Skip to content

Deploy Docker Image #139

Deploy Docker Image

Deploy Docker Image #139

---
name: Deploy Docker Image
on:
workflow_dispatch: # give possibility to run it manually
schedule:
- cron: '0 0 * * Wed,Sun' # Run every day at midnight UTC
permissions: write-all
env:
REGISTRY: ghcr.io
R_REPOS: "https://cran.r-project.org"
OLD_RELEASE: "4.3"
concurrency:
group: deploy-docker-image-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
get_old_release:
runs-on: ubuntu-latest
outputs:
oldrel: ${{ steps.oldrelease.outputs.oldrelease }}
steps:
- name: get old release
id: oldrelease
run:
echo "oldrelease=${{ env.OLD_RELEASE }}" >> $GITHUB_OUTPUT
deploy-image:
runs-on: ubuntu-latest
needs: [ "get_old_release" ]
strategy:
fail-fast: false # if one of the job "deploy-image" fails, the other parallel jobs will just continue
matrix:
tags: ["devel", "latest", "${{ needs.get_old_release.outputs.oldrel }}"]
# Token permissions
permissions:
contents: read
packages: write
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Print message
run: |
echo "updating docker image for R version ${{ matrix.tags }}"
- name: Set image specs
id: image_specs
run: |
package_name=$(grep "Package:" DESCRIPTION | awk '{print $NF}')
if [ "${{ matrix.tags }}" == "latest" ]; then image_name="$package_name-release"; else image_name="$package_name-${{ matrix.tags }}"; fi
if [ "${{ matrix.tags }}" == "devel" ]; then R_REPOS="https://packagemanager.posit.co/cran/__linux__/focal/latest"; fi
echo "r_repos=$R_REPOS" >> $GITHUB_OUTPUT
r_version="${{ matrix.tags }}"
if [ "$r_version" == "${{ env.OLD_RELEASE }}" ]; then image_name="$package_name-oldrel"; fi # TODO: del temporary -test suffix for testing
echo "image_name=$image_name" >> $GITHUB_OUTPUT
- name: Call deploy docker image action ${{ matrix.tags }}
uses: insightsengineering/r-image-creator@install_suggests_deps
with:
image-name: "${{ steps.image_specs.outputs.image_name }}"
tag-latest: true
base-image: "rocker/rstudio:${{ matrix.tags }}"
sysdeps: qpdf,libxt-dev,curl,npm,libicu-dev,libcurl4-openssl-dev,libssl-dev,make,zlib1g-dev,libfontconfig1-dev,libfreetype6-dev,libfribidi-dev,libharfbuzz-dev,libjpeg-dev,libpng-dev,libtiff-dev,pandoc,libxml2-dev,libgit2-dev,libgit2-dev,jq
description-file: "https://raw.githubusercontent.com/pharmaverse/admiral/main/DESCRIPTION"
repository-owner: ${{ github.repository_owner }}
repo-user: ${{ github.actor }}
repo-token: "${{ secrets.GITHUB_TOKEN }}"
repos: ${{ steps.image_specs.outputs.r_repos }}
packages: "DT,R.cache,R.methodsS3,R.oo,R.utils,backports,cellranger,collections,covr,crosstalk,cyclocomp,diffdf,git2r,hunspell,languageserver,lazyeval,lintr,progress,readxl,rematch,renv,rex,spelling,staged.dependencies,styler,xmlparsedata"
store_deps:
name: Store Deps
runs-on: ubuntu-latest
needs: [ "get_old_release", "deploy-image" ]
container:
image: "ghcr.io/pharmaverse/admiralci-${{ matrix.tags }}:latest"
strategy:
fail-fast: false # if one of the job "deploy-image" fails, the other parallel jobs will just continue
matrix:
tags: ["devel", "latest", "${{ needs.get_old_release.outputs.oldrel }}"]
env:
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Store deps into csv file - image ${{ matrix.tags }}
id: store_deps
run: |
installed_packages <- as.data.frame(installed.packages())
r_version <- "${{ matrix.tags }}"
if (r_version == "${{ needs.get_old_release.outputs.oldrel }}"){
r_version <- "oldrelease"
}
content <- sprintf("r_version=%s\n", r_version)
output_file <- Sys.getenv("GITHUB_OUTPUT")
write(content, file = output_file, append = TRUE)
write.csv(installed_packages, sprintf("/workspace/deps-%s.csv", r_version), row.names = FALSE)
shell: Rscript {0}
- name: Upload deps.csv artifact
uses: actions/upload-artifact@v4
with:
name: deps
path: "/workspace/deps-${{ steps.store_deps.outputs.r_version }}.csv"
- name: Delete current release existing artifacts
uses: mknejp/delete-release-assets@v1
with:
token: ${{ github.token }}
tag: "latest"
fail-if-no-assets: false
assets: |
Dependencies.list.of.docker.image.admiralci-${{ steps.store_deps.outputs.r_version }}.csv
- name: Upload SBOM to release 🔼
uses: svenstaro/upload-release-action@v2
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
file: "/workspace/deps-${{ steps.store_deps.outputs.r_version }}.csv"
asset_name: "Dependencies list of docker image admiralci-${{ steps.store_deps.outputs.r_version }}.csv"
tag: "latest"
overwrite: true
# refacto todo: image-name, sysdeps on get-renv-list job
# note: in case of 403 error when pushing to ghcr : link current repo to the given package registry - https://github.com/docker/build-push-action/issues/687
# (got to https://github.com/<user name>?tab=packages to go to packages settings) and there https://github.com/users/<user name>/packages/container/admiralci-4.0/settings