-
Notifications
You must be signed in to change notification settings - Fork 137
144 lines (128 loc) · 4.36 KB
/
build-containers.yml
File metadata and controls
144 lines (128 loc) · 4.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Build images
on:
schedule:
- cron: "15 0 * * *"
workflow_dispatch:
jobs:
build-container:
if: ${{ github.repository == 'bilby-dev/bilby' }}
permissions:
contents: read
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["11", "12", "13"]
env:
LABEL: ghcr.io/${{ github.repository }}-python3${{ matrix.python-version }}
IMAGE_ARCHIVE: bilby-python3${{ matrix.python-version }}.tar
steps:
- uses: actions/checkout@v4
- name: Remove unnecessary files
run: |
df . -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
df . -h
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image archive
uses: docker/build-push-action@v6
with:
context: .
build-args: |
python_minor_version=${{ matrix.python-version }}
ENV_FILE=containers/environment.yml
push: false
file: containers/Dockerfile
tags: ${{ env.LABEL }}:latest
outputs: type=docker,dest=/tmp/${{ env.IMAGE_ARCHIVE }}
cache-from: type=gha,scope=bilby-python3${{ matrix.python-version }}
cache-to: type=gha,scope=bilby-python3${{ matrix.python-version }},mode=max
- name: Upload Docker image archive
uses: actions/upload-artifact@v4
with:
name: bilby-python3${{ matrix.python-version }}-image
path: /tmp/${{ env.IMAGE_ARCHIVE }}
if-no-files-found: error
test-container:
if: ${{ github.repository == 'bilby-dev/bilby' }}
needs: build-container
permissions:
contents: read
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["11", "12", "13"]
env:
LABEL: ghcr.io/${{ github.repository }}-python3${{ matrix.python-version }}
IMAGE_ARCHIVE: bilby-python3${{ matrix.python-version }}.tar
steps:
- uses: actions/checkout@v4
- name: Download Docker image archive
uses: actions/download-artifact@v4
with:
name: bilby-python3${{ matrix.python-version }}-image
path: /tmp
- name: Load Docker image
run: docker load --input /tmp/${{ env.IMAGE_ARCHIVE }}
- name: Smoke test and import checks
run: |
docker run --rm \
-v "$PWD:/workspaces/bilby" \
-w /workspaces/bilby \
${{ env.LABEL }}:latest \
bash -lc '
set -e
python -m pip install -e .
bilby_result --help
bash test/ci_test_imports.sh
for script in $(pip show -f bilby | grep "bin\/" | xargs -I {} basename {}); do
${script} --help;
done
'
push-container:
if: ${{ github.repository == 'bilby-dev/bilby' }}
needs: test-container
permissions:
attestations: write
contents: read
id-token: write
packages: write
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: ["11", "12", "13"]
env:
LABEL: ghcr.io/${{ github.repository }}-python3${{ matrix.python-version }}
IMAGE_ARCHIVE: bilby-python3${{ matrix.python-version }}.tar
steps:
- name: Download Docker image archive
uses: actions/download-artifact@v4
with:
name: bilby-python3${{ matrix.python-version }}-image
path: /tmp
- name: Load Docker image
run: docker load --input /tmp/${{ env.IMAGE_ARCHIVE }}
- name: Login to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker image
id: push
run: |
docker push ${{ env.LABEL }}:latest
digest=$(docker image inspect --format='{{index .RepoDigests 0}}' ${{ env.LABEL }}:latest | sed 's/.*@//')
echo "digest=${digest}" >> "$GITHUB_OUTPUT"
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.LABEL }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true