Skip to content

Merge pull request #22 from mskcc-omics-workflows/develop #11

Merge pull request #22 from mskcc-omics-workflows/develop

Merge pull request #22 from mskcc-omics-workflows/develop #11

Workflow file for this run

name: Push build to prod
on:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
JFROG_REGISTRY: mskcc.jfrog.io
JFROG_CONTAINER_REPO: mskcc.jfrog.io/omicswf-docker-prod-local/mskcc-omics-workflows
GHCR_CONTAINER_REPO: ghcr.io/mskcc-omics-workflows
jobs:
dockerfile-changes:
name: dockerfile-changes
if: ${{ !github.event.act }}
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
# Expose matched filters as job 'docker-images' output variable
docker-images: ${{ steps.filter.outputs.changes }}
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: debug
run: git log --pretty=format:'%h' -n 2
- name: Create tags.yml to grab changes
id: get_tags
run: |
for i in $(find containers -name "Dockerfile" -not -path "containers/testapp/0.0.2/*")
do
path=$(dirname $i)
tag=$(echo $path | cut -f 2- -d/)
echo -e "$tag:\n $path/**"
done > .github/tags.yml
- name: Add to tags.yml to grab changes in testapp/0.0.2 and github action workflows
id: add_testapp_002_tag
run: |
echo -e "testapp/0.0.2:\n - testapp/0.0.2/**\n - .github/workflows/**\n - .hadolint.yml" >> .github/tags.yml
- name: debug
run: cat .github/tags.yml
- uses: mirpedrol/paths-filter@main
id: filter
with:
base: "main"
filters: ".github/tags.yml"
token: ""
dockerfile-lint:
runs-on: ubuntu-latest
name: dockerfile-lint
needs: [dockerfile-changes]
if: needs.dockerfile-changes.outputs.docker-images != '[]'
strategy:
fail-fast: false
matrix:
tags: ["${{ fromJson(needs.dockerfile-changes.outputs.docker-images) }}"]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Hadolint
uses: hadolint/[email protected]
with:
dockerfile: containers/${{ matrix.tags }}/Dockerfile
verbose: true
docker-validate-build:
runs-on: ubuntu-latest
name: dockerfile-build
needs: [dockerfile-changes]
if: needs.dockerfile-changes.outputs.docker-images != '[]'
strategy:
fail-fast: false
matrix:
tags: ["${{ fromJson(needs.dockerfile-changes.outputs.docker-images) }}"]
steps:
# save docker files
- name: Move /var/lib/docker/
run: sudo mv /var/lib/docker/ "${GITHUB_WORKSPACE}/docker"
- name: Maximize build space
uses: easimon/maximize-build-space@master
with:
build-mount-path: /var/lib/docker/
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
- name: Restore /var/lib/docker/
run: |
sudo rsync -aPq "${GITHUB_WORKSPACE}/docker/" /var/lib/docker
sudo rm -rf "${GITHUB_WORKSPACE}/docker"
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: "3.12"
- name: Get docker repo name
id: docker_repo_name
run: echo name=$( dirname "${{ matrix.tags }}" ) >> $GITHUB_OUTPUT
- name: Get docker version
id: docker_repo_version
run: echo version=$( basename "${{ matrix.tags }}" ) >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to JFrog
uses: docker/login-action@v3
with:
registry: ${{ env.JFROG_REGISTRY }}
username: ${{ secrets.MSK_JFROG_USERNAME }}
password: ${{ secrets.MSK_JFROG_TOKEN }}
- name: Build Image for JFrog
uses: docker/build-push-action@v5
with:
context: containers/${{ matrix.tags }}/
file: containers/${{ matrix.tags }}/Dockerfile
load: true
tags: ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
- name: Install pip
run: python -m pip install --upgrade pip
- name: Install python docker package
run : pip install docker jsonschema
- name: Validate image build metadata
run: |
python .github/workflows/scripts/validate_docker.py ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}} .github/workflows/scripts/jsonschema/docker_image.json
- name: Test JFrog image build
run: |
docker run --rm ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
- name: Push image build to JFrog registry
uses: docker/build-push-action@v5
with:
context: containers/${{ matrix.tags }}/
file: containers/${{ matrix.tags }}/Dockerfile
tags: ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
push: true
- name: Log in to GHCR registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and push image to GHCR registry
uses: docker/build-push-action@v5
with:
context: containers/${{ matrix.tags }}/
file: containers/${{ matrix.tags }}/Dockerfile
load: true
tags: ${{ env.GHCR_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
push: true
confirm-pass:
runs-on: ubuntu-latest
needs: [ dockerfile-changes, docker-validate-build, dockerfile-lint ]
if: always() & ${{ !github.event.act }}
steps:
- name: All tests ok
if: ${{ success() || !contains(needs.*.result, 'failure') }}
run: exit 0
- name: One or more tests failed
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1
- name: debug-print
if: always()
run: |
echo "toJSON(needs) = ${{ toJSON(needs) }}"
echo "toJSON(needs.*.result) = ${{ toJSON(needs.*.result) }}"