Add Puffin Docker image #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build and publish a Docker image. | |
# | |
# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local | |
# artifacts job within `cargo-dist`. | |
# | |
# TODO(charlie): Ideally, the publish step would happen as a publish job within `cargo-dist`, but | |
# sharing the built image as an artifact between jobs is challenging. | |
name: "[puffin] Build Docker image" | |
on: | |
workflow_call: | |
inputs: | |
plan: | |
required: true | |
type: string | |
pull_request: | |
paths: | |
# When we change pyproject.toml, we want to ensure that the maturin builds still work. | |
- pyproject.toml | |
# And when we change this workflow itself... | |
- .github/workflows/build-docker.yml | |
jobs: | |
docker-publish: | |
name: Build Docker image (ghcr.io/astral-sh/puffin) | |
runs-on: ubuntu-latest | |
environment: | |
name: release | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/astral-sh/puffin | |
- name: Check tag consistency | |
if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} | |
run: | | |
version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g') | |
if [ "${{ fromJson(inputs.plan).announcement_tag }}" != "${version}" ]; then | |
echo "The input tag does not match the version from pyproject.toml:" >&2 | |
echo "${{ fromJson(inputs.plan).announcement_tag }}" >&2 | |
echo "${version}" >&2 | |
exit 1 | |
else | |
echo "Releasing ${version}" | |
fi | |
- name: "Build and push Docker image" | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
# Reuse the builder | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
push: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} | |
tags: ghcr.io/astral-sh/puffin:latest,ghcr.io/astral-sh/puffin:${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || 'dry-run' }} | |
labels: ${{ steps.meta.outputs.labels }} |