-
Notifications
You must be signed in to change notification settings - Fork 2
153 lines (146 loc) · 5.44 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Manually triggered build of sciplat-lab container
on:
workflow_dispatch:
inputs:
tag:
description: 'EUPS tag of input DM Pipelines Stack container'
required: true
default: ''
supplementary:
description: 'Supplementary tag for experimental builds; yields output tag exp_tag_supplementary'
required: false
default: ''
image:
description: 'fully-qualified URI for output Docker image'
required: false
default: 'us-central1-docker.pkg.dev/rubin-shared-services-71ec/sciplat/sciplat-lab,ghcr.io/lsst-sqre/sciplat-lab,docker.io/lsstsqre/sciplat-lab'
# someday we will want to remove Docker Hub.
push:
description: 'push resulting image; make empty or set to a YAML-false string to build but not push'
required: false
default: 'true'
# We need actions/write if we want to do a GH App, and we need
# packages/write to push to ghcr.io with GITHUB_TOKEN
permissions:
actions: write
contents: read
packages: write
statuses: read
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 100
steps:
- name: checkout
uses: actions/checkout@v4
- name: import_inputs
shell: bash
run: |
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
echo "supplementary=${{ github.event.inputs.supplementary }}" >> $GITHUB_ENV
echo "image=${{ github.event.inputs.image }}" >> $GITHUB_ENV
echo "push=${{ github.event.inputs.push }}">> $GITHUB_ENV
- name: parse_env
shell: bash
run: |
case ${{ env.push }} in
''|n|N|no|No|NO|false|False|FALSE|off|Off|OFF)
echo "target=image" >> $GITHUB_ENV
;;
*)
echo "target=push" >> $GITHUB_ENV
;;
esac
make_args="tag=${{ env.tag }}"
if [ -n "${{ env.supplementary }}" ]; then
make_args="${make_args} supplementary=${{ env.supplementary }}"
fi
if [ -n "${{ env.image }}" ]; then
make_args="${make_args} image=${{ env.image }}"
fi
echo "make_args=${make_args}" >> $GITHUB_ENV
# env.image may be a comma-separated list of images; we are
# thus creating a set of registry-specific variables from the
# images in the list
split_images=$(echo ${{ env.image }} | tr ',' ' ')
for img in ${split_images}; do
image_host=$(echo ${img} | cut -d '/' -f 1)
# Check for implicit Docker Hub
case ${image_host} in
*.*)
;;
*)
image_host="docker.io"
;;
esac
case ${image_host} in
docker.com | docker.io | *.docker.com | *.docker.io)
d_tag="docker_"
d_registry="docker.io"
d_username="${{ secrets.DOCKER_USERNAME }}"
d_password="${{ secrets.DOCKER_TOKEN }}"
;;
ghcr.io | *.ghcr.io)
d_tag="github_"
d_registry="ghcr.io"
# using secrets.GITHUB_TOKEN fails, saying it doesn't
# have write.package, which seems weird.
d_username="token"
d_password="${{ secrets.GHCR_PUSH_TOKEN}}"
;;
*-docker.pkg.dev)
d_tag="google_"
d_registry="${image_host}"
d_username="_json_key_base64"
d_password="${{ secrets.GAR_PUSH_TOKEN }}"
;;
*)
d_tag=""
d_registry="${image_host}"
d_username=""
d_password=""
;;
esac
echo "${d_tag}registry=${d_registry}" >> $GITHUB_ENV
echo "${d_tag}username=${d_username}" >> $GITHUB_ENV
echo "${d_tag}password=${d_password}" >> $GITHUB_ENV
done
# Only bother logging in to a given site if we're going to push the
# container and we have credentials
- name: Log in to Docker Hub repository
if: >-
((env.target == 'push') &&
(env.docker_registry != '') &&
(env.docker_username != '') &&
(env.docker_password != ''))
uses: docker/login-action@v3
with:
registry: ${{ env.docker_registry }}
username: ${{ env.docker_username }}
password: ${{ env.docker_password }}
- name: Log in to GitHub Container Registry
if: >-
((env.target == 'push') &&
(env.github_registry != '') &&
(env.github_username != '') &&
(env.github_password != ''))
uses: docker/login-action@v3
with:
registry: ${{ env.github_registry }}
username: ${{ env.github_username }}
password: ${{ env.github_password }}
- name: Log in to Google Artifact Registry
if: >-
((env.target == 'push') &&
(env.google_registry != '') &&
(env.google_username != '') &&
(env.google_password != ''))
uses: docker/login-action@v3
with:
registry: ${{ env.google_registry }}
username: ${{ env.google_username }}
password: ${{ env.google_password }}
- name: build
shell: bash
run: |
make ${{ env.make_args }} ${{ env.target }}