Skip to content
Build and push Docker image

Build and push Docker image #157

Sign in to view logs

Build and push Docker image

Build and push Docker image #157

Workflow file for this run

.github/workflows/docker-push.yml at a111add
name: Build and push Docker image
on:
push:
branches:
- main
- "[Ss][Qq]-*"
tags:
- v*
schedule:
- cron: "30 9 * * 1"
jobs:
push:
runs-on: ubuntu-latest-m
permissions:
packages: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: agent
fetch-depth: 0
- name: Checkout backend-core
uses: actions/checkout@v4
with:
repository: Semalab/backend-core
token: ${{ secrets.GH_PAT }}
path: backend-core
- name: Checkout backend-activitypersistence
uses: actions/checkout@v4
with:
repository: Semalab/backend-activitypersistence
token: ${{ secrets.GH_PAT }}
path: backend-activitypersistence
- name: Checkout backend-commitanalysis
uses: actions/checkout@v4
with:
repository: Semalab/backend-commitanalysis
token: ${{ secrets.GH_PAT }}
path: backend-commitanalysis
- name: Checkout backend-gitblame
uses: actions/checkout@v4
with:
repository: Semalab/backend-gitblame
token: ${{ secrets.GH_PAT }}
path: backend-gitblame
- name: Checkout ai_engine
uses: actions/checkout@v4
with:
repository: Semalab/ai_engine
token: ${{ secrets.GH_PAT }}
path: ai_engine
submodules: true
- name: Checkout corresponding branches
run: |
for repo in backend-core backend-activitypersistence backend-commitanalysis backend-gitblame ai_engine; do
pushd $repo
if git ls-remote --exit-code --heads origin ${{ github.ref_name }}; then
git fetch origin ${{ github.ref_name }}
git switch --discard-changes ${{ github.ref_name }}
else
echo "Staying on default branch as ${{ github.ref_name }} does not exist in $repo"
fi
popd
done
- name: Build JARs
working-directory: agent
run: make build-jars
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Prepare AI Engine
working-directory: agent
run: make out/ai_engine.tar.gz ai-engine-models
- name: Get dependency-check cache
working-directory: agent
run: make download-cache
- name: Force update of dependency-check data
working-directory: agent/cache
if: github.event_name == 'schedule'
run: touch .cache
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
type=semver,pattern={{version}}
- name: Build and export to tarball
uses: docker/build-push-action@v5
with:
context: agent
file: agent/docker/Dockerfile
platforms: linux/amd64 # Add linux/arm64 when scancode becomes compatible with it
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=docker,dest=/tmp/agent.tar
# On a schedule, we want to refresh the dependency-check cache, both in
# the published image and in the S3 cache for developers.
- name: Build and export to Docker
id: build
uses: docker/build-push-action@v5
if: github.event_name == 'schedule'
with:
context: agent
file: agent/docker/Dockerfile
load: true
tags: sema-agent
- name: Upload dependency-check cache
working-directory: agent
if: github.event_name == 'schedule'
run: make upload-cache
# No need to compress - gzip -9 compresses by less than 0.5% here - the
# blobs are already compressed.
# - name: Compress image
# run: gzip /tmp/agent.tar
- name: Upload image to S3
run: aws s3 cp /tmp/agent.tar s3://sema-agent-images/$DOCKER_METADATA_OUTPUT_VERSION/agent-amd64.tar