-
Notifications
You must be signed in to change notification settings - Fork 1
117 lines (104 loc) · 4.13 KB
/
self-hosted.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: self-hosted
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
# Job to run change detection
changes:
runs-on: [self-hosted,multi-arch]
outputs:
images: ${{ steps.filter.outputs.changes }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
base: ${{ github.ref }}
filters: |
python/3.9/focal: 'python/3.9/focal/**'
python/3.9/slim-focal: 'python/3.9/slim-focal/**'
python/3.9/jammy: 'python/3.9/jammy/**'
python/3.9/slim-jammy: 'python/3.9/slim-jammy/**'
python/3.10/focal: 'python/3.10/focal/**'
python/3.10/slim-focal: 'python/3.10/slim-focal/**'
python/3.10/jammy: 'python/3.10/jammy/**'
python/3.10/slim-jammy: 'python/3.10/slim-jammy/**'
build:
needs: changes
strategy:
matrix:
image: ${{ fromJSON(needs.changes.outputs.images) }}
if: ${{ needs.changes.outputs.images != '[]' && needs.changes.outputs.images != '' }}
runs-on: [self-hosted]
defaults:
run:
working-directory: ${{ matrix.image }}
steps:
- uses: actions/checkout@v4
- name: Check the Containerfile with hadolint
shell: bash
working-directory: ${{ matrix.image }}
run: |
$(git rev-parse --show-toplevel)/bin/lint.sh
# Intentionally not using docker/setup-buildx-action, configured in Chef
- name: Build locally for testing
uses: docker/bake-action@v4
with:
workdir: ${{ matrix.image }}
targets: local
load: true
- name: Run tests on the image with cinc-auditor
shell: bash
working-directory: ${{ matrix.image }}
run: |
json_data="$(docker buildx bake local --print 2>/dev/null)"
test_image=$(echo "$json_data" | jq -r '.target | to_entries[0].value | .tags[0]')
$(git rev-parse --show-toplevel)/bin/test-matrix.sh $test_image
- name: Login to DockerHub
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
- name: Build and push
uses: docker/bake-action@v4
# env:
# TAG_PREFIX: docker.crake-nexus.org.boxcutter.net/ros
with:
workdir: ${{ matrix.image }}
push: ${{ github.event_name != 'pull_request' }}
# set: |
# _common.args.ROS_PACKAGES_URI=http://crake-nexus.org.boxcutter.net/repository/ros-apt-proxy
# _common.args.RAW_GITHUBUSERCONTENT_BASE_URL=https://crake-nexus.org.boxcutter.net/repository/githubusercontent-proxy
- name: Get the image name
if: ${{ github.event_name != 'pull_request' }}
id: image_name
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "image_name=$($(git rev-parse --show-toplevel)/bin/image-name.sh)" >> $GITHUB_ENV
- name: Get the image description
if: ${{ github.event_name != 'pull_request' }}
id: image_description
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "image_description=$($(git rev-parse --show-toplevel)/bin/image-description.sh)" >> $GITHUB_ENV
- name: Get the image readme filepath
if: ${{ github.event_name != 'pull_request' }}
id: image_readme_filepath
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "image_readme_filepath=$($(git rev-parse --show-toplevel)/bin/image-readme.sh)" >> $GITHUB_ENV
- name: Update Docker Hub Description
if: ${{ github.event_name != 'pull_request' }}
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_DESCRIPTION_PASSWORD }}
repository: polymathrobotics/${{ env.image_name }}
short-description: ${{ env.image_description }}
readme-filepath: ${{ env.image_readme_filepath }}