generated from berkeley-dsep-infra/hub-user-image-template
-
Notifications
You must be signed in to change notification settings - Fork 5
139 lines (124 loc) · 4.66 KB
/
build-push-create-pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Build and push container image, and push update to datahub repo if needed
on:
workflow_dispatch:
push:
branches:
- main
jobs:
build-and-push:
runs-on: ubuntu-latest
timeout-minutes: 90
env:
DOCKER_CONFIG: $HOME/.docker
IMAGE: ${{ vars.IMAGE }}
outputs:
image-tag: ${{ steps.build-and-push.outputs.IMAGE_SHA_TAG }}
steps:
- name: Check out the image repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files_ignore: |
README.md
CONTRIBUTING.md
LICENSE
.github/**
images/**
- name: Cleanup disk space
if: steps.changed-files.outputs.any_changed == 'true'
run: |
sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc
df -h
- name: Log in to GAR
if: steps.changed-files.outputs.any_changed == 'true'
uses: docker/login-action@v3
with:
registry: us-central1-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_SECRET_KEY }}
- name: Build the image and push to artifact registry
id: build-and-push
if: steps.changed-files.outputs.any_changed == 'true'
uses: jupyterhub/repo2docker-action@master
with:
FORCE_REPO2DOCKER_VERSION: jupyter-repo2docker==2024.07.0
DOCKER_REGISTRY: us-central1-docker.pkg.dev
IMAGE_NAME: ${{ env.IMAGE }}
# Disable pushing a 'latest' tag, as this often just causes confusion
LATEST_TAG_OFF: true
# Put repo contents in /srv/repo, rather than the default (/home/jovyan). The home directory
# is mounted over by persistent storage when we are using the built image in a JupyterHub, and
# so all contents put in /home/jovyan are lost. This particularly prevents any 'start' script from
# working, as it is needed in runtime.
REPO_DIR: /srv/repo
# Lets us monitor disks getting full as images get bigger over time
- name: Show how much disk space is left
run: df -h
update-deployment-image-tag:
runs-on: ubuntu-latest
needs: build-and-push
permissions:
contents: write
pull-requests: write
repository-projects: write
env:
HUB: ${{ vars.HUB }}
IMAGE: ${{ vars.IMAGE }}
IMAGE_TAG: ${{ needs.build-and-push.outputs.image-tag }}
steps:
- name: Checkout the datahub repo
if: ${{ env.IMAGE_TAG }}
uses: actions/checkout@v4
with:
token: ${{ secrets.DATAHUB_CREATE_PR }}
fetch-depth: 0
repository: 'berkeley-dsep-infra/datahub'
sparse-checkout: |
deployments/
- name: Set git identity
if: ${{ env.IMAGE_TAG }}
run: |
git config --global user.email "${{ vars.IMAGE_BUILDER_BOT_EMAIL }}"
git config --global user.name "${{ vars.IMAGE_BUILDER_BOT_NAME }}"
- name: Update the tag for any deployments that use this image
if: ${{ env.IMAGE_TAG }}
run: |
for deployment in $(grep -lr ${IMAGE} deployments/); do
old_hash=$(grep ${IMAGE} ${deployment} | awk -F":" '{print $3}')
new_hash=${IMAGE_TAG}
sed -i -e "s,${IMAGE}:${old_hash},${IMAGE}:${new_hash},g" ${deployment}
echo "Updated ${deployment} with new image tag ${new_hash}"
done
- name: Create feature branch, add, commit, push changes and open a pull request
if: ${{ env.IMAGE_TAG }}
env:
GH_TOKEN: ${{ secrets.DATAHUB_CREATE_PR }}
run: |
CHANGED_FILES=$(git status --porcelain -uno | awk '{print $2}')
git diff
git checkout -b update-${HUB}-image-tag-${IMAGE_TAG}
# to be safe, only add files that have changed
for file in $(echo -e ${CHANGED_FILES}); do
git add ${file}
done
BRANCH="update-${HUB}-image-tag-${IMAGE_TAG}"
MESSAGE="update ${HUB} image tag to ${IMAGE_TAG}"
git commit -m "${MESSAGE}"
git push origin ${BRANCH}
#
# now create a PR!
#
cat << EOF > ${HOME}/pr-body.txt
${MESSAGE}
${CHANGED_FILES}
EOF
BODY=$(cat ${HOME}/pr-body.txt)
gh pr new -t "${MESSAGE}" -b "${BODY}" -H${BRANCH} -Bstaging
- name: Print out a message if no PR is created
if: ${{ ! env.IMAGE_TAG }}
run: |
echo "Image not updated, no push to datahub repo required"