with:
+        images: scrolltech/l2geth
+        tags: |
+          type=ref,event=tag,enable=${{ github.event_name == 'push' }}
+          type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+        flavor: |
+          latest=false
     - name: Login to Docker Hub
       uses: docker/login-action@v2
       with:
@@ -27,6 +39,7 @@ jobs:
         file: Dockerfile
         # push: ${{ startsWith(github.ref, 'refs/tags/') }}
         push: true
-        tags: scrolltech/l2geth:${{github.ref_name}}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
         # cache-from: type=gha,scope=${{ github.workflow }}
         # cache-to: type=gha,scope=${{ github.workflow }}

.github/workflows/semgrep.yml

@@ -0,0 +1,24 @@
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+    - main
+    - master
+    paths:
+    - .github/workflows/semgrep.yml
+  schedule:
+  # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+  - cron: 20 19 * * *
+name: Semgrep
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-20.04
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep ci