Manually triggered build of sciplat-lab container #1627
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Manually triggered build of sciplat-lab container | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'EUPS tag of input DM Pipelines Stack container' | |
required: true | |
default: '' | |
supplementary: | |
description: 'Supplementary tag for experimental builds; yields output tag exp_tag_supplementary' | |
required: false | |
default: '' | |
image: | |
description: 'fully-qualified URI for output Docker image' | |
required: false | |
default: 'us-central1-docker.pkg.dev/rubin-shared-services-71ec/sciplat/sciplat-lab,ghcr.io/lsst-sqre/sciplat-lab,docker.io/lsstsqre/sciplat-lab' | |
# someday we will want to remove Docker Hub. | |
push: | |
description: 'push resulting image; make empty or set to a YAML-false string to build but not push' | |
required: false | |
default: 'true' | |
# We need actions/write if we want to do a GH App, and we need | |
# packages/write to push to ghcr.io with GITHUB_TOKEN | |
permissions: | |
actions: write | |
contents: read | |
packages: write | |
statuses: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 100 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: import_inputs | |
shell: bash | |
run: | | |
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV | |
echo "supplementary=${{ github.event.inputs.supplementary }}" >> $GITHUB_ENV | |
echo "image=${{ github.event.inputs.image }}" >> $GITHUB_ENV | |
echo "push=${{ github.event.inputs.push }}">> $GITHUB_ENV | |
- name: parse_env | |
shell: bash | |
run: | | |
case ${{ env.push }} in | |
''|n|N|no|No|NO|false|False|FALSE|off|Off|OFF) | |
echo "target=image" >> $GITHUB_ENV | |
;; | |
*) | |
echo "target=push" >> $GITHUB_ENV | |
;; | |
esac | |
make_args="tag=${{ env.tag }}" | |
if [ -n "${{ env.supplementary }}" ]; then | |
make_args="${make_args} supplementary=${{ env.supplementary }}" | |
fi | |
if [ -n "${{ env.image }}" ]; then | |
make_args="${make_args} image=${{ env.image }}" | |
fi | |
echo "make_args=${make_args}" >> $GITHUB_ENV | |
# env.image may be a comma-separated list of images; we are | |
# thus creating a set of registry-specific variables from the | |
# images in the list | |
split_images=$(echo ${{ env.image }} | tr ',' ' ') | |
for img in ${split_images}; do | |
image_host=$(echo ${img} | cut -d '/' -f 1) | |
# Check for implicit Docker Hub | |
case ${image_host} in | |
*.*) | |
;; | |
*) | |
image_host="docker.io" | |
;; | |
esac | |
case ${image_host} in | |
docker.com | docker.io | *.docker.com | *.docker.io) | |
d_tag="docker_" | |
d_registry="docker.io" | |
d_username="${{ secrets.DOCKER_USERNAME }}" | |
d_password="${{ secrets.DOCKER_TOKEN }}" | |
;; | |
ghcr.io | *.ghcr.io) | |
d_tag="github_" | |
d_registry="ghcr.io" | |
# using secrets.GITHUB_TOKEN fails, saying it doesn't | |
# have write.package, which seems weird. | |
d_username="token" | |
d_password="${{ secrets.GHCR_PUSH_TOKEN}}" | |
;; | |
*-docker.pkg.dev) | |
d_tag="google_" | |
d_registry="${image_host}" | |
d_username="_json_key_base64" | |
d_password="${{ secrets.GAR_PUSH_TOKEN }}" | |
;; | |
*) | |
d_tag="" | |
d_registry="${image_host}" | |
d_username="" | |
d_password="" | |
;; | |
esac | |
echo "${d_tag}registry=${d_registry}" >> $GITHUB_ENV | |
echo "${d_tag}username=${d_username}" >> $GITHUB_ENV | |
echo "${d_tag}password=${d_password}" >> $GITHUB_ENV | |
done | |
# Only bother logging in to a given site if we're going to push the | |
# container and we have credentials | |
- name: Log in to Docker Hub repository | |
if: >- | |
((env.target == 'push') && | |
(env.docker_registry != '') && | |
(env.docker_username != '') && | |
(env.docker_password != '')) | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.docker_registry }} | |
username: ${{ env.docker_username }} | |
password: ${{ env.docker_password }} | |
- name: Log in to GitHub Container Registry | |
if: >- | |
((env.target == 'push') && | |
(env.github_registry != '') && | |
(env.github_username != '') && | |
(env.github_password != '')) | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.github_registry }} | |
username: ${{ env.github_username }} | |
password: ${{ env.github_password }} | |
- name: Log in to Google Artifact Registry | |
if: >- | |
((env.target == 'push') && | |
(env.google_registry != '') && | |
(env.google_username != '') && | |
(env.google_password != '')) | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.google_registry }} | |
username: ${{ env.google_username }} | |
password: ${{ env.google_password }} | |
- name: build | |
shell: bash | |
run: | | |
make ${{ env.make_args }} ${{ env.target }} | |