-
Notifications
You must be signed in to change notification settings - Fork 0
135 lines (121 loc) · 4.16 KB
/
build_push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
name: Build and Publish Image
env:
REGISTRY: ghcr.io
CRAN_PM: https://packagemanager.posit.co/cran/__linux__
OS_NAME: ubuntu
OS_VERSION: jammy
on:
workflow_dispatch:
inputs:
r_version:
description: R Version
required: true
type: choice
default: "4.3.2"
options:
- "4.3.2"
- "latest"
quarto_version:
description: Quarto version
required: true
type: choice
default: "1.3.450"
options:
- "1.3.450"
- "latest"
pandoc_version:
description: Pandoc version
required: true
type: choice
default: "2.9.2.1"
options:
- "2.9.2.1"
- "latest"
cran_snapshot_date:
description: CRAN packages snapshot date (YYYY-MM-DD)
required: true
default: "2024-01-12"
type: string
custom_tag:
description: Custom image tag
required: false
default: ""
type: string
jobs:
build_publish:
name: Build and Publish Image
runs-on: ubuntu-latest
permissions:
packages: write
outputs:
image: ${{ steps.build_vars.outputs.IMAGE_NAME }}
tag: ${{ steps.build_vars.outputs.IMAGE_DATE_TAG }}
steps:
- name: Checkout project ⬇️
uses: actions/checkout@v4
- name: Checkout Rocker project ⬇️
uses: actions/checkout@v4
with:
repository: rocker-org/rocker-versioned2
path: ./rocker_scripts
ref: master
- name: Set up Docker Buildx 📐
uses: docker/setup-buildx-action@v3
with:
install: true
- name: Log in to the container registry 🗝️
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set build variables ✏️
id: build_vars
shell: bash
run: |
echo "IMAGE_DATE_TAG=$(date +%Y.%m.%d)" >> $GITHUB_OUTPUT
CRAN_DATE=$(echo ${{ github.event.inputs.cran_snapshot_date }} | sed 's/-/\./g')
IMAGE_NAME=${{ env.REGISTRY }}/${{ github.repository_owner }}/r_${{ github.event.inputs.r_version }}_cran_${CRAN_DATE}
echo "IMAGE_NAME=${IMAGE_NAME,,}" >> $GITHUB_OUTPUT
- name: Docker metadata 🐋
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ steps.build_vars.outputs.IMAGE_NAME }}
tags: |
${{ steps.build_vars.outputs.IMAGE_DATE_TAG }}
${{ github.event.inputs.custom_tag }}
type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
labels: |
org.opencontainers.image.description=Image used in CI workflows by the Boehringer-Ingelheim organisation
org.opencontainers.image.vendor=Boehringer-Ingelheim
- name: Build and push image 🛠️
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
platforms: linux/amd64
cache-from: type=registry,ref=${{ steps.build_vars.outputs.IMAGE_NAME }}:cache
cache-to: type=registry,ref=${{ steps.build_vars.outputs.IMAGE_NAME }}:cache,mode=min
build-args: |
R_VERSION=${{ github.event.inputs.r_version }}
CRAN=${{ env.CRAN_PM }}/${{ env.OS_VERSION }}/${{ github.event.inputs.cran_snapshot_date }}
OS_NAME=${{ env.OS_NAME }}
OS_VERSION=${{ env.OS_VERSION }}
PANDOC_VERSION=${{ github.event.inputs.pandoc_version }}
QUARTO_VERSION=${{ github.event.inputs.quarto_version }}
sec_ops:
name: SecOps
needs: build_publish
runs-on: ubuntu-latest
steps:
- name: Update security artifacts
uses: boehringer-ingelheim/dv.ci-images/.github/workflows/secops.yml@secops
with:
image_tag: "${{ needs.build_publish.outputs.image }}:${{ needs.build_publish.outputs.tag }}"