Deploy Docker Image #162
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Deploy Docker Image | |
| on: | |
| workflow_dispatch: # give possibility to run it manually | |
| schedule: | |
| - cron: "0 0 * * Wed,Sun" # Run every day at midnight UTC | |
| permissions: write-all | |
| env: | |
| REGISTRY: ghcr.io | |
| R_REPOS: "https://cran.r-project.org" | |
| OLD_RELEASE: "4.3" | |
| concurrency: | |
| group: deploy-docker-image-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| get_old_release: | |
| name: Get Old Release Version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| oldrel: ${{ steps.oldrelease.outputs.oldrelease }} | |
| steps: | |
| - name: get old release | |
| id: oldrelease | |
| run: echo "oldrelease=${{ env.OLD_RELEASE }}" >> $GITHUB_OUTPUT | |
| deploy-image: | |
| name: Deploy Image | |
| runs-on: ubuntu-latest | |
| needs: ["get_old_release"] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tags: ["devel", "4.4.1", "${{ needs.get_old_release.outputs.oldrel }}"] | |
| # Token permissions | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Set image specs | |
| id: image_specs | |
| run: | | |
| package_name=$(grep "Package:" DESCRIPTION | awk '{print $NF}') | |
| r_version="${{ matrix.tags }}" | |
| image_name="${package_name}-${r_version}" | |
| ########### LATEST aka RELEAESE IMAGE NAME ########### | |
| if [ "$r_version" == "4.4.1" ]; then | |
| image_name="${package_name}-release" | |
| fi | |
| ########### DEVEL IMAGE NAME ########### | |
| if [ "$r_version" == "devel" ]; then | |
| R_REPOS="https://packagemanager.posit.co/cran/__linux__/focal/latest" | |
| fi | |
| ########### OLDREL IMAGE NAME ########### | |
| if [ "$r_version" == "${{ env.OLD_RELEASE }}" ]; then | |
| image_name="${package_name}-oldrel" | |
| fi | |
| #### Set outputs #### | |
| echo "r_repos=$R_REPOS" >> $GITHUB_OUTPUT | |
| echo "image_name=${image_name}" >> $GITHUB_OUTPUT | |
| - name: Call deploy docker image action ${{ matrix.tags }} | |
| uses: insightsengineering/r-image-creator@v1 | |
| with: | |
| image-name: "${{ steps.image_specs.outputs.image_name }}" | |
| tag-latest: true | |
| base-image: "rocker/rstudio:${{ matrix.tags }}" | |
| sysdeps: "curl,libcurl4-openssl-dev,libfreetype6-dev,libfontconfig1-dev,libfribidi-dev,libgit2-dev,libharfbuzz-dev,libicu-dev,libjpeg-dev,libpng-dev,libssl-dev,libtiff-dev,libxml2-dev,libxt-dev,make,npm,pandoc,qpdf,zlib1g-dev" | |
| description-file: "https://raw.githubusercontent.com/pharmaverse/admiral/main/DESCRIPTION" | |
| repository-owner: ${{ github.repository_owner }} | |
| repo-user: ${{ github.actor }} | |
| repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
| repos: ${{ steps.image_specs.outputs.r_repos }} | |
| packages: "DT,R.cache,R.methodsS3,R.oo,R.utils,backports,cellranger,collections,covr,crosstalk,cyclocomp,diffdf,git2r,hunspell,languageserver,lazyeval,lintr,pak,progress,readxl,rematch,renv,rex,spelling,staged.dependencies,styler,xmlparsedata" | |
| store_deps: | |
| name: Upload Image Manifests | |
| runs-on: ubuntu-latest | |
| needs: ["get_old_release", "deploy-image"] | |
| container: | |
| image: "ghcr.io/pharmaverse/admiralci-${{ matrix.tags }}:latest" | |
| strategy: | |
| fail-fast: false # if one of the job "deploy-image" fails, the other parallel jobs will just continue | |
| matrix: | |
| tags: ["devel", "latest", "${{ needs.get_old_release.outputs.oldrel }}"] | |
| env: | |
| GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Store deps into csv file - image ${{ matrix.tags }} | |
| id: store_deps | |
| run: | | |
| installed_packages <- as.data.frame(installed.packages()) | |
| r_version <- "${{ matrix.tags }}" | |
| if (r_version == "${{ needs.get_old_release.outputs.oldrel }}"){ | |
| r_version <- "oldrelease" | |
| } | |
| content <- sprintf("r_version=%s\n", r_version) | |
| output_file <- Sys.getenv("GITHUB_OUTPUT") | |
| write(content, file = output_file, append = TRUE) | |
| write.csv(installed_packages, sprintf("/workspace/deps-%s.csv", r_version), row.names = FALSE) | |
| shell: Rscript {0} | |
| - name: Delete current release existing artifacts | |
| uses: mknejp/delete-release-assets@v1 | |
| with: | |
| token: ${{ github.token }} | |
| tag: "latest" | |
| fail-if-no-assets: false | |
| assets: | | |
| Dependencies.list.of.docker.image.admiralci-${{ steps.store_deps.outputs.r_version }}.csv | |
| - name: Upload SBOM to release 🔼 | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
| file: "/workspace/deps-${{ steps.store_deps.outputs.r_version }}.csv" | |
| asset_name: "Dependencies list of docker image admiralci-${{ steps.store_deps.outputs.r_version }}.csv" | |
| tag: "latest" | |
| overwrite: true | |
| # refacto todo: image-name, sysdeps on get-renv-list job | |
| # note: in case of 403 error when pushing to ghcr : link current repo to the given package registry - https://github.com/docker/build-push-action/issues/687 | |
| # (got to https://github.com/<user name>?tab=packages to go to packages settings) and there https://github.com/users/<user name>/packages/container/admiralci-4.0/settings |