Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add julia docker images #1

Merged
merged 31 commits into from
Apr 3, 2024
Merged
Show file tree
Hide file tree
Changes from 30 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/cla.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: CLA 🔏

on:
issue_comment:
types:
- created
# For PRs that originate from forks
pull_request_target:
types:
- opened
- closed
- synchronize

jobs:
CLA:
name: CLA 📝
uses: insightsengineering/.github/.github/workflows/cla.yaml@main
secrets: inherit
277 changes: 277 additions & 0 deletions .github/workflows/deploy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,277 @@
name: Deploy image to GHCR 🪂

env:
REGISTRY: ghcr.io
PLATFORMS: linux/amd64

on:
# TODO cleanup
push:
branches:
- add-julia-docker-image
# repository_dispatch:
# types:
# - scheduled

workflow_dispatch:
inputs:
origin:
description: DockerHub org or username where the base image is located
required: true
type: choice
default: "julia"
options:
- "julia"

source_image_tag:
description: Source image tag
required: true
type: choice
default: "1.10-bookworm"
options:
- "1.10-bookworm"

destination_image_name:
description: |
Destination image name, will be available as
ghcr.io/insightsengineering/destination_image_name
required: true
type: choice
default: "julia-vscode"
options:
- "julia-vscode"
- "julia"

tag:
description: |
Destination image tag. Defaults to current date in the `YYYY.MM.DD`
format if unspecified.
required: true
type: choice
default: "1.10-bookworm"
options:
- "1.10-bookworm"

tag_latest:
description: Tag image as `latest`
default: false
type: boolean

release_tag:
description: |
Release tag to which SBOM generated for image should be attached.
Release tags follow the `YYYY.MM.DD` format.
This must be specified if you want to upload artifacts to the release.
required: false
default: ''

jobs:
normalize-inputs:
name: Normalize inputs 🧹
runs-on: ubuntu-latest
steps:
- name: Normalize 🧽
id: normalizer
run: |
function normalize() {
local var=$1
if [ "$var" == "" ]
then {
var=$2
}
fi
echo ${var}
}

# TODO Remove once the workflow appears on main.
ORIGIN=$(normalize ${{ github.event.inputs.origin }} julia)
SOURCE_IMAGE_TAG=$(normalize ${{ github.event.inputs.source_image_tag }} 1.10-bookworm)
DESTINATION_IMAGE_NAME=$(normalize ${{ github.event.inputs.destination_image_name }} julia-vscode)
TAG=$(normalize ${{ github.event.inputs.tag }} 1.10-bookworm)

# TODO uncomment once this is merged to main.
# ORIGIN=$(normalize ${{ github.event.inputs.origin }} ${{ github.event.client_payload.origin }})
# SOURCE_IMAGE_TAG=$(normalize ${{ github.event.inputs.source_image_tag }} ${{ github.event.client_payload.source_image_tag }})
# DESTINATION_IMAGE_NAME=$(normalize ${{ github.event.inputs.destination_image_name }} ${{ github.event.client_payload.destination_image_name }})
# TAG=$(normalize ${{ github.event.inputs.tag }} ${{ github.event.client_payload.tag }})

TAG_LATEST=$(normalize ${{ github.event.inputs.tag_latest }} ${{ github.event.client_payload.tag_latest }})
RELEASE_TAG=$(normalize ${{ github.event.inputs.release_tag }} ${{ github.event.client_payload.release_tag }})

echo "ORIGIN=$ORIGIN" >> $GITHUB_OUTPUT
echo "SOURCE_IMAGE_TAG=$SOURCE_IMAGE_TAG" >> $GITHUB_OUTPUT
echo "DESTINATION_IMAGE_NAME=$DESTINATION_IMAGE_NAME" >> $GITHUB_OUTPUT
echo "TAG=$TAG" >> $GITHUB_OUTPUT
echo "TAG_LATEST=$TAG_LATEST" >> $GITHUB_OUTPUT
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT
shell: bash
outputs:
origin: ${{ steps.normalizer.outputs.ORIGIN }}
source_image_tag: ${{ steps.normalizer.outputs.SOURCE_IMAGE_TAG }}
destination_image_name: ${{ steps.normalizer.outputs.DESTINATION_IMAGE_NAME }}
tag: ${{ steps.normalizer.outputs.TAG }}
tag_latest: ${{ steps.normalizer.outputs.TAG_LATEST }}
release_tag: ${{ steps.normalizer.outputs.RELEASE_TAG }}

build:
runs-on: ubuntu-latest
needs: normalize-inputs
name: Build & Deploy 🚀 ${{ needs.normalize-inputs.outputs.destination_image_name }}:${{ needs.normalize-inputs.outputs.tag }}

# Token permissions
permissions:
contents: read
packages: write

# Build steps
steps:
- name: Reclaim Disk Space 🚮
uses: insightsengineering/disk-space-reclaimer@v1
with:
tools-cache: false
android: true
dotnet: true
haskell: true
large-packages: true
swap-storage: false
docker-images: true

- name: Checkout repository 💳
uses: actions/checkout@v4

- name: Set up Docker Buildx 🐳
uses: docker/setup-buildx-action@v3
id: buildx
with:
install: true

- name: Set up QEMU 🦤
id: qemu
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ env.PLATFORMS }}

- name: Cache Docker layers ♻️
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }}-${{ needs.normalize-inputs.outputs.tag }}
restore-keys: |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }}-${{ needs.normalize-inputs.outputs.tag }}
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.destination_image_name }}
${{ runner.os }}-buildx-

- name: Log in to the Container registry 🗝
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set build variables 📐
id: build_vars
run: |
# Set default tag as 'YYYY.MM.DD' date if it isn't set
tag="${{ needs.normalize-inputs.outputs.tag }}"
if [ "${tag}" == "" ]
then {
tag=$(date +%Y.%m.%d)
}
fi

tag_latest="${{ needs.normalize-inputs.outputs.tag_latest }}"
image_name="${{ needs.normalize-inputs.outputs.destination_image_name }}"

# Set full image name
full_names="${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:${tag}"
echo "OUTPUT_IMAGE_NAME=${full_names}" >> $GITHUB_OUTPUT
if [ "${tag_latest}" == "true" ]
then
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:latest"
fi
echo "FULL_NAMES=${full_names}" >> $GITHUB_OUTPUT
echo "FULL_NAMES=${full_names}"

# Push the image if we're running for main
echo "github.ref = ${{ github.ref }}"

if [ "${{ github.ref }}" == 'refs/heads/main' ]; then
echo "DOCKER_PUSH=true" >> $GITHUB_OUTPUT
echo "DOCKER_PUSH = true"
else
echo "DOCKER_PUSH=false" >> $GITHUB_OUTPUT
echo "DOCKER_PUSH = false"
fi

# TODO remove
echo "DOCKER_PUSH = true"
echo "DOCKER_PUSH=true" >> $GITHUB_OUTPUT

echo "SBOM_OUTPUT_FILENAME=$GITHUB_WORKSPACE/sbom.json" >> $GITHUB_OUTPUT

- name: Build and push image 🏗
uses: docker/build-push-action@v5
with:
context: ./
file: Dockerfile
push: ${{ steps.build_vars.outputs.DOCKER_PUSH }}
tags: ${{ steps.build_vars.outputs.FULL_NAMES }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
build-args: |
ORIGIN=${{ needs.normalize-inputs.outputs.origin }}
SOURCE_IMAGE_TAG=${{ needs.normalize-inputs.outputs.source_image_tag }}
DESTINATION_IMAGE_NAME=${{ needs.normalize-inputs.outputs.destination_image_name }}
DESTINATION_IMAGE_TAG=${{ needs.normalize-inputs.outputs.tag }}
platforms: ${{ env.PLATFORMS }}

- name: Generate image manifest 🐳
run: |
docker manifest inspect ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} > manifest.json

- name: Reclaim Disk Space for SBOM Generation 🚮
uses: insightsengineering/disk-space-reclaimer@v1
with:
tools-cache: false
android: true
dotnet: true
haskell: true
large-packages: true
swap-storage: false
docker-images: true

- name: Generate SBOM 📃
uses: anchore/sbom-action@v0
with:
image: "${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}"
output-file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}"
artifact-name: "sbom.spdx"

- name: Upload image manifest to release 🔼
uses: svenstaro/upload-release-action@v2
if: needs.normalize-inputs.outputs.release_tag != ''
with:
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }}
file: "manifest.json"
asset_name: "image.manifest.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.json"
tag: "${{ needs.normalize-inputs.outputs.release_tag }}"
overwrite: true

- name: Upload SBOM to release 🔼
uses: svenstaro/upload-release-action@v2
if: needs.normalize-inputs.outputs.release_tag != ''
with:
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }}
file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}"
asset_name: "SBOM for ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.spdx.json"
tag: "${{ needs.normalize-inputs.outputs.release_tag }}"
overwrite: true

- name: Move cache ♻️
run: |
rm -rf /tmp/.buildx-cache
if [ -f /tmp/.buildx-cache-new ]
then {
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
}
fi
65 changes: 65 additions & 0 deletions .github/workflows/scheduled.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: Scheduled Deployments ⏲

on:
schedule:
- cron: '44 19 10,25 * *'
workflow_dispatch:

jobs:
create-release:
name: Create release 🌟
runs-on: ubuntu-latest
steps:
- name: Generate release body 📜
id: release-body
run: |
printf "Release $(date +"%Y.%m.%d")\n\n"\
"You may view the artifacts in this release for more information "\
"about the images that were published." > RELEASE_BODY.txt
echo "release-tag=$(date +"%Y.%m.%d")" >> $GITHUB_OUTPUT

- name: Create release 🌟
uses: softprops/action-gh-release@v1
with:
body_path: RELEASE_BODY.txt
token: ${{ secrets.REPO_GITHUB_TOKEN }}
generate_release_notes: true
tag_name: ${{ steps.release-body.outputs.release-tag }}

outputs:
release_tag: ${{ steps.release-body.outputs.release-tag }}

build:
name: Build & Deploy 🚀
needs: create-release
runs-on: ubuntu-latest
strategy:
matrix:
image:
- source_image_tag: '1.10-bookworm'
destination_image_name: 'julia-vscode'
tag: '1.10-bookworm'
- source_image_tag: '1.10-bookworm'
destination_image_name: 'julia'
tag: '1.10-bookworm'

# Trigger steps
steps:
- name: Checkout repository 💳
uses: actions/checkout@v4
with:
ref: main

- name: Trigger all builds ▶️
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.REPO_GITHUB_TOKEN }}
event-type: scheduled
client-payload: >
{
"source_image_tag": "${{ matrix.image.source_image_tag }}",
"destination_image_name": "${{ matrix.image.destination_image_name }}",
"tag": "${{ matrix.image.tag }}",
"tag_latest": "true",
"release_tag": "${{ needs.create-release.outputs.release_tag }}"
}
Loading