From 69382a6064407ffd59a0893e901a7b6c65e74ab3 Mon Sep 17 00:00:00 2001 From: Daniel Hollas Date: Tue, 23 Apr 2024 18:45:12 +0100 Subject: [PATCH] Initial publish to ghcr --- .github/workflows/main.yml | 23 +++++-- .github/workflows/publish.yml | 32 ++++++--- .github/workflows/publish_ghcr.yml | 103 +++++++++++++++++++++++++++++ 3 files changed, 146 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/publish_ghcr.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c492ba25..21c0397c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -69,13 +69,28 @@ jobs: target: full-stack integration: true - publish: + publish_ghcr: + if: github.repository == 'aiidalab/aiidalab-docker-stack' + needs: [test-amd64, test-arm64] + uses: ./.github/workflows/publish_ghcr.yml + with: + runsOn: ubuntu-22.04 + images_amd64: ${{ needs.test_amd64.inputs.images }} + images_arm64: ${{ needs.test_arm64.inputs.images }} + secrets: + REGISTRY_USERNAME: ${{ github.actor }} + REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish_docker: if: >- github.repository == 'aiidalab/aiidalab-docker-stack' && (github.ref_type == 'tag' || github.ref_name == 'main') - needs: [test-amd64, test-arm64] + needs: [publish_ghcr] uses: ./.github/workflows/publish.yml with: runsOn: ubuntu-22.04 - images: ${{ needs.build.outputs.images }} - secrets: inherit + images: ${{ needs.publish_ghcr.outputs.images }} + secrets: + REGISTRY_USERNAME: ${{ secrets.DOCKER_USERNAME }} + REGISTRY_TOKEN: ${{ secrets.DOCKER_PASSWORD }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6fd22a8c..dfeddcd0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,20 +9,31 @@ on: required: true type: string images: - description: Images built in build step + description: multiarch images built in previous build step + required: false + type: string + registry: + description: Container registry to publish Docker images required: true type: string + secrets: + REGISTRY_USERNAME: + required: true + REGISTRY_TOKEN: + required: true + GITHUB_TOKEN: + required: true jobs: release: - name: DockerHub release + name: ${{ inputs.registry }} release runs-on: ${{ inputs.runsOn }} timeout-minutes: 30 strategy: fail-fast: true matrix: - target: ["base", "base-with-services", "lab", "full-stack"] + target: ["base"] #, "base-with-services", "lab", "full-stack"] steps: - uses: actions/checkout@v4 @@ -36,10 +47,11 @@ jobs: - name: Login to DockerHub 🔑 uses: docker/login-action@v3 + if: ${{ inputs.registry != ghcr.io }} with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + registry: ${{ inputs.registry }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} - name: Read build variables id: build_vars @@ -53,8 +65,9 @@ jobs: uses: docker/metadata-action@v5 env: ${{ fromJSON(steps.build_vars.outputs.vars) }} with: - images: docker.io/aiidalab/${{ matrix.target }} + images: ${{ inputs.registry }}/aiidalab/${{ matrix.target }} tags: | + type=ref,event=pr type=edge,enable={{is_default_branch}} type=raw,value={{tag}},enable=${{ github.ref_type == 'tag' && ! startsWith(github.ref_name, 'v') }} type=raw,value=aiida-${{ env.AIIDA_VERSION }},enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }} @@ -64,6 +77,7 @@ jobs: - name: Determine src image tag id: images + if: inputs.registry == 'docker.io' run: | src=$(echo '${{ inputs.images }}'| jq -cr '.[("${{ matrix.target }}"|ascii_upcase|sub("-"; "_"; "g")) + "_IMAGE"]') echo "src=$src" @@ -71,12 +85,14 @@ jobs: - name: Push image uses: akhilerm/tag-push-action@v2.2.0 + if: inputs.registry == 'docker.io' with: src: ${{ steps.images.outputs.src }} dst: ${{ steps.meta.outputs.tags }} - name: Docker Hub Description uses: peter-evans/dockerhub-description@v4 + if: inputs.registry == 'docker.io' with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -85,6 +101,6 @@ jobs: - uses: softprops/action-gh-release@v0.1.14 name: Create release - if: startsWith(github.ref, 'refs/tags/v') + if: startsWith(github.ref, 'refs/tags/v') && inputs.registry == 'docker.io' with: generate_release_notes: true diff --git a/.github/workflows/publish_ghcr.yml b/.github/workflows/publish_ghcr.yml new file mode 100644 index 00000000..57003b23 --- /dev/null +++ b/.github/workflows/publish_ghcr.yml @@ -0,0 +1,103 @@ +--- +name: Publish images to DockerHub + +on: + workflow_call: + inputs: + runsOn: + description: GitHub Actions Runner image + required: true + type: string + images_amd64: + description: amd64 images built in build step + required: false + type: string + images_arm64: + description: arm64 images built in build step + required: false + type: string + registry: + description: Container registry to publish Docker images + required: true + type: string + outputs: + images: + description: Published multiarch images + value: ${{ jobs.build.outputs.images }} + secrets: + REGISTRY_USERNAME: + required: true + REGISTRY_TOKEN: + required: true + +jobs: + + release: + name: ${{ inputs.registry }} release + runs-on: ${{ inputs.runsOn }} + timeout-minutes: 30 + outputs: + images: "TODO" + strategy: + fail-fast: true + matrix: + target: ["base"] #, "base-with-services", "lab", "full-stack"] + + steps: + - uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry 🔑 + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} + + - name: Read build variables + id: build_vars + run: | + vars=$(cat build.json | jq -c '[.variable | to_entries[] | {"key": .key, "value": .value.default}] | from_entries') + echo "vars=$vars" + echo "vars=$vars" >> "${GITHUB_OUTPUT}" + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + env: ${{ fromJSON(steps.build_vars.outputs.vars) }} + with: + images: ${{ inputs.registry }}/aiidalab/${{ matrix.target }} + tags: | + type=ref,event=pr + type=edge,enable={{is_default_branch}} + type=raw,value={{tag}},enable=${{ github.ref_type == 'tag' && ! startsWith(github.ref_name, 'v') }} + type=raw,value=aiida-${{ env.AIIDA_VERSION }},enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }} + type=raw,value=python-${{ env.PYTHON_VERSION }},enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }} + type=raw,value=postgresql-${{ env.PGSQL_VERSION }},enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }} + type=match,pattern=v(\d{4}\.\d{4}(-.+)?),group=1 + + - name: Determine src image tags + id: images + run: | + src_amd64=$(echo '${{ inputs.images_amd64 }}'| jq -cr '.[("${{ matrix.target }}"|ascii_upcase|sub("-"; "_"; "g")) + "_IMAGE"]') + src_arm64=$(echo '${{ inputs.images_arm64 }}'| jq -cr '.[("${{ matrix.target }}"|ascii_upcase|sub("-"; "_"; "g")) + "_IMAGE"]') + echo "src_amd64=$src_amd64" + echo "src_arm64=$src_arm64" + echo "src_amd64=$src" >> "${GITHUB_OUTPUT}" + echo "src_arm64=$src" >> "${GITHUB_OUTPUT}" + + - name: Merge tags for the images of different archs + id: merge + if: false + run: | + docker manifest create ${{ $steps.images.src_amd64 }} + docker manifest push ${{ $steps.images.src_amd64 }} + docker manifest create ${{ $steps.images.src_arm64 }} + docker manifest push ${{ $steps.images.src_arm64 }} + shell: bash + + - name: Push image + uses: akhilerm/tag-push-action@v2.2.0 + if: false + with: + src: ${{ steps.merge.outputs.src }} + dst: ${{ steps.meta.outputs.tags }}