Bump urllib3 from 2.6.3 to 2.7.0 #66
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish a Docker image | |
| on: [push, workflow_dispatch] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| # Two parallel tag sets. `dev` is the default (no suffix, e.g. `:latest`, | |
| # `:develop`); `runtime` carries a `-runtime` suffix. | |
| - name: Tags — dev (default) | |
| id: meta-dev | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Tags — runtime | |
| id: meta-runtime | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| flavor: | | |
| suffix=-runtime,onlatest=true | |
| # Build runtime first (smaller, used to smoke-test pipeline binaries) | |
| - name: Build runtime (load) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| target: runtime | |
| load: true | |
| tags: ${{ steps.meta-runtime.outputs.tags }} | |
| labels: ${{ steps.meta-runtime.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Smoke-test the binaries baked into the runtime image. Catches the | |
| # class of regression where the image builds but a runtime tool | |
| # (sextractor, weightwatcher) is missing or unrunnable. | |
| - name: Test runtime — binaries | |
| run: | | |
| IMAGE=$(echo "${{ steps.meta-runtime.outputs.tags }}" | head -n1) | |
| docker run --rm "$IMAGE" source-extractor --version | |
| docker run --rm "$IMAGE" weightwatcher --version | |
| docker run --rm "$IMAGE" psfex --version | |
| - name: Test runtime — shapepipe entry point | |
| run: | | |
| IMAGE=$(echo "${{ steps.meta-runtime.outputs.tags }}" | head -n1) | |
| docker run --rm "$IMAGE" shapepipe_run -c /app/example/config.ini | |
| # Build dev (reuses cached `base` layer) | |
| - name: Build dev (load) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| target: dev | |
| load: true | |
| tags: ${{ steps.meta-dev.outputs.tags }} | |
| labels: ${{ steps.meta-dev.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Verify the dev-only additions are present and runnable. | |
| - name: Test dev — interactive tools and test extras | |
| run: | | |
| IMAGE=$(echo "${{ steps.meta-dev.outputs.tags }}" | head -n1) | |
| docker run --rm "$IMAGE" vim --version | head -n1 | |
| docker run --rm "$IMAGE" rg --version | head -n1 | |
| docker run --rm "$IMAGE" pytest --version | |
| # Push both targets | |
| - name: Push runtime | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| target: runtime | |
| push: true | |
| tags: ${{ steps.meta-runtime.outputs.tags }} | |
| labels: ${{ steps.meta-runtime.outputs.labels }} | |
| cache-from: type=gha | |
| - name: Push dev | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| target: dev | |
| push: true | |
| tags: ${{ steps.meta-dev.outputs.tags }} | |
| labels: ${{ steps.meta-dev.outputs.labels }} | |
| cache-from: type=gha |