-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (125 loc) · 4.54 KB
/
build-base.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: "Build base"
on:
push:
paths:
- '.github/workflows/build-base.yml'
- 'base/Dockerfile'
branches:
- main
pull_request:
paths:
- '.github/workflows/build-base.yml'
- 'base/Dockerfile'
workflow_dispatch:
inputs:
pipeContainer:
description: 'Science Pipelines container'
required: true
default: 'lsstsqre/centos'
type: string
stackTag:
description: 'Science Pipelines tag'
required: true
default: 'd_latest'
type: string
makeLatest:
description: 'Push container with "latest" tag'
required: false
type: boolean
permissions:
packages: write
env:
IMAGE_NAME: prompt-base
# All inputs are null for PR/push builds
PIPE_CONTAINER: ${{ inputs.pipeContainer || 'lsstsqre/centos' }}
STACK_TAG: ${{ inputs.stackTag || 'd_latest' }}
MAKE_LATEST: ${{ inputs.makeLatest && 'true' || 'false' }}
jobs:
update-base-image:
name: Update base image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine base image eups tag
working-directory: base
run: |
if [[ -n "$STACK_TAG" ]]; then
if [[ "$STACK_TAG" == *_latest ]]; then
# d_latest and w_latest are literal Docker tags
echo "$STACK_TAG" > lsst.docker.tag
elif [[ "$PIPE_CONTAINER" == "lsstsqre/centos" ]]; then
# Official dailies and weeklies use a more complex tag
echo "7-stack-lsst_distrib-$STACK_TAG" > lsst.docker.tag
else
# For special containers, anything goes
echo "$STACK_TAG" > lsst.docker.tag
fi
echo "$STACK_TAG" > stack.tag
else
echo "d_latest" > lsst.docker.tag
echo "d_latest" > stack.tag
fi
echo "Docker tag = $(< lsst.docker.tag)"
echo "Stack tag = $(< stack.tag)"
docker run "$PIPE_CONTAINER":"$(< lsst.docker.tag)" bash -c "cat conda/envs/lsst-scipipe-*/share/eups/ups_db/global.tags" > eups.tag || docker run "$PIPE_CONTAINER":"$(< lsst.docker.tag)" bash -c "cat stack/miniconda*/ups_db/global.tags" > eups.tag || echo "Unknown" > eups.tag
echo "Eups tag = $(< eups.tag)"
- name: Build image
# Context-free build
working-directory: base
run: |
docker build - \
--build-arg "PIPE_CONTAINER=${PIPE_CONTAINER}" \
--build-arg "STACK_TAG=$(< lsst.docker.tag)" \
--tag $IMAGE_NAME \
--label "runnumber=${GITHUB_RUN_ID}" \
--label "stacktag=$(< stack.tag)" \
--label "eupstag=$(< eups.tag)" \
< Dockerfile
- name: Push image to registries
working-directory: base
run: |
BRANCH=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
[ "$BRANCH" == "merge" ] && BRANCH=$(echo "${{ github.head_ref }}" | sed -e 's,.*/\(.*\),\1,')
for IMAGE_ID in "ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME"; do
STACK_TAG="$(< stack.tag)"
if [ "$BRANCH" == "main" ]; then
VERSION="$STACK_TAG"
else
VERSION="${BRANCH}-$STACK_TAG"
fi
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
EUPS_TAG=$(< eups.tag)
if [ "$EUPS_TAG" != "Unknown" ] && [ "$STACK_TAG" != "$EUPS_TAG" ]; then
# Also push actual eups tag if not the same (e.g. d_latest)
if [ "$BRANCH" == "main" ]; then
VERSION="$EUPS_TAG"
else
VERSION="${BRANCH}-$EUPS_TAG"
fi
echo VERSION=$VERSION
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
fi
if [ "$MAKE_LATEST" == "true" ]; then
# Push latest if requested
if [ "$BRANCH" == "main" ]; then
VERSION="latest"
else
VERSION="${BRANCH}-latest"
fi
echo VERSION=$VERSION
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
fi
done