Try to make deployment repos be strict mirrors of main-repo branches #316
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-docker | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'main' | |
| - 'deploy' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| inputs: | |
| git-ref: | |
| description: 'Git ref (optional)' | |
| required: false | |
| env: | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| IMAGE_NAME: ${{ vars.CTR_IMG_NAME }} # Note: we set this from a repository variable to prevent accidental pushes in forked repos | |
| MAIN_BRANCH: 'master' # pushing to the main branch will update the "edge" tag on the image | |
| ALPHA_BRANCH: 'alpha' # pushing to this branch will update the "alpha" tag on the image | |
| BETA_BRANCH: 'beta' # pushing to this branch will update the "beta" tag on the image | |
| STABLE_BRANCH: 'stable' # pushing to this branch will update the "stable" tag on the image | |
| TAG_PREFIX: 'v' # pushing tags with this prefix will add a version tag to the image and update the "latest" tag on the image | |
| PUSH_IMAGE: ${{ vars.CTR_IMG_NAME != '' && github.event_name != 'merge_group' && ((github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork) || github.event_name == 'push' || github.event_name == 'push tag') }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| variant: | |
| - minimal | |
| - full | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| # Only fetch files we actually need: | |
| fetch-depth: 0 | |
| filter: 'blob:none' | |
| - name: Set up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "20" # FIXME: this is very old and out-of-date. Bump the version! | |
| - name: Use cached ~/.npm | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node | |
| - name: Clean-install dependencies | |
| run: npm ci | |
| - name: Preprocess documentation variant (${{ matrix.variant }}) | |
| run: npm run preprocess-${{ matrix.variant }} | |
| - name: Cache Docusaurus build | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ${{ github.workspace }}/.docusaurus | |
| ${{ github.workspace }}/**/.cache | |
| key: | | |
| ${{ runner.os }}-docusaurus-${{ matrix.variant }}-${{ hashFiles('**/package-lock.json', '**/npm-shrinkwrap.json', '**/yarn.lock', '**/pnpm-lock.yaml') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} | |
| restore-keys: | | |
| ${{ runner.os }}-docusaurus-${{ matrix.variant }}-${{ hashFiles('**/package-lock.json', '**/npm-shrinkwrap.json', '**/yarn.lock', '**/pnpm-lock.yaml') }} | |
| - name: Build documentation | |
| env: | |
| # Container image should be built with `/docs` as the base URL instead of `/`, as the | |
| # self-contained root of the site. | |
| BASE_URL: '/docs/' | |
| VARIANT: ${{ matrix.variant }} | |
| RELEASE_CHANNEL: offline | |
| run: | | |
| BUILD_DATE="$(git show -s --format=%cs ${GITHUB_SHA})" npm run build | |
| # These directories are very big relative to the runner VM's disk capacity, and none of | |
| # are needed for building the Docker container image now that we've run `npm run build`: | |
| rm -rf .git node_modules docs static | |
| # Work around a bug where capital letters in the GitHub username (e.g. "PlanktoScope") make it | |
| # impossible to push to GHCR. See https://github.com/macbre/push-to-ghcr/issues/12 | |
| - name: Lowercase image registry and owner | |
| id: image_registry_case | |
| uses: ASzc/change-string-case-action@v8 | |
| with: | |
| string: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Set documentation variant suffix | |
| run: | | |
| if [[ '${{ matrix.variant }}' != 'minimal' ]]; then | |
| echo 'VARIANT_SUFFIX=-${{ matrix.variant}}' >> $GITHUB_ENV | |
| fi | |
| # Build and publish Docker container image | |
| - name: Get Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| env: | |
| DOCKER_METADATA_PR_HEAD_SHA: true | |
| IS_MAIN_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) }} | |
| IS_ALPHA_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.ALPHA_BRANCH) }} | |
| IS_BETA_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.BETA_BRANCH) }} | |
| IS_STABLE_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.STABLE_BRANCH) }} | |
| with: | |
| images: ${{ steps.image_registry_case.outputs.lowercase }} | |
| flavor: | | |
| suffix=${{ env.VARIANT_SUFFIX }} | |
| tags: | | |
| type=match,pattern=${{ env.TAG_PREFIX }}(.*),group=1 | |
| type=raw,value=stable,enable=${{ env.IS_STABLE_BRANCH }},priority=702 | |
| type=raw,value=beta,enable=${{ env.IS_BETA_BRANCH }},priority=701 | |
| type=raw,value=alpha,enable=${{ env.IS_ALPHA_BRANCH }},priority=701 | |
| type=edge,branch=${{ env.MAIN_BRANCH }} | |
| type=ref,event=pr | |
| type=sha,priority=100 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to GitHub Container Registry | |
| if: env.PUSH_IMAGE == 'true' | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| pull: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| push: ${{ env.PUSH_IMAGE }} |