Revise to use GITHUB_PAT #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# When a new release is published, | |
# upload image to Dockerhub. | |
# | |
# Requires the following repository secrets: | |
# - DOCKER_IMAGE - Configured as a secret so it can be configured per fork. | |
# - DOCKER_HUB_USERNAME | |
# - DOCKER_HUB_ACCESS_TOKEN | |
# - GITHUBPAT - The github account to use for downloading CRAN dependencies. | |
# Needed to avoid "API rate limit exceeded" from github. | |
name: Release Docker | |
# on: | |
# release: | |
# types: [published] | |
# For testing - remove in favor of tagging approach above | |
on: | |
push: | |
branches: | |
- 'issue-97-docker' | |
workflow_dispatch: | |
inputs: | |
docker_image: | |
description: 'OHDSI Strategus with HADES and RStudio.' | |
default: 'ohdsi/strategus' | |
type: string | |
jobs: | |
docker: | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_PAT: ${{ secrets.GH_TOKEN }} | |
DOCKER_IMAGE: ${{ inputs.docker_image || secrets.DOCKER_IMAGE }} | |
steps: | |
- uses: actions/checkout@v4 | |
# ------------------------------------ | |
# The pattern for the following steps is specified | |
# in OHDSI/WebAPI. | |
# Add Docker labels and tags | |
- name: Docker meta | |
id: docker_meta | |
uses: crazy-max/ghaction-docker-meta@v1 | |
with: | |
images: ${{ env.DOCKER_IMAGE }} | |
tag-match: v(.*) | |
tag-match-group: 1 | |
# Setup docker build environment | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
- name: Set build parameters | |
id: build_params | |
run: | | |
echo "::set-output name=sha8::${GITHUB_SHA::8}" | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./ | |
file: ./Dockerfile | |
# Allow running the image on the architectures supported by nginx-unprivileged:alpine. | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
secrets: | | |
build_github_pat=${{ secrets.GITHUBPAT }} | |
build-args: | | |
GIT_BRANCH=${{ steps.docker_meta.outputs.version }} | |
GIT_COMMIT_ID_ABBREV=${{ steps.build_params.outputs.sha8 }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
# Use runtime labels from docker_meta as well as fixed labels | |
labels: | | |
${{ steps.docker_meta.outputs.labels }} | |
maintainer=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com | |
org.opencontainers.image.authors=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com | |
org.opencontainers.image.vendor=OHDSI | |
org.opencontainers.image.licenses=Apache-2.0 | |
- name: Inspect image | |
run: | | |
docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }} | |
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }} |