-
Notifications
You must be signed in to change notification settings - Fork 6
130 lines (114 loc) · 4.2 KB
/
_build_image_release.yaml
File metadata and controls
130 lines (114 loc) · 4.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# -*- mode: yaml; coding: utf-8 -*-
#
# Copyright (C) 2023 Benjamin Thomas Schwertfeger
# All rights reserved.
# https://github.com/btschwertfeger
#
# Workflow to build the docker image for master and tag workflows
name: Build and Upload Container Image
on:
workflow_call:
secrets:
DOCKERHUB_USERNAME:
required: true
DOCKERHUB_TOKEN:
required: true
permissions:
packages: write
contents: read
jobs:
Build-and-Push:
name: Build and push container image
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
with:
disable-sudo: true
egress-policy: audit
allowed-endpoints: >
auth.docker.io:443
deb.debian.org:80
files.pythonhosted.org:443
ghcr.io:443
github.com:443
production.cloudflare.docker.com:443
pypi.org:443
registry-1.docker.io:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse
- name: Download the built wheel
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: python-package-distributions
path: dist/
# ========================================================================
# Login to Registries
- name: Log in to Docker Hub
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GitHub Container registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# ========================================================================
# Build Setup
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up QEMU for multi-platform builds
uses: docker/setup-qemu-action@v3
- name: Get current date
id: date
run: echo "date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT
- name: Get version
id: version
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
# Extract version from the built wheel filename
wheel_file=$(ls dist/*.whl | head -1)
version=$(basename "$wheel_file" | sed 's/infinity_grid-\([^-]*\)-.*/\1/')
echo "version=${version}" >> $GITHUB_OUTPUT
fi
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051
with:
images: |
${{ github.repository }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=semver,pattern=v{{major}}.{{minor}}-latest
type=semver,pattern=v{{major}}-latest
# ========================================================================
# Build and Test Docker Image
- name: Build Docker image
uses: docker/build-push-action@v6.18.0
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
build-args: |
VERSION=${{ steps.version.outputs.version }}
CREATE_TIME=${{ steps.date.outputs.date }}
- name: Extract first tag for testing
id: test_tag
env:
TAGS: ${{ steps.meta.outputs.tags }}
run: |
FIRST_TAG=$(echo "$TAGS" | head -n1)
echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT
- name: Test Docker image
run: docker run --rm --entrypoint=infinity-grid ${{ steps.test_tag.outputs.tag }} --help