-
Notifications
You must be signed in to change notification settings - Fork 5
108 lines (101 loc) · 4.01 KB
/
build_images.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: docker_images
on:
push:
pull_request:
schedule: [{cron: "14 14 * * TUE"}] # Every Tuesday at 14:14
jobs:
setup:
if: github.event_name != 'pull_request' || !contains('OWNER,MEMBER,COLLABORATOR', github.event.pull_request.author_association)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }} # fix SHA
- name: List all images
id: metadata
run: |
echo "images=$(
find -name Dockerfile | sed -r 's#\./(.+)/Dockerfile#\1#g' | jq -Rsc 'split("\n")[:-1]'
)" >> $GITHUB_OUTPUT
echo "apptainer-images=$(
find -name apptainer.def | sed -r 's#\./(.+)(\/apptainer\.def)#\1#g' | jq -Rsc 'split("\n")[:-1]'
)" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
outputs:
images: ${{ steps.metadata.outputs.images }}
apptainer-images: ${{ steps.metadata.outputs.apptainer-images }}
sha: ${{ steps.metadata.outputs.sha_short }}
build:
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: ${{ fromJson(needs.setup.outputs.images) }}
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- name: Login to DockerHub # increase pull rate limit
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Harbor
uses: docker/login-action@v2
with:
registry: harbor.stfc.ac.uk
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_TOKEN }}
- name: Build & push to prod
if: ${{ github.ref == 'refs/heads/master' }}
uses: docker/build-push-action@v3
with:
push: true
context: "{{defaultContext}}:${{ matrix.image }}"
tags: "harbor.stfc.ac.uk/stfc-cloud/${{ matrix.image }}:latest"
- name: Build & push to staging
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/build-push-action@v3
with:
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
context: "{{defaultContext}}:${{ matrix.image }}"
tags: "harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}"
- name: Inform of tagged name
if: ${{ github.ref != 'refs/heads/master' }}
run: echo "::notice title=published::harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}"
build-apptainer:
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: ${{ fromJson(needs.setup.outputs.apptainer-images) }}
permissions:
contents: read
packages: write
container:
image: quay.io/singularity/singularity:v3.8.1
options: --privileged
name: Build apptainer and push to prod
steps:
- name: Check out code for the container builds
uses: actions/checkout@v2
- name: Build apptainer & push to prod
if: ${{ github.ref == 'refs/heads/master' }}
run: |
singularity build container.sif ${{ matrix.image }}/apptainer.def
singularity push container.sif harbor.stfc.ac.uk/stfc-cloud/${{ matrix.image }}:${{ needs.setup.outputs.sha }}
- name: Build apptainer & push to staging
if: ${{ github.ref != 'refs/heads/master' }}
run: |
singularity build container.sif ${{ matrix.image }}/apptainer.def
singularity push container.sif harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}
- name: Inform of tagged name apptainer
if: ${{ github.ref != 'refs/heads/master' }}
run: echo "::notice title=published::harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}"
finished: # convenient single job name to apply branch protection to
needs: build
runs-on: ubuntu-latest
steps: [{run: true}]