From c2e181626fd04abc2a2a8b71371bf342d6cf98a0 Mon Sep 17 00:00:00 2001 From: Akshay Karle <1443108+akshaykarle@users.noreply.github.com> Date: Thu, 17 Oct 2024 16:36:09 +0100 Subject: [PATCH] update docker github workflow to use nix --- .github/workflows/publish.yml | 51 +++++++++++++++++++++++------------ Dockerfile | 13 --------- 2 files changed, 34 insertions(+), 30 deletions(-) delete mode 100644 Dockerfile diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 28c5dcd..707761a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -21,8 +21,32 @@ jobs: attestations: write id-token: write steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: Remove software and languages + # copied from: https://github.com/actions/runner-images/issues/2840#issuecomment-2327466240 + shell: bash + run: | + df -h / + sudo rm -rf \ + "$AGENT_TOOLSDIRECTORY" \ + /opt/google/chrome \ + /opt/microsoft/msedge \ + /opt/microsoft/powershell \ + /opt/pipx \ + /usr/lib/mono \ + /usr/local/julia* \ + /usr/local/lib/android \ + /usr/local/lib/node_modules \ + /usr/local/share/chromium \ + /usr/local/share/powershell \ + /usr/share/dotnet \ + /usr/share/swift + df -h / + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - uses: DeterminateSystems/flake-checker-action@main + - name: Build image + run: nix build .#dockerImage - name: Log in to the Container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: @@ -31,21 +55,14 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + uses: docker/metadata-action@5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image + - name: Load and push image id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true - + run: | + docker load --input result + docker tag pii:latest + docker push ${{ format('{0}/{1}:latest', env.REGISTRY, env.IMAGE_NAME) }} + docker tag pii:${{ steps.meta.outputs.tags }} + docker push ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_NAME, steps.meta.outputs.tags) }} diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index f6faaa1..0000000 --- a/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM python:3.11 - -WORKDIR /usr/src/app -RUN pip install poetry==1.8.3 -ENV POETRY_NO_INTERACTION=1 -ENV POETRY_CACHE_DIR=/tmp/poetry_cache -COPY poetry.toml . -COPY poetry.lock . -COPY pyproject.toml . -RUN poetry install && rm -rf $POETRY_CACHE_DIR -COPY pii_detection_and_anonymizer pii_detection_and_anonymizer - -ENTRYPOINT [ "poetry", "run", "python", "-m", "pii_detection_and_anonymizer" ]