Deploy image to GHCR ๐ช #837
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy image to GHCR ๐ช | |
env: | |
REGISTRY: ghcr.io | |
on: | |
repository_dispatch: | |
types: | |
- scheduled | |
workflow_dispatch: | |
inputs: | |
origin: | |
description: DockerHub org or username where the base image is located | |
required: true | |
type: choice | |
default: rocker | |
options: | |
- rocker | |
- rhub | |
distribution: | |
description: Rocker/RHub Distro Name. Eg. rstudio or fedora-gcc-devel | |
required: true | |
type: choice | |
default: rstudio | |
options: | |
- rstudio | |
- rstudio-local | |
- debian-clang-devel | |
- debian-gcc-devel | |
- fedora-clang-devel | |
- fedora-gcc-devel | |
- debian-gcc-patched | |
- debian-gcc-release | |
r_version: | |
description: R Version | |
required: true | |
type: choice | |
default: "4.3.0" | |
options: | |
- "4.1.0" | |
- "4.1.1" | |
- "4.1.2" | |
- "4.1.3" | |
- "4.2.0" | |
- "4.2.1" | |
- "4.2.2" | |
- "4.3.0" | |
- "4.3.1" | |
- "4.3.2" | |
- "latest" | |
latest_r_version: | |
description: R Version to be used as latest | |
required: false | |
type: string | |
default: "4.3.2" | |
bioc_version: | |
description: BioConductor Release | |
required: true | |
type: choice | |
default: "3.18" | |
options: | |
- "3.13" | |
- "3.14" | |
- "3.15" | |
- "3.16" | |
- "3.17" | |
- "3.18" | |
- "devel" | |
latest_bioc_version: | |
description: BioC version to be used as latest | |
required: false | |
type: string | |
default: "3.18" | |
tag: | |
description: | | |
Custom Image Tag/Version. Defaults to current date in the `YYYY.MM.DD` format if unspecified. | |
required: false | |
default: "" | |
tag_latest: | |
description: Tag image as `latest` | |
default: false | |
type: boolean | |
release_tag: | |
description: | | |
Release tag to which SBOM generated for image should be attached. | |
required: false | |
default: "" | |
jobs: | |
normalize-inputs: | |
name: Normalize inputs ๐งน | |
runs-on: ubuntu-latest | |
steps: | |
- name: Normalize ๐งฝ | |
id: normalizer | |
run: | | |
function normalize() { | |
local var=$1 | |
if [ "$var" == "" ] | |
then { | |
var=$2 | |
} | |
fi | |
echo ${var} | |
} | |
ORIGIN=$(normalize ${{ github.event.inputs.origin }} ${{ github.event.client_payload.origin }}) | |
DISTRIBUTION=$(normalize ${{ github.event.inputs.distribution }} ${{ github.event.client_payload.distribution }}) | |
ORIGIN_DISTRIBUTION=${DISTRIBUTION//"-local"} | |
R_VERSION=$(normalize ${{ github.event.inputs.r_version }} ${{ github.event.client_payload.r_version }}) | |
BIOC_VERSION=$(normalize ${{ github.event.inputs.bioc_version }} ${{ github.event.client_payload.bioc_version }}) | |
LATEST_R_VERSION=$(normalize ${{ github.event.inputs.latest_r_version }} ${{ github.event.client_payload.latest_r_version }}) | |
LATEST_BIOC_VERSION=$(normalize ${{ github.event.inputs.latest_bioc_version }} ${{ github.event.client_payload.latest_bioc_version }}) | |
TAG=$(normalize ${{ github.event.inputs.tag }} ${{ github.event.client_payload.tag }}) | |
TAG_LATEST=$(normalize ${{ github.event.inputs.tag_latest }} ${{ github.event.client_payload.tag_latest }}) | |
RELEASE_TAG=$(normalize ${{ github.event.inputs.release_tag }} ${{ github.event.client_payload.release_tag }}) | |
echo "ORIGIN=$ORIGIN" >> $GITHUB_OUTPUT | |
echo "ORIGIN_DISTRIBUTION=$ORIGIN_DISTRIBUTION" >> $GITHUB_OUTPUT | |
echo "DISTRIBUTION=$DISTRIBUTION" >> $GITHUB_OUTPUT | |
echo "R_VERSION=$R_VERSION" >> $GITHUB_OUTPUT | |
echo "BIOC_VERSION=$BIOC_VERSION" >> $GITHUB_OUTPUT | |
echo "LATEST_R_VERSION=$LATEST_R_VERSION" >> $GITHUB_OUTPUT | |
echo "LATEST_BIOC_VERSION=$LATEST_BIOC_VERSION" >> $GITHUB_OUTPUT | |
echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
echo "TAG_LATEST=$TAG_LATEST" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT | |
shell: bash | |
outputs: | |
origin: ${{ steps.normalizer.outputs.ORIGIN }} | |
origin_distribution: ${{ steps.normalizer.outputs.ORIGIN_DISTRIBUTION }} | |
distribution: ${{ steps.normalizer.outputs.DISTRIBUTION }} | |
r_version: ${{ steps.normalizer.outputs.R_VERSION }} | |
bioc_version: ${{ steps.normalizer.outputs.BIOC_VERSION }} | |
latest_r_version: ${{ steps.normalizer.outputs.LATEST_R_VERSION }} | |
latest_bioc_version: ${{ steps.normalizer.outputs.LATEST_BIOC_VERSION }} | |
tag: ${{ steps.normalizer.outputs.TAG }} | |
tag_latest: ${{ steps.normalizer.outputs.TAG_LATEST }} | |
release_tag: ${{ steps.normalizer.outputs.RELEASE_TAG }} | |
build: | |
runs-on: ubuntu-latest | |
needs: normalize-inputs | |
name: Build & Deploy ๐ ${{ needs.normalize-inputs.outputs.distribution }} - ${{ needs.normalize-inputs.outputs.r_version }} | BioC - ${{ needs.normalize-inputs.outputs.bioc_version }} | |
# Token permissions | |
permissions: | |
contents: read | |
packages: write | |
# Build steps | |
steps: | |
- name: Reclaim Disk Space ๐ฎ | |
uses: insightsengineering/disk-space-reclaimer@v1 | |
with: | |
tools-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: false | |
docker-images: true | |
- name: Checkout repository ๐ณ | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
id: buildx | |
with: | |
install: true | |
- name: Cache Docker layers โป๏ธ | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}-${{ needs.normalize-inputs.outputs.bioc_version }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}-${{ needs.normalize-inputs.outputs.bioc_version }} | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}- | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}- | |
${{ runner.os }}-buildx- | |
- name: Log in to the Container registry ๐ | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.REPO_GITHUB_TOKEN }} | |
- name: Set build variables ๐ | |
id: build_vars | |
run: | | |
# Set Image name | |
image_name="${{ needs.normalize-inputs.outputs.distribution }}_${{ needs.normalize-inputs.outputs.r_version }}_bioc_${{ needs.normalize-inputs.outputs.bioc_version }}" | |
if [[ "${{ needs.normalize-inputs.outputs.distribution }}" =~ ^debian.*|^fedora.* ]] | |
then { | |
image_name="${{ needs.normalize-inputs.outputs.distribution }}" | |
} | |
fi | |
# Set default tag as 'YYYY.MM.DD' date if it isn't set | |
tag="${{ needs.normalize-inputs.outputs.tag }}" | |
if [ "${tag}" == "" ] | |
then { | |
tag=$(date +%Y.%m.%d) | |
} | |
fi | |
tag_latest="${{ needs.normalize-inputs.outputs.tag_latest }}" | |
# Set full image name | |
full_names="${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:${tag}" | |
echo "OUTPUT_IMAGE_NAME=${full_names}" >> $GITHUB_OUTPUT | |
if [ "${tag_latest}" == "true" ] | |
then | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:latest" | |
fi | |
if [ "${image_name}" == "rstudio-local_${{ needs.normalize-inputs.outputs.latest_r_version }}_bioc_${{ needs.normalize-inputs.outputs.latest_bioc_version }}" ] \ | |
|| [ "${image_name}" == "rstudio_${{ needs.normalize-inputs.outputs.latest_r_version }}_bioc_${{ needs.normalize-inputs.outputs.latest_bioc_version }}" ] | |
then | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ needs.normalize-inputs.outputs.distribution }}:latest" | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ needs.normalize-inputs.outputs.distribution }}:${tag}" | |
fi | |
echo "FULL_NAMES=${full_names}" >> $GITHUB_OUTPUT | |
echo "github.ref = ${{ github.ref }}" | |
# Set push if branch is main | |
if [ "${{ github.ref }}" == 'refs/heads/main' ]; then | |
echo "DOCKER_PUSH=true" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = true" | |
else | |
echo "DOCKER_PUSH=false" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = false" | |
fi | |
echo "SBOM_OUTPUT_FILENAME=$GITHUB_WORKSPACE/sbom.json" >> $GITHUB_OUTPUT | |
- name: Build and push image ๐ | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./ | |
file: Dockerfile | |
push: ${{ steps.build_vars.outputs.DOCKER_PUSH }} | |
tags: ${{ steps.build_vars.outputs.FULL_NAMES }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
build-args: | | |
ORIGIN=${{ needs.normalize-inputs.outputs.origin }} | |
ORIGIN_DISTRIBUTION=${{ needs.normalize-inputs.outputs.origin_distribution }} | |
DISTRIBUTION=${{ needs.normalize-inputs.outputs.distribution }} | |
R_VERSION=${{ needs.normalize-inputs.outputs.r_version }} | |
BIOC_VERSION=${{ needs.normalize-inputs.outputs.bioc_version }} | |
platforms: linux/amd64 | |
- name: Generate image manifest and R package list ๐ณ | |
run: | | |
docker manifest inspect ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} > manifest.json | |
docker run -v ${PWD}:/app ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} \ | |
R -e 'write.csv(installed.packages(), file="/app/package_list.csv")' | |
- name: Generate SBOM ๐ | |
uses: anchore/sbom-action@v0 | |
with: | |
image: "${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}" | |
output-file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
artifact-name: "sbom.spdx" | |
- name: Upload image manifest release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "manifest.json" | |
asset_name: "image.manifest.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Upload R package list ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "package_list.csv" | |
asset_name: "package.list.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.csv" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Upload SBOM to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
asset_name: "SBOM for ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.spdx.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Move cache โป๏ธ | |
run: | | |
rm -rf /tmp/.buildx-cache | |
if [ -f /tmp/.buildx-cache-new ] | |
then { | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
} | |
fi |