-
Notifications
You must be signed in to change notification settings - Fork 0
164 lines (160 loc) · 5.99 KB
/
dev-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Test builds
on:
push:
branches: [develop]
pull_request:
branches: [develop]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
JFROG_REGISTRY: mskcc.jfrog.io
JFROG_CONTAINER_REPO: mskcc.jfrog.io/omicswf-docker-dev-local/mskcc-omics-workflows
GHCR_CONTAINER_REPO: ghcr.io/mskcc-omics-workflows/
jobs:
dockerfile-changes:
name: dockerfile-changes
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
# Expose matched filters as job 'docker-images' output variable
docker-images: ${{ steps.filter.outputs.changes }}
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: debug
run: git log --pretty=format:'%h' -n 2
- name: Create tags.yml to grab changes
id: get_tags
run: |
for i in $(find containers -name "Dockerfile" -not -path "containers/testapp/0.0.2/*")
do
path=$(dirname $i)
tag=$(echo $path | cut -f 2- -d/)
echo -e "$tag:\n $path/**"
done > .github/tags.yml
- name: Add to tags.yml to grab changes in testapp/0.0.2 and github action workflows
id: add_testapp_002_tag
run: |
echo -e "testapp/0.0.2:\n - testapp/0.0.2/**\n - .github/workflows/**\n - .hadolint.yml" >> .github/tags.yml
- name: debug
run: cat .github/tags.yml
- uses: mirpedrol/paths-filter@main
id: filter
with:
base: "develop"
filters: ".github/tags.yml"
token: ""
dockerfile-lint:
runs-on: ubuntu-latest
name: dockerfile-lint
needs: [dockerfile-changes]
if: needs.dockerfile-changes.outputs.docker-images != '[]'
strategy:
fail-fast: false
matrix:
tags: ["${{ fromJson(needs.dockerfile-changes.outputs.docker-images) }}"]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Hadolint
uses: hadolint/[email protected]
with:
dockerfile: containers/${{ matrix.tags }}/Dockerfile
verbose: true
docker-validate-build:
runs-on: ubuntu-latest
name: dockerfile-build
needs: [dockerfile-changes]
if: needs.dockerfile-changes.outputs.docker-images != '[]'
strategy:
fail-fast: false
matrix:
tags: ["${{ fromJson(needs.dockerfile-changes.outputs.docker-images) }}"]
steps:
# save docker files
- name: Move /var/lib/docker/
if: ${{ !github.event.act }}
run: sudo mv /var/lib/docker/ "${GITHUB_WORKSPACE}/docker"
- name: Maximize build space
if: ${{ !github.event.act }}
uses: easimon/maximize-build-space@master
with:
build-mount-path: /var/lib/docker/
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
- name: Restore /var/lib/docker/
if: ${{ !github.event.act }}
run: |
sudo rsync -aPq "${GITHUB_WORKSPACE}/docker/" /var/lib/docker
sudo rm -rf "${GITHUB_WORKSPACE}/docker"
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
with:
python-version: "3.12"
- name: Get docker repo name
id: docker_repo_name
run: echo name=$( dirname "${{ matrix.tags }}" ) >> $GITHUB_OUTPUT
- name: Get docker version
id: docker_repo_version
run: echo version=$( basename "${{ matrix.tags }}" ) >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to JFrog
uses: docker/login-action@v3
with:
registry: ${{ env.JFROG_REGISTRY }}
username: ${{ secrets.MSK_JFROG_USERNAME }}
password: ${{ secrets.MSK_JFROG_TOKEN }}
- name: Build Image for JFrog
uses: docker/build-push-action@v5
with:
context: containers/${{ matrix.tags }}/
file: containers/${{ matrix.tags }}/Dockerfile
load: true
tags: ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
- name: Install pip
run: python -m pip install --upgrade pip
- name: Install python docker package
run : pip install docker jsonschema
- name: Validate image build metadata
run: |
python .github/workflows/scripts/validate_docker.py ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}} .github/workflows/scripts/jsonschema/docker_image.json
- name: Test JFrog image build
run: |
docker run --rm ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
- name: Push image build to JFrog registry
uses: docker/build-push-action@v5
with:
context: containers/${{ matrix.tags }}/
file: containers/${{ matrix.tags }}/Dockerfile
tags: ${{ env.JFROG_CONTAINER_REPO }}/${{ steps.docker_repo_name.outputs.name}}:${{steps.docker_repo_version.outputs.version}}
push: true
confirm-pass:
runs-on: ubuntu-latest
needs: [ dockerfile-changes, docker-validate-build, dockerfile-lint ]
if: always()
steps:
- name: All tests ok
if: ${{ success() || !contains(needs.*.result, 'failure') }}
run: exit 0
- name: One or more tests failed
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1
- name: debug-print
if: always()
run: |
echo "toJSON(needs) = ${{ toJSON(needs) }}"
echo "toJSON(needs.*.result) = ${{ toJSON(needs.*.result) }}"