Skip to content

Revise to use GITHUB_PAT #5

Revise to use GITHUB_PAT

Revise to use GITHUB_PAT #5

# When a new release is published,
# upload image to Dockerhub.
#
# Requires the following repository secrets:
# - DOCKER_IMAGE - Configured as a secret so it can be configured per fork.
# - DOCKER_HUB_USERNAME
# - DOCKER_HUB_ACCESS_TOKEN
# - GITHUBPAT - The github account to use for downloading CRAN dependencies.
# Needed to avoid "API rate limit exceeded" from github.
name: Release Docker
# on:
# release:
# types: [published]
# For testing - remove in favor of tagging approach above
on:
push:
branches:
- 'issue-97-docker'
workflow_dispatch:
inputs:
docker_image:
description: 'OHDSI Strategus with HADES and RStudio.'
default: 'ohdsi/strategus'
type: string
jobs:
docker:
runs-on: ubuntu-latest
env:
GITHUB_PAT: ${{ secrets.GH_TOKEN }}
DOCKER_IMAGE: ${{ inputs.docker_image || secrets.DOCKER_IMAGE }}
steps:
- uses: actions/checkout@v4
# ------------------------------------
# The pattern for the following steps is specified
# in OHDSI/WebAPI.
# Add Docker labels and tags
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ env.DOCKER_IMAGE }}
tag-match: v(.*)
tag-match-group: 1
# Setup docker build environment
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Set build parameters
id: build_params
run: |
echo "::set-output name=sha8::${GITHUB_SHA::8}"
- name: Build and push
id: docker_build
uses: docker/build-push-action@v5
with:
context: ./
file: ./Dockerfile
# Allow running the image on the architectures supported by nginx-unprivileged:alpine.
platforms: linux/amd64,linux/arm64
push: true
secrets: |
build_github_pat=${{ secrets.GITHUBPAT }}
build-args: |
GIT_BRANCH=${{ steps.docker_meta.outputs.version }}
GIT_COMMIT_ID_ABBREV=${{ steps.build_params.outputs.sha8 }}
tags: ${{ steps.docker_meta.outputs.tags }}
# Use runtime labels from docker_meta as well as fixed labels
labels: |
${{ steps.docker_meta.outputs.labels }}
maintainer=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com
org.opencontainers.image.authors=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com
org.opencontainers.image.vendor=OHDSI
org.opencontainers.image.licenses=Apache-2.0
- name: Inspect image
run: |
docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}