fix: ensure S3RW_{ACCESS,SECRET}_KEY are used #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-push | |
| on: | |
| push: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| ## Default versions are specified in packages.yaml but can be overridden | |
| ## note: nightly builds will always use the master/main branch | |
| EDM4EIC_VERSION: "" | |
| EICRECON_VERSION: "" | |
| JUGGLER_VERSION: "" | |
| ## Dockerhub registry | |
| DH_REGISTRY: docker.io | |
| DH_REGISTRY_USER: eicweb | |
| DH_PUSH: 0 | |
| ## GitHub registry | |
| GH_REGISTRY: ghcr.io | |
| GH_REGISTRY_USER: eic | |
| GH_PUSH: 1 | |
| ## Number of jobs to start during container builds | |
| JOBS: 4 | |
| ## Internal tag used for the CI | |
| INTERNAL_TAG: pipeline-${{ github.run_id }} | |
| jobs: | |
| base: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - BASE_IMAGE: debian:stable-slim | |
| BUILD_IMAGE: debian_stable_base | |
| PLATFORM: linux/amd64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ env.DH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.DH_REGISTRY }} | |
| username: ${{ env.DH_REGISTRY_USER }} | |
| password: ${{ secrets.DH_EICWEB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| file: containers/debian/base.Dockerfile | |
| context: containers/debian | |
| platforms: ${{ matrix.PLATFORM }} | |
| push: true | |
| tags: | | |
| ghcr.io/eic/${{ matrix.BUILD_IMAGE }}:${{ env.INTERNAL_TAG }} | |
| build-args: | | |
| BASE_IMAGE=${{ matrix.BASE_IMAGE }} | |
| BUILD_IMAGE=${{ matrix.BUILD_IMAGE }} | |
| cache-from: type=gha,scope=${{ github.workflow }} | |
| cache-to: type=gha,mode=max,scope=${{ github.workflow }} | |
| dev: | |
| runs-on: ubuntu-latest | |
| needs: base | |
| strategy: | |
| matrix: | |
| include: | |
| - BASE_IMAGE: debian_stable_base | |
| BUILD_IMAGE: jug_dev | |
| PLATFORM: linux/amd64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Load spack version and cherry-picks | |
| id: spack | |
| shell: bash | |
| run: | | |
| source spack.sh | |
| echo "orgrepo=${SPACK_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${SPACK_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks=${SPACK_CHERRYPICKS//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks_files=${SPACK_CHERRYPICKS_FILES//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| - name: Load eic-spack version and cherry-picks | |
| id: eic-spack | |
| run: | | |
| source eic-spack.sh | |
| echo "orgrepo=${EICSPACK_ORGREPO}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${EICSPACK_VERSION}" | tee -a $GITHUB_OUTPUT | |
| echo "cherrypicks=${EICSPACK_CHERRYPICKS//$'\n'/ }" | tee -a $GITHUB_OUTPUT | |
| - name: Load secrets into mirrors.yaml | |
| id: mirrors | |
| run: | | |
| source spack.sh | |
| export SPACK_VERSION | |
| export GITHUB_REGISTRY_USER=${{ secrets.GHCR_REGISTRY_USER }} | |
| export GITHUB_REGISTRY_TOKEN=${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| export S3RW_ACCESS_KEY=${{ secrets.S3RW_ACCESS_KEY }} | |
| export S3RW_SECRET_KEY=${{ secrets.S3RW_SECRET_KEY }} | |
| cat mirrors.yaml.in | envsubst > mirrors.yaml | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ env.DH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.DH_REGISTRY }} | |
| username: ${{ env.DH_REGISTRY_USER }} | |
| password: ${{ secrets.DH_EICWEB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: ${{ env.GH_PUSH == '1' }} | |
| with: | |
| registry: ${{ env.GH_REGISTRY }} | |
| username: ${{ secrets.GHCR_REGISTRY_USER }} | |
| password: ${{ secrets.GHCR_REGISTRY_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| file: containers/jug/dev.Dockerfile | |
| context: containers/jug | |
| build-contexts: | | |
| spack-environment=spack-environment | |
| secret-files: | | |
| mirrors=mirrors.yaml | |
| platforms: ${{ matrix.PLATFORM }} | |
| push: true | |
| tags: | | |
| ghcr.io/eic/${{ matrix.BUILD_IMAGE }}:${{ env.INTERNAL_TAG }} | |
| build-args: | | |
| DOCKER_REGISTRY=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/ | |
| BASE_IMAGE=${{ matrix.BASE_IMAGE }} | |
| BUILD_IMAGE=${{ matrix.BUILD_IMAGE }} | |
| INTERNAL_TAG=${{ env.INTERNAL_TAG }} | |
| SPACK_ORGREPO=${{ steps.spack.outputs.orgrepo }} | |
| SPACK_VERSION=${{ steps.spack.outputs.version }} | |
| SPACK_CHERRYPICKS=${{ steps.spack.outputs.cherrypicks }} | |
| SPACK_CHERRYPICKS_FILES=${{ steps.spack.outputs.cherrypicks_files }} | |
| EICSPACK_ORGREPO=${{ steps.eic-spack.outputs.orgrepo }} | |
| EICSPACK_VERSION=${{ steps.eic-spack.outputs.version }} | |
| EICSPACK_CHERRYPICKS=${{ steps.eic-spack.outputs.cherrypicks }} | |
| S3_ACCESS_KEY=${{ secrets.S3_ACCESS_KEY }} | |
| S3_SECRET_KEY=${{ secrets.S3_SECRET_KEY }} | |
| jobs=${{ env.JOBS }} | |
| cache-from: type=gha,scope=${{ github.workflow }} | |
| cache-to: type=gha,mode=max,scope=${{ github.workflow }} |