evstack · auricom · Nov 10, 2025 · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,79 @@
+name: CI
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  merge_group:
+
+jobs:
+  determine-image-tag:
+    name: Determine Image Tag
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      tag: ${{ steps.set-tag.outputs.tag }}
+    steps:
+      - name: Set image tag
+        id: set-tag
+        run: |
+          if [ -n "${{ github.event.pull_request.number }}" ]; then
+            TAG="pr-${{ github.event.pull_request.number }}"
+            echo "::notice::Using PR-based tag: $TAG"
+          else
+            # Sanitize ref_name by replacing / with -
+            TAG="${{ github.ref_name }}"
+            TAG="${TAG//\//-}"
+            echo "::notice::Using branch/tag-based tag: $TAG"
+          fi
+
+          # Validate tag format
+          if [[ ! "$TAG" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+            echo "::error::Invalid image tag format: $TAG"
+            exit 1
+          fi
+
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+
+  lint:
+    permissions:
+      contents: read
+    uses: ./.github/workflows/lint.yml
+
+  docker:
+    needs: determine-image-tag
+    uses: ./.github/workflows/docker.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+    with:
+      image-tag: ${{ needs.determine-image-tag.outputs.tag }}
+      apps: |
+        [
+          {"name": "ev-node-evm-single", "dockerfile": "apps/evm/single/Dockerfile"},
+        ]
+
+  test:
+    needs: determine-image-tag
+    permissions:
+      contents: read
+    uses: ./.github/workflows/test.yml
+    secrets: inherit
+    with:
+      image-tag: ${{ needs.determine-image-tag.outputs.tag }}
+
+  docker-tests:
+    needs: [determine-image-tag, docker]
+    uses: ./.github/workflows/docker-tests.yml
+    secrets: inherit
+    permissions:
+      contents: read
+    with:
+      image-tag: ${{ needs.determine-image-tag.outputs.tag }}
+
+  proto:
+    permissions:
+      contents: read
+    uses: ./.github/workflows/proto.yml
diff --git a/.github/workflows/ci_release.yml b/.github/workflows/ci_release.yml
diff --git a/.github/workflows/docker-tests.yml b/.github/workflows/docker-tests.yml
@@ -0,0 +1,51 @@
+# Docker E2E Tests workflow
+# This workflow runs tests that require Docker images to be built first
+name: Docker E2E Tests
+permissions: {}
+on:
+  workflow_call:
+    inputs:
+      image-tag:
+        required: true
+        type: string
+  workflow_dispatch:
+    inputs:
+      image-tag:
+        description: 'Docker image tag to use for tests (e.g., v1.2.3, pr-123, sha-abc123)'
+        required: true
+        type: string
+
+jobs:
+  docker-tests:
+    permissions:
+      contents: read
+    name: Docker E2E Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: set up go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: ./test/docker-e2e/go.mod
+      - name: Run Docker E2E Tests
+        run: make test-docker-e2e
+        env:
+          EV_NODE_IMAGE_REPO: ghcr.io/${{ github.repository }}
+          EV_NODE_IMAGE_TAG: ${{ inputs.image-tag }}
+
+  docker-upgrade-tests:
+    name: Docker Upgrade E2E Tests
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: set up go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: ./test/docker-e2e/go.mod
+      - name: Run Docker Upgrade E2E Tests
+        run: make test-docker-upgrade-e2e
+        env:
+          EVM_SINGLE_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/ev-node-evm-single
+          EVM_SINGLE_NODE_IMAGE_TAG: ${{ inputs.image-tag }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,50 @@
+# Docker Images Build workflow
+# This workflow builds and pushes Docker images to GHCR
+name: Build Docker Images
+permissions: {}
+on:
+  workflow_call:
+    inputs:
+      image-tag:
+        required: true
+        type: string
+        description: 'Docker image tag (e.g., v1.2.3, pr-123, sha-abc123)'
+      apps:
+        required: true
+        type: string
+        description: 'JSON array of apps to build (e.g., [{"name": "testapp", "dockerfile": "apps/testapp/Dockerfile"}])'
+
+jobs:
+  build-images:
+    name: Build ${{ matrix.app.name }}
+    # skip building images for merge groups as they are already built on PRs and main
+    if: github.event_name != 'merge_group'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        app: ${{ fromJson(inputs.apps) }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push ${{ matrix.app.name }} Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.app.dockerfile }}
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.app.name }}:${{ inputs.image-tag }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,113 @@
+name: Release
+on:
+  push:
+    tags:
+      - '**/v*.*.*'  # Matches tags like evm/single/v0.2.0, testapp/v0.4.0, etc.
+
+jobs:
+  parse-tag:
+    name: Parse Release Tag
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      app-path: ${{ steps.parse.outputs.app-path }}
+      version: ${{ steps.parse.outputs.version }}
+      image-name: ${{ steps.parse.outputs.image-name }}
+      dockerfile: ${{ steps.parse.outputs.dockerfile }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Parse tag and validate app
+        id: parse
+        run: |
+          TAG="${{ github.ref_name }}"
+          echo "Processing tag: $TAG"
+
+          # Extract version (everything after the last /)
+          VERSION="${TAG##*/}"
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+          # Extract app path (everything before the last /)
+          APP_PATH="${TAG%/*}"
+          echo "app-path=$APP_PATH" >> $GITHUB_OUTPUT
+
+          # Check if the app directory exists in ./apps/
+          if [ ! -d "apps/$APP_PATH" ]; then
+            echo "::error::App directory 'apps/$APP_PATH' does not exist"
+            exit 1
+          fi
+
+          # Check if Dockerfile exists
+          if [ ! -f "apps/$APP_PATH/Dockerfile" ]; then
+            echo "::error::Dockerfile not found in 'apps/$APP_PATH/'"
+            exit 1
+          fi
+
+          echo "dockerfile=apps/$APP_PATH/Dockerfile" >> $GITHUB_OUTPUT
+
+          # Generate image name from app path (replace / with -)
+          IMAGE_NAME="ev-node-${APP_PATH//\//-}"
+          echo "image-name=$IMAGE_NAME" >> $GITHUB_OUTPUT
+
+          echo "::notice::Building $IMAGE_NAME version $VERSION from apps/$APP_PATH"
+
+  build-and-push:
+    name: Build and Push Docker Image
+    needs: parse-tag
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ needs.parse-tag.outputs.dockerfile }}
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/${{ needs.parse-tag.outputs.image-name }}:${{ needs.parse-tag.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/${{ needs.parse-tag.outputs.image-name }}:latest
+
+  create-release:
+    name: Create GitHub Release
+    needs: [parse-tag, build-and-push]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name }}
+          release_name: ${{ needs.parse-tag.outputs.app-path }} ${{ needs.parse-tag.outputs.version }}
+          body: |
+            Release of **${{ needs.parse-tag.outputs.app-path }}** version **${{ needs.parse-tag.outputs.version }}**
+
+            ## Docker Image
+            ```
+            docker pull ghcr.io/${{ github.repository_owner }}/${{ needs.parse-tag.outputs.image-name }}:${{ needs.parse-tag.outputs.version }}
+            ```
+          draft: false
+          prerelease: false