scheduled #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy image to GHCR ๐ช | |
env: | |
REGISTRY: ghcr.io | |
PLATFORMS: linux/amd64,linux/arm64 | |
on: | |
repository_dispatch: | |
types: | |
- scheduled | |
workflow_dispatch: | |
inputs: | |
origin: | |
description: DockerHub org or username where the base image is located | |
required: true | |
type: choice | |
default: "julia" | |
options: | |
- "julia" | |
source_image_tag: | |
description: Source image tag | |
required: true | |
type: choice | |
default: "1.10-bookworm" | |
options: | |
- "1.10-bookworm" | |
destination_image_name: | |
description: | | |
Destination image name, will be available as | |
ghcr.io/insightsengineering/destination_image_name | |
required: true | |
type: choice | |
default: "julia-vscode" | |
options: | |
- "julia-vscode" | |
- "julia" | |
tag: | |
description: | | |
Destination image tag. Defaults to current date in the `YYYY.MM.DD` | |
format if unspecified. | |
required: true | |
type: choice | |
default: "1.10-bookworm" | |
options: | |
- "1.10-bookworm" | |
tag_latest: | |
description: Tag image as `latest` | |
default: false | |
type: boolean | |
release_tag: | |
description: | | |
Release tag to which SBOM generated for image should be attached. | |
Release tags follow the `YYYY.MM.DD` format. | |
This must be specified if you want to upload artifacts to the release. | |
required: false | |
default: '' | |
jobs: | |
normalize-inputs: | |
name: Normalize inputs ๐งน | |
runs-on: ubuntu-latest | |
steps: | |
- name: Normalize ๐งฝ | |
id: normalizer | |
run: | | |
function normalize() { | |
local var=$1 | |
if [ "$var" == "" ] | |
then { | |
var=$2 | |
} | |
fi | |
echo ${var} | |
} | |
ORIGIN=$(normalize ${{ github.event.inputs.origin }} ${{ github.event.client_payload.origin }}) | |
SOURCE_IMAGE_TAG=$(normalize ${{ github.event.inputs.source_image_tag }} ${{ github.event.client_payload.source_image_tag }}) | |
DESTINATION_IMAGE_NAME=$(normalize ${{ github.event.inputs.destination_image_name }} ${{ github.event.client_payload.destination_image_name }}) | |
TAG=$(normalize ${{ github.event.inputs.tag }} ${{ github.event.client_payload.tag }}) | |
TAG_LATEST=$(normalize ${{ github.event.inputs.tag_latest }} ${{ github.event.client_payload.tag_latest }}) | |
RELEASE_TAG=$(normalize ${{ github.event.inputs.release_tag }} ${{ github.event.client_payload.release_tag }}) | |
echo "ORIGIN=$ORIGIN" >> $GITHUB_OUTPUT | |
echo "SOURCE_IMAGE_TAG=$SOURCE_IMAGE_TAG" >> $GITHUB_OUTPUT | |
echo "DESTINATION_IMAGE_NAME=$DESTINATION_IMAGE_NAME" >> $GITHUB_OUTPUT | |
echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
echo "TAG_LATEST=$TAG_LATEST" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT | |
shell: bash | |
outputs: | |
origin: ${{ steps.normalizer.outputs.ORIGIN }} | |
source_image_tag: ${{ steps.normalizer.outputs.SOURCE_IMAGE_TAG }} | |
destination_image_name: ${{ steps.normalizer.outputs.DESTINATION_IMAGE_NAME }} | |
tag: ${{ steps.normalizer.outputs.TAG }} | |
tag_latest: ${{ steps.normalizer.outputs.TAG_LATEST }} | |
release_tag: ${{ steps.normalizer.outputs.RELEASE_TAG }} | |
build: | |
runs-on: ubuntu-latest | |
needs: normalize-inputs | |
name: Build & Deploy ๐ ${{ needs.normalize-inputs.outputs.destination_image_name }}:${{ needs.normalize-inputs.outputs.tag }} | |
# Token permissions | |
permissions: | |
contents: read | |
packages: write | |
# Build steps | |
steps: | |
- name: Reclaim Disk Space ๐ฎ | |
uses: insightsengineering/disk-space-reclaimer@v1 | |
with: | |
tools-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: false | |
docker-images: true | |
- name: Checkout repository ๐ณ | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx ๐ณ | |
uses: docker/setup-buildx-action@v3 | |
id: buildx | |
with: | |
install: true | |
- name: Set up QEMU ๐ฆค | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: ${{ env.PLATFORMS }} | |
- name: Cache Docker layers โป๏ธ | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }}-${{ needs.normalize-inputs.outputs.tag }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }}-${{ needs.normalize-inputs.outputs.tag }} | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }} | |
${{ runner.os }}-buildx- | |
- name: Log in to the Container registry ๐ | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set build variables ๐ | |
id: build_vars | |
run: | | |
# Set default tag as 'YYYY.MM.DD' date if it isn't set | |
tag="${{ needs.normalize-inputs.outputs.tag }}" | |
if [ "${tag}" == "" ] | |
then { | |
tag=$(date +%Y.%m.%d) | |
} | |
fi | |
tag_latest="${{ needs.normalize-inputs.outputs.tag_latest }}" | |
image_name="${{ needs.normalize-inputs.outputs.destination_image_name }}" | |
# Set full image name | |
full_names="${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:${tag}" | |
echo "OUTPUT_IMAGE_NAME=${full_names}" >> $GITHUB_OUTPUT | |
if [ "${tag_latest}" == "true" ] | |
then | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:latest" | |
fi | |
echo "FULL_NAMES=${full_names}" >> $GITHUB_OUTPUT | |
echo "FULL_NAMES=${full_names}" | |
# Push the image if we're running for main | |
echo "github.ref = ${{ github.ref }}" | |
if [ "${{ github.ref }}" == 'refs/heads/main' ]; then | |
echo "DOCKER_PUSH=true" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = true" | |
else | |
echo "DOCKER_PUSH=false" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = false" | |
fi | |
echo "SBOM_OUTPUT_FILENAME=$GITHUB_WORKSPACE/sbom.json" >> $GITHUB_OUTPUT | |
- name: Build and push image ๐ | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./ | |
file: Dockerfile | |
push: ${{ steps.build_vars.outputs.DOCKER_PUSH }} | |
tags: ${{ steps.build_vars.outputs.FULL_NAMES }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
build-args: | | |
ORIGIN=${{ needs.normalize-inputs.outputs.origin }} | |
SOURCE_IMAGE_TAG=${{ needs.normalize-inputs.outputs.source_image_tag }} | |
DESTINATION_IMAGE_NAME=${{ needs.normalize-inputs.outputs.destination_image_name }} | |
DESTINATION_IMAGE_TAG=${{ needs.normalize-inputs.outputs.tag }} | |
platforms: ${{ env.PLATFORMS }} | |
- name: Generate image manifest ๐ณ | |
run: | | |
docker manifest inspect ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} > manifest.json | |
- name: Reclaim Disk Space for SBOM Generation ๐ฎ | |
uses: insightsengineering/disk-space-reclaimer@v1 | |
with: | |
tools-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: false | |
docker-images: true | |
- name: Generate SBOM ๐ | |
uses: anchore/sbom-action@v0 | |
with: | |
image: "${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}" | |
output-file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
artifact-name: "sbom.spdx" | |
- name: Upload image manifest to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
if: needs.normalize-inputs.outputs.release_tag != '' | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "manifest.json" | |
asset_name: "image.manifest.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Upload SBOM to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
if: needs.normalize-inputs.outputs.release_tag != '' | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
asset_name: "SBOM for ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.spdx.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Move cache โป๏ธ | |
run: | | |
rm -rf /tmp/.buildx-cache | |
if [ -f /tmp/.buildx-cache-new ] | |
then { | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
} | |
fi |