Skip to content
Build docker image

Common release process #109

Sign in to view logs

Common release process

Common release process #109

Workflow file for this run

.github/workflows/build_docker.yaml at c2eb287
name: Build docker image
on:
workflow_dispatch:
push:
branches:
- 'main'
tags:
- 'v*'
pull_request:
env:
REGISTRY: ghcr.io
IMAGE: ghcr.io/openmethane/openmethane-prior
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
platform:
# - linux/arm64
- linux/amd64
permissions:
contents: read
packages: write
outputs:
digest: ${{ steps.build.outputs.digest }}
registry-image-id: ${{ steps.remote-image-id.outputs.REMOTE_ID }}
# Builds and pushes the image
# Tags the image with the PR that it is linked to
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ env.IMAGE }}"
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
- name: Build and push image
uses: docker/build-push-action@v5
id: build
with:
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
push: true
pull: false
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Construct remote image id
id: remote-image-id
run: |
echo "REMOTE_ID=${{ env.IMAGE }}@${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
test-unit:
# Simple test suite to verify that the docker container works as expected
timeout-minutes: 10
runs-on: ubuntu-latest
needs: build
permissions:
contents: read
packages: read
container:
image: ghcr.io/openmethane/openmethane-prior@${{ needs.build.outputs.digest }}
credentials:
username: ${{ github.actor }}
password: ${{ secrets.github_token }}
steps:
- name: Run a quick test suite
run: |
cd /opt/project
cp .env.example .env
python -m pytest -r a -v tests/integration/test_domain_json.py
env:
CDSAPI_KEY: ${{ secrets.CDSAPI_ADS_KEY }}
CDSAPI_URL: https://ads.atmosphere.copernicus.eu/api
# Determine additional tags to apply to the image
image-tags:
runs-on: ubuntu-latest
needs: [ test-unit ]
outputs:
tags: ${{ steps.meta.outputs.tags }}
steps:
- name: Checkout code
uses: actions/checkout@v4
# check if the triggering ref is a vX.Y.Z tag and NOT vX.Y.Za0 (prerelease)
- name: Check for stable release
id: check-stable
if: startsWith(github.event.ref, 'refs/tags/v')
run: |
if [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "STABLE_RELEASE=true" >> $GITHUB_OUTPUT
fi
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ env.IMAGE }}"
tags: |
type=ref,event=pr
type=pep440,pattern={{version}}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.event.ref, 'refs/tags/v') }}
type=raw,value=stable,enable=${{ steps.check-stable.outputs.STABLE_RELEASE == 'true' }}
tag-image-ghcr:
runs-on: ubuntu-latest
needs: [ build, image-tags ]
if: ${{ needs.image-tags.outputs.tags }}
permissions:
contents: read
packages: write
steps:
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull built docker image
run: |
docker pull ${{ needs.build.outputs.registry-image-id }}
- name: Tag and push docker image
run: |
TAGS="${{ needs.image-tags.outputs.tags }}"
IFS=$'\n'
for tag in $TAGS; do
echo "Tagging ${{ needs.build.outputs.registry-image-id }} as $tag"
docker tag "${{ needs.build.outputs.registry-image-id }}" "$tag"
docker push "$tag"
done
# Push the image to ECR as well
push-ecr:
runs-on: ubuntu-latest
strategy:
matrix:
account_id:
- "654654509571"
- "058264429703"
include:
- account_id: "654654509571"
aws_access_key_secret: "AWS_ACCESS_KEY_ID_SANDBOX"
aws_secret_access_key_secret: "AWS_SECRET_ACCESS_KEY_SANDBOX"
- account_id: "058264429703"
aws_access_key_secret: "AWS_ACCESS_KEY_ID_PROD"
aws_secret_access_key_secret: "AWS_SECRET_ACCESS_KEY_PROD"
needs: [ build, image-tags ]
if: ${{ needs.image-tags.outputs.tags }}
permissions:
contents: read
packages: read
env:
ECR_IMAGE: ${{ matrix.account_id }}.dkr.ecr.ap-southeast-2.amazonaws.com/openmethane/openmethane
steps:
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
# TODO: Use the OIDC token instead of the access key
with:
aws-access-key-id: ${{ secrets[matrix.aws_access_key_secret] }}
aws-secret-access-key: ${{ secrets[matrix.aws_secret_access_key_secret] }}
aws-region: ap-southeast-2
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Pull built docker image
run: |
docker pull "${{ needs.build.outputs.registry-image-id }}"
- name: Tag and push docker image to Amazon ECR
# Replace the ghcr.io portion of the tags with the ECR URL so the tags
# are pushed to the right registry
run: |
TAGS="${{ needs.image-tags.outputs.tags }}"
IFS=$'\n'
for tag in $TAGS; do
ECR_TAG=${tag/"${{ env.IMAGE }}"/"${{ env.ECR_IMAGE }}"}
echo "Tagging ${{ needs.build.outputs.registry-image-id }} as $ECR_TAG"
docker tag "${{ needs.build.outputs.registry-image-id }}" "$ECR_TAG"
docker push "$ECR_TAG"
done