-
Notifications
You must be signed in to change notification settings - Fork 337
142 lines (126 loc) · 4.69 KB
/
container-autobuild.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Container IC Build Image
on:
pull_request:
paths:
- '.github/workflows/container-autobuild.yml'
- '.bazelversion'
- 'rust-toolchain.toml'
- 'ci/container/**'
push:
branches:
- 'dev-gh-*'
paths:
- '.github/workflows/container-autobuild.yml'
- '.bazelversion'
- 'rust-toolchain.toml'
- 'ci/container/**'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: write
packages: write
pull-requests: write
jobs:
ic-build-image:
name: Build Container Image
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 8
- name: Set Env Variables
shell: bash
id: envs
run: |
# Set relevant env variables
set -eExuo pipefail
IMAGE_TAG="$(ci/container/get-image-tag.sh)"
RUST_VERSION="$(grep channel rust-toolchain.toml | sed -e 's/.*=//' | tr -d '"')"
echo "IMAGE_TAG=${IMAGE_TAG}" >> "$GITHUB_ENV"
echo "RUST_VERSION=${RUST_VERSION}" >> "$GITHUB_ENV"
- name: Check Previous Builds
shell: bash
id: check
run: |
# Check if we've previously already built ic-build image
set -eExuo pipefail
if grep "$IMAGE_TAG" ci/container/TAG; then
echo "build=false" >> "$GITHUB_OUTPUT"
echo "Update with this image already in this PR!"
echo "Modify ci/container/TAG with random string to trigger new build."
else
echo "build=true" >> "$GITHUB_OUTPUT"
fi
env:
IMAGE_TAG: ${{ env.IMAGE_TAG }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@a530e948adbeb357dbca95a7f8845d385edf4438 # v3
if: ${{ steps.check.outputs.build == 'true' }}
- name: Login to GHCR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: ${{ steps.check.outputs.build == 'true' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Container Image
uses: docker/build-push-action@eb539f44b153603ccbfbd98e2ab9d4d0dcaf23a4 # v5
if: ${{ steps.check.outputs.build == 'true' }}
id: build
with:
context: .
file: ci/container/Dockerfile
push: true
tags: ghcr.io/${{ github.repository_owner }}/ic-build:${{ env.IMAGE_TAG }}
build-args: |
RUST_VERSION=${{ env.RUST_VERSION }}
CI_USER=1001
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
if: ${{ steps.check.outputs.build == 'true' }}
id: app-token
with:
app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
- name: Update Image References
shell: bash
if: ${{ steps.check.outputs.build == 'true' }}
run: |
# Update container image references
set -xeuo pipefail
IMG_NAME=${{ github.repository_owner }}/ic-build
IMG_NAME_FULL="ghcr.io/${IMG_NAME}@${{ env.IMAGE_SHA }}"
echo "$IMAGE_TAG" > ci/container/TAG
pushd .devcontainer
sed -i -E "s|(ghcr.io/)?$IMG_NAME(:\|@)[^\"]{5,}|$IMG_NAME_FULL|g" -- *
popd
pushd .github
sed -i -E "s|(ghcr.io/)?$IMG_NAME(:\|@)[^\"]{5,}|$IMG_NAME_FULL|g" -- workflow*/*
popd
git config --global user.name "IDX GitHub Automation"
git config --global user.email "<>"
git add .
git commit -m "Updating container image to ${IMAGE_SHA}" -m "Image tag: ${IMAGE_TAG}"
git push
env:
IMAGE_SHA: ${{ steps.build.outputs.imageid }}
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Add PR Comment
uses: actions/github-script@v7
if: ${{ steps.check.outputs.build == 'true' && github.event_name == 'pull_request' }}
with:
script: |
let message = 'Run URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n'
message += 'New container image: `${{ steps.build.outputs.imageid }}`\n'
message += 'New container tag: `${{ env.IMAGE_TAG }}`'
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: message
})