update key name for artifact registry #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push container image, and push update to datahub repo if needed | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
build-and-push: | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_CONFIG: $HOME/.docker | |
IMAGE: ${{ vars.IMAGE }} | |
outputs: | |
image-tag: ${{ steps.build-and-push.outputs.IMAGE_SHA_TAG }} | |
steps: | |
- name: Cleanup disk space | |
run: | | |
sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc | |
df -h | |
- name: Check out the image repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/changed-files@v44 | |
with: | |
files_ignore: | | |
README.md | |
CONTRIBUTING.md | |
LICENSE | |
.github/** | |
images/** | |
- name: Log in to GAR | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: us-central1-docker.pkg.dev | |
username: _json_key | |
password: ${{ secrets.GAR_SECRET_KEY_EDX }} | |
- name: Build the image and push to artifact registry | |
id: build-and-push | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: jupyterhub/repo2docker-action@master | |
with: | |
DOCKER_REGISTRY: us-central1-docker.pkg.dev | |
IMAGE_NAME: ${{ env.IMAGE }} | |
# Disable pushing a 'latest' tag, as this often just causes confusion | |
LATEST_TAG_OFF: true | |
# Put repo contents in /srv/repo, rather than the default (/home/jovyan). The home directory | |
# is mounted over by persistent storage when we are using the built image in a JupyterHub, and | |
# so all contents put in /home/jovyan are lost. This particularly prevents any 'start' script from | |
# working, as it is needed in runtime. | |
REPO_DIR: /srv/repo | |
# Lets us monitor disks getting full as images get bigger over time | |
- name: Show how much disk space is left | |
run: df -h | |
update-deployment-image-tag: | |
runs-on: ubuntu-latest | |
needs: build-and-push | |
env: | |
HUB: ${{ vars.HUB }} | |
IMAGE: ${{ vars.IMAGE }} | |
IMAGE_TAG: ${{ needs.build-and-push.outputs.image-tag }} | |
steps: | |
- name: Checkout the datahub repo | |
if: ${{ env.IMAGE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.DATAHUB_CREATE_PR }} | |
fetch-depth: 0 | |
repository: 'berkeley-dsep-infra/datahub' | |
sparse-checkout: | | |
deployments/ | |
hub/ | |
- name: Set git identity | |
if: ${{ env.IMAGE_TAG }} | |
run: | | |
git config --global user.email "${{ vars.IMAGE_BUILDER_BOT_EMAIL }}" | |
git config --global user.name "${{ vars.IMAGE_BUILDER_BOT_NAME }}" | |
- name: Update the tag for any deployments that use this image | |
if: ${{ env.IMAGE_TAG }} | |
run: | | |
for deployment in $(grep -lr ${IMAGE} deployments/ | grep hubploy.yaml); do | |
old_hash=$(grep ${IMAGE} ${deployment} | awk -F":" '{print $3}') | |
new_hash=${IMAGE_TAG} | |
sed -i -e "s/${old_hash}/${new_hash}/g" ${deployment} | |
echo "Updated ${deployment} with new image tag ${new_hash}" | |
done | |
- name: Create feature branch, add, commit and push changes | |
if: ${{ env.IMAGE_TAG }} | |
run: | | |
CHANGED_FILES=$(git status --porcelain -uno | awk '{print $2}') | |
git diff | |
git checkout -b update-${HUB}-image-tag-${IMAGE_TAG} | |
# to be safe, only add files that have changed | |
for file in $(echo -e ${CHANGED_FILES}); do | |
git add ${file} | |
done | |
git commit -m "update ${HUB} image tag to ${IMAGE_TAG}: ${CHANGED_FILES}" | |
git push origin update-${HUB}-image-tag-${IMAGE_TAG} | |
- name: Print out a message if no PR is created | |
if: ${{ ! env.IMAGE_TAG }} | |
run: | | |
echo "Image not updated, no push to datahub repo required" |