-
Notifications
You must be signed in to change notification settings - Fork 14
152 lines (134 loc) · 5.64 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Docker Image CI
on:
push:
branches: [ master ]
tags: [ '*.*.*' ]
pull_request:
branches: [ master ]
workflow_dispatch:
inputs:
versionTag:
description: 'Version tag to push to Docker Hub (lowercase, alphanumeric)'
required: true
type: string
jobs:
build_test_push:
runs-on: ubuntu-latest
strategy:
fail-fast: false # So that remaining jobs don't instantly quit if one fails (e.g, CPU/ROCm don't upload if CUDA just fails to push to ghcr...)
# matrix:
# include: # Platform locates Dockerfile ("Dockerfile-{PLATFORM}"), docker tag has to be all lowercase alphanumeric for mysterious docker reasons
# - platform: CPU
# dockertag: cpu
# - platform: ROCm
# dockertag: rocm
steps:
- name: Check out the repository
uses: actions/checkout@v3
with:
# lfs: false
submodules: 'true'
# - name: Check if the repository has changed
# run: ls -l
- name: Docker prune to save space # If you switch to self-hosted runners, this should be removed.
run: echo y | docker system prune -a
- name: Check free space before
run: |
echo "Free space:"
df -h
- name: Free Disk Space (Ubuntu)
run: |
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
- name: Check free space after
run: |
echo "Free space:"
df -h
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
with:
cosign-release: 'v1.4.0'
- name: Log into GitHub Packages registry (ghcr.io)
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/fets-ai/front-end
flavor: | # Handle prefixing and "latest" generation -- use "tags" property to specify events/tags further
latest=true
tags: |
type=semver,pattern={{version}}
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
# Build Docker Image (but don't push yet -- wait for the test step first).
# https://github.com/docker/build-push-action
- name: Build Docker images
id: build
uses: docker/build-push-action@v4
with:
context: .
# cache-from: type=local,src=${{ github.workspace }}
# build-args: --mount 'type=bind,src=${{ github.workspace }},target=/Front-End,readwrite' #-v ${{ github.workspace }}:/Front-End
file: ./Dockerfile
push: false
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# - uses: addnab/docker-run-action@v3
# with:
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# registry: ghcr.io
# image: ghcr.io/fets-ai/front-end:latest
# options: -v ${{ github.workspace }}:/Front-End
# run: |
# echo "Running Script"
# /work/run-script
# - name: Build the Docker image
# run: docker build . -v /Front-End:/home/runner/work/Front-End/Front-End/ --file Dockerfile --tag ${{ steps.meta.outputs.tags }}
# Run the image from the base entrypoint as a test
- name: Test container with entrypoint
# Run a tag we generated from the metadata extraction above -- they're all the same image, but echo it regardless just so we know.
run: |
docker run --rm ghcr.io/fets-ai/front-end:latest -h
docker run --entrypoint /Front-End/bin/install/appdir/usr/bin/BraTSPipeline ghcr.io/fets-ai/front-end:latest -h
# Push Docker image with Buildx (but don't push on PR)
# https://github.com/docker/build-push-action
# This won't re-build the images fully or anything, they should already exist from the build step and use the cache.
- name: Upload to Docker Hub (docker.io) and GitHub Packages (ghcr.io)
id: upload
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Below is for signing images (keyless) with cosign. But this adds confusing sha256-digest.sig tags to the container registry.
# Leave this commented if container signing is not required.
# # Sign the resulting Docker image digest except on PRs.
# # Uses cosign keyless signing: https://github.com/sigstore/cosign/blob/main/KEYLESS.md
# # This will only write to the public Rekor transparency log when the Docker
# # repository is public to avoid leaking data. If you would like to publish
# # transparency data even for private images, pass --force to cosign below.
# # https://github.com/sigstore/cosign
#- name: Sign published Docker image (ghcr.io)
# if: ${{ github.event_name != 'pull_request' }}
# env:
# COSIGN_EXPERIMENTAL: "true"
# # This step uses the identity token to provision an ephemeral certificate
# # against the sigstore community Fulcio instance.
# run: cosign sign ghcr.io/fets-ai/front-end@${{ steps.upload.outputs.digest }}