-
Notifications
You must be signed in to change notification settings - Fork 2
152 lines (145 loc) · 5.34 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Manually triggered build of sciplat-lab container
on:
workflow_dispatch:
inputs:
tag:
description: 'EUPS tag of input DM Pipelines Stack container'
required: true
default: ''
supplementary:
description: 'Supplementary tag for experimental builds; yields output tag exp_tag_supplementary'
required: false
default: ''
image:
description: 'fully-qualified URI for output Docker image'
required: false
default: 'docker.io/lsstsqre/sciplat-lab,us-central1-docker.pkg.dev/rubin-shared-services-71ec/sciplat/sciplat-lab'
# someday we will want to add 'ghcr.io/lsst-sqre/sciplat-lab'
push:
description: 'push resulting image; make empty or set to a YAML-false string to build but not push'
required: false
default: 'true'
# We need actions/write if we want to do a GH App, and we need
# packages/write to push to ghcr.io with GITHUB_TOKEN (currently not
# working, under investigation)
permissions:
actions: write
contents: read
packages: write
statuses: read
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 100
steps:
- name: checkout
uses: actions/checkout@v2
- name: import_inputs
shell: bash
run: |
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
echo "supplementary=${{ github.event.inputs.supplementary }}" >> $GITHUB_ENV
echo "image=${{ github.event.inputs.image }}" >> $GITHUB_ENV
echo "push=${{ github.event.inputs.push }}">> $GITHUB_ENV
- name: parse_env
shell: bash
run: |
case ${{ env.push }} in
''|n|N|no|No|NO|false|False|FALSE|off|Off|OFF)
echo "target=image" >> $GITHUB_ENV
;;
*)
echo "target=push" >> $GITHUB_ENV
;;
esac
make_args="tag=${{ env.tag }}"
if [ -n "${{ env.supplementary }}" ]; then
make_args="${make_args} supplementary=${{ env.supplementary }}"
fi
if [ -n "${{ env.image }}" ]; then
make_args="${make_args} image=${{ env.image }}"
fi
echo "make_args=${make_args}" >> $GITHUB_ENV
# env.image may be a comma-separated list of images; we are
# thus creating a set of registry-specific variables from the
# images in the list
split_images=$(echo ${{ env.image }} | tr ',' ' ')
for img in ${split_images}; do
image_host=$(echo ${img} | cut -d '/' -f 1)
# Check for implicit Docker Hub
case ${image_host} in
*.*)
;;
*)
image_host="docker.io"
;;
esac
case ${image_host} in
docker.com | docker.io | *.docker.com | *.docker.io)
d_tag="docker_"
d_registry="docker.io"
d_username="${{ secrets.DOCKER_USERNAME }}"
d_password="${{ secrets.DOCKER_TOKEN }}"
;;
ghcr.io | *.ghcr.io)
d_tag="github_"
d_registry="ghcr.io"
d_username="token"
d_password="${{ secrets.GHCR_PUSH_TOKEN}}"
;;
*-docker.pkg.dev)
d_tag="google_"
d_registry="${image_host}"
d_username="_json_key_base64"
d_password="${{ secrets.GAR_PUSH_TOKEN }}"
;;
*)
d_tag=""
d_registry="${image_host}"
d_username=""
d_password=""
;;
esac
echo "${d_tag}registry=${d_registry}" >> $GITHUB_ENV
echo "${d_tag}username=${d_username}" >> $GITHUB_ENV
echo "${d_tag}password=${d_password}" >> $GITHUB_ENV
done
# Only bother logging in to a given site if we're going to push the
# container and we have credentials
- name: Log in to Docker Hub repository
if: >-
((env.target == 'push') &&
(env.docker_registry != '') &&
(env.docker_username != '') &&
(env.docker_password != ''))
uses: docker/login-action@v1
with:
registry: ${{ env.docker_registry }}
username: ${{ env.docker_username }}
password: ${{ env.docker_password }}
- name: Log in to GitHub Container Registry
if: >-
((env.target == 'push') &&
(env.github_registry != '') &&
(env.github_username != '') &&
(env.github_password != ''))
uses: docker/login-action@v1
with:
registry: ${{ env.github_registry }}
username: ${{ env.github_username }}
password: ${{ env.github_password }}
- name: Log in to Google Artifact Registry
if: >-
((env.target == 'push') &&
(env.google_registry != '') &&
(env.google_username != '') &&
(env.google_password != ''))
uses: docker/login-action@v1
with:
registry: ${{ env.google_registry }}
username: ${{ env.google_username }}
password: ${{ env.google_password }}
- name: build
shell: bash
run: |
make ${{ env.make_args }} ${{ env.target }}