Use Github Actions to build and publish the docker image

This commit reverts #21 so we use Github Actions again to build and publish the docker images, now that some of the actions related to building docker images have been whitelisted in the ThoughtMachine org. The docker images built as part of a release are published to ghcr.
thought-machine · May 31, 2024 · dd01707 · dd01707
1 parent 7ec6b28
commit dd01707
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 0 deletions.
diff --git a/.github/workflows/publish-artifacts.yaml b/.github/workflows/publish-artifacts.yaml
@@ -0,0 +1,61 @@
+name: Publish Docker 🐳 images 📦 to GitHub Container Registry
+
+on:
+  push:
+    tags:
+      - '**'
+
+jobs:
+  build-and-publish-to-ghcr:
+    # Explicitly grant the `secrets.GITHUB_TOKEN` permissions.
+    permissions:
+      # Grant the ability to write to GitHub Packages (push Docker images to
+      # GitHub Container Registry).
+      packages: write
+    name: Build and publish Docker 🐳 images 📦 to GitHub Container Registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+
+      - name: Write version
+        run: ./scripts/insert-version-pyproject.sh ${{github.ref_name}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          # This is the user that triggered the Workflow. In this case, it will
+          # either be the user whom created the Release or manually triggered
+          # the workflow_dispatch.
+          username: ${{ github.actor }}
+          # `secrets.GITHUB_TOKEN` is a secret that's automatically generated by
+          # GitHub Actions at the start of a workflow run to identify the job.
+          # This is used to authenticate against GitHub Container Registry.
+          # See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          # for more detailed information.
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          push: true # push the image to ghcr
+          tags: >
+            ghcr.io/thought-machine/generic-k8s-webhook:${{github.sha}},
+            ghcr.io/thought-machine/generic-k8s-webhook:${{github.ref_name}}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/test-pr.yaml b/.github/workflows/test-pr.yaml
@@ -34,3 +34,21 @@ jobs:
 
       - name: Run unittests
         run: make unittests
+
+  build-docker-image:
+    name: Build docker image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Action
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v5