-
Notifications
You must be signed in to change notification settings - Fork 241
136 lines (128 loc) · 5.14 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Docker
# initially we would us on: [release] as well, the problem is that
# the code in clowder would not know what branch the code is in,
# and would not set the right version flags.
# This will run when:
# - when new code is pushed to master/develop to push the tags
# latest and develop
# - when a pull request is created and updated to make sure the
# Dockerfile is still valid.
# To be able to push to dockerhub, this expects the following
# secrets to be set in the project:
# - DOCKERHUB_USERNAME : username that can push to the org
# - DOCKERHUB_PASSWORD : password asscoaited with the username
on:
push:
branches:
- master
- develop
pull_request:
merge_group:
issue_comment:
types:
- created
workflow_dispatch:
# Certain actions will only run when this is the master repo.
env:
MASTER_REPO: PecanProject/pecan
DOCKERHUB_ORG: pecan
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
jobs:
docker:
if: github.event_name != 'issue_comment' || startsWith(github.event.comment.body, '/build')
runs-on: ubuntu-latest
steps:
- name: Work around https://github.com/actions/checkout/issues/766
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4
with:
set-safe-directory: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker
buildkitd-flags: --debug
install: true
# calculate some variables that are used later
- name: get version tag
run: |
BRANCH=${GITHUB_REF##*/}
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
if [ "$BRANCH" == "master" ]; then
version="$(awk '/Version:/ { print $2 }' base/all/DESCRIPTION)"
tags="latest"
oldversion=""
while [ "${oldversion}" != "${version}" ]; do
oldversion="${version}"
tags="${tags},${version}"
version=${version%.*}
done
echo "PECAN_VERSION=$(awk '/Version:/ { print $2 }' base/all/DESCRIPTION)" >> $GITHUB_ENV
echo "PECAN_TAGS=${tags}" >> $GITHUB_ENV
elif [ "$BRANCH" == "develop" ]; then
echo "PECAN_VERSION=develop" >> $GITHUB_ENV
echo "PECAN_TAGS=develop" >> $GITHUB_ENV
else
echo "PECAN_VERSION=develop" >> $GITHUB_ENV
echo "PECAN_TAGS=develop" >> $GITHUB_ENV
fi
# If any dependencies changed in this PR, try to update depends image
- name: check for changed dependencies
uses: dorny/paths-filter@v3
id: findchanges
with:
filters: |
deps:
- docker/depends/**
- if: steps.findchanges.outputs.deps == 'true'
# NB: GITHUB_BASE_REF is only set on pull requests,
# so non-PR builds will find no existing tag and build fresh
run: |
if $(docker manifest inspect pecan/depends:${GITHUB_BASE_REF##*/} > /dev/null 2>&1); then
echo "UPDATE_DEPENDS_FROM_TAG=${GITHUB_BASE_REF##*/}" >> $GITHUB_ENV
else
echo "BUILD_DEPENDS_FRESH=true" >> GITHUB_ENV
fi
env:
GITHUB_BASE_REF: ${{ github.base_ref }}
# use shell script to build, there is some complexity in this
- name: create images
run: ./docker.sh -i github
env:
PECAN_GIT_CHECKSUM: ${{ github.sha }}
PECAN_GIT_BRANCH: ${GITHUB_BRANCH}
VERSION: ${{ env.PECAN_VERSION }}
UPDATE_DEPENDS_FROM_TAG: ${{ env.UPDATE_DEPENDS_FROM_TAG }}
BUILD: ${{ env.BUILD_DEPENDS_FRESH }}
# push all images to github
- name: Publish to GitHub
if: github.event_name == 'push' && github.repository == env.MASTER_REPO
run: |
echo "${INPUT_PASSWORD}" | docker login -u ${INPUT_USERNAME} --password-stdin ${INPUT_REGISTRY}
repo=$(echo ${{ github.repository_owner }} | tr 'A-Z' 'a-z')
for image in $(docker image ls pecan/*:github --format "{{ .Repository }}"); do
for v in ${PECAN_TAGS}; do
docker tag ${image}:github ${INPUT_REGISTRY}/${repo}/${image#pecan/}:${v}
docker push ${INPUT_REGISTRY}/${repo}/${image#pecan/}:${v}
done
done
docker logout
env:
INPUT_REGISTRY: ghcr.io
INPUT_USERNAME: ${{ secrets.GHCR_USERNAME }}
INPUT_PASSWORD: ${{ secrets.GHCR_PASSWORD }}
# push all images to dockerhub
- name: Publish to DockerHub
if: github.event_name == 'push' && github.repository == env.MASTER_REPO
run: |
echo "${INPUT_PASSWORD}" | docker login -u ${INPUT_USERNAME} --password-stdin
for image in $(docker image ls pecan/*:github --format "{{ .Repository }}"); do
for v in ${PECAN_TAGS}; do
docker tag ${image}:github ${{ env.DOCKERHUB_ORG }}/${image#pecan/}:${v}
docker push ${{ env.DOCKERHUB_ORG }}/${image#pecan/}:${v}
done
done
docker logout
env:
INPUT_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
INPUT_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}