Merge pull request #3339 from DongchenZ/develop #5449
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
# initially we would us on: [release] as well, the problem is that | |
# the code in clowder would not know what branch the code is in, | |
# and would not set the right version flags. | |
# This will run when: | |
# - when new code is pushed to master/develop to push the tags | |
# latest and develop | |
# - when a pull request is created and updated to make sure the | |
# Dockerfile is still valid. | |
# To be able to push to dockerhub, this expects the following | |
# secrets to be set in the project: | |
# - DOCKERHUB_USERNAME : username that can push to the org | |
# - DOCKERHUB_PASSWORD : password asscoaited with the username | |
on: | |
push: | |
branches: | |
- master | |
- develop | |
pull_request: | |
merge_group: | |
issue_comment: | |
types: | |
- created | |
workflow_dispatch: | |
# Certain actions will only run when this is the master repo. | |
env: | |
MASTER_REPO: PecanProject/pecan | |
DOCKERHUB_ORG: pecan | |
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
docker: | |
if: github.event_name != 'issue_comment' || startsWith(github.event.comment.body, '/build') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Work around https://github.com/actions/checkout/issues/766 | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- uses: actions/checkout@v4 | |
with: | |
set-safe-directory: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker | |
buildkitd-flags: --debug | |
install: true | |
# calculate some variables that are used later | |
- name: get version tag | |
run: | | |
BRANCH=${GITHUB_REF##*/} | |
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV | |
if [ "$BRANCH" == "master" ]; then | |
version="$(awk '/Version:/ { print $2 }' base/all/DESCRIPTION)" | |
tags="latest" | |
oldversion="" | |
while [ "${oldversion}" != "${version}" ]; do | |
oldversion="${version}" | |
tags="${tags},${version}" | |
version=${version%.*} | |
done | |
echo "PECAN_VERSION=$(awk '/Version:/ { print $2 }' base/all/DESCRIPTION)" >> $GITHUB_ENV | |
echo "PECAN_TAGS=${tags}" >> $GITHUB_ENV | |
elif [ "$BRANCH" == "develop" ]; then | |
echo "PECAN_VERSION=develop" >> $GITHUB_ENV | |
echo "PECAN_TAGS=develop" >> $GITHUB_ENV | |
else | |
echo "PECAN_VERSION=develop" >> $GITHUB_ENV | |
echo "PECAN_TAGS=develop" >> $GITHUB_ENV | |
fi | |
# If any dependencies changed in this PR, try to update depends image | |
- name: check for changed dependencies | |
uses: dorny/paths-filter@v3 | |
id: findchanges | |
with: | |
filters: | | |
deps: | |
- docker/depends/** | |
- if: steps.findchanges.outputs.deps == 'true' | |
# NB: GITHUB_BASE_REF is only set on pull requests, | |
# so non-PR builds will find no existing tag and build fresh | |
run: | | |
if $(docker manifest inspect pecan/depends:${GITHUB_BASE_REF##*/} > /dev/null 2>&1); then | |
echo "UPDATE_DEPENDS_FROM_TAG=${GITHUB_BASE_REF##*/}" >> $GITHUB_ENV | |
else | |
echo "BUILD_DEPENDS_FRESH=true" >> GITHUB_ENV | |
fi | |
env: | |
GITHUB_BASE_REF: ${{ github.base_ref }} | |
# use shell script to build, there is some complexity in this | |
- name: create images | |
run: ./docker.sh -i github | |
env: | |
PECAN_GIT_CHECKSUM: ${{ github.sha }} | |
PECAN_GIT_BRANCH: ${GITHUB_BRANCH} | |
VERSION: ${{ env.PECAN_VERSION }} | |
UPDATE_DEPENDS_FROM_TAG: ${{ env.UPDATE_DEPENDS_FROM_TAG }} | |
BUILD: ${{ env.BUILD_DEPENDS_FRESH }} | |
# push all images to github | |
- name: Publish to GitHub | |
if: github.event_name == 'push' && github.repository == env.MASTER_REPO | |
run: | | |
echo "${INPUT_PASSWORD}" | docker login -u ${INPUT_USERNAME} --password-stdin ${INPUT_REGISTRY} | |
repo=$(echo ${{ github.repository_owner }} | tr 'A-Z' 'a-z') | |
for image in $(docker image ls pecan/*:github --format "{{ .Repository }}"); do | |
for v in ${PECAN_TAGS}; do | |
docker tag ${image}:github ${INPUT_REGISTRY}/${repo}/${image#pecan/}:${v} | |
docker push ${INPUT_REGISTRY}/${repo}/${image#pecan/}:${v} | |
done | |
done | |
docker logout | |
env: | |
INPUT_REGISTRY: ghcr.io | |
INPUT_USERNAME: ${{ secrets.GHCR_USERNAME }} | |
INPUT_PASSWORD: ${{ secrets.GHCR_PASSWORD }} | |
# push all images to dockerhub | |
- name: Publish to DockerHub | |
if: github.event_name == 'push' && github.repository == env.MASTER_REPO | |
run: | | |
echo "${INPUT_PASSWORD}" | docker login -u ${INPUT_USERNAME} --password-stdin | |
for image in $(docker image ls pecan/*:github --format "{{ .Repository }}"); do | |
for v in ${PECAN_TAGS}; do | |
docker tag ${image}:github ${{ env.DOCKERHUB_ORG }}/${image#pecan/}:${v} | |
docker push ${{ env.DOCKERHUB_ORG }}/${image#pecan/}:${v} | |
done | |
done | |
docker logout | |
env: | |
INPUT_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
INPUT_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} |