Skip to content

Add required token for tag check #30

Add required token for tag check

Add required token for tag check #30

name: 'Build & Push: base-glibc-debian-bash'
on:
push:
branches:
- main
paths:
- images/base-glibc-debian-bash/*
- .github/workflows/base-glibc-debian-bash.yaml
pull_request:
paths:
- images/base-glibc-debian-bash/*
- .github/workflows/base-glibc-debian-bash.yaml
jobs:
build:
name: Build & Push
runs-on: ubuntu-18.04
env:
# The base image is not intended to change often and should be used with
# version tags or checksum IDs, but not via "latest".
IMAGE_VERSION: '2.1.0'
IMAGE_NAME: base-glibc-debian-bash
DEBIAN_VERSION: '10.9'
steps:
- uses: actions/checkout@v2
- name: Build
id: buildah-build
run: |
set -xeu
cd 'images/${{ env.IMAGE_NAME }}'
iidfile="$( mktemp )"
buildah bud --layers \
--iidfile="${iidfile}" \
--build-arg=debian_version="${{ env.DEBIAN_VERSION }}"
image_id="$( cat "${iidfile}" )"
rm "${iidfile}"
container="$( buildah from "${image_id}" )"
run() { buildah run "${container}" "${@}" ; }
glibc="$( run sh -c 'exec "$( find /lib -name libc.so.6 -print -quit )"' | sed '1!d' )"
debian="$( run cat /etc/debian_version | sed '1!d' )"
bash="$( run bash --version | sed '1!d' )"
buildah rm "${container}"
container="$( buildah from "${image_id}" )"
buildah config --label=glibc="${glibc}" "${container}"
buildah config --label=debian="${debian}" "${container}"
glibc_version="$( printf %s "${glibc}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )"
debian_version="$( printf %s "${debian}" | sed -E 's|/|_|g' )"
bash_version="$( printf %s "${bash}" | sed -E 's/.*version ([0-9.]*[0-9]).*/\1/' )"
tags="
${{ env.IMAGE_VERSION }}
${{ env.IMAGE_VERSION }}_${glibc_version}_${debian_version}_${bash_version}
latest
"
image_id="$( buildah commit "${container}" )"
buildah rm "${container}"
image_name='${{ env.IMAGE_NAME }}'
for tag in ${tags} ; do
buildah tag "${image_id}" \
"${image_name}":"${tag}"
done
echo "::set-output name=image::${image_name}"
echo "::set-output name=tags::$( echo ${tags} )"
- name: Test
run: |
image='${{ steps.buildah-build.outputs.image }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
ids="$( printf %s "${ids}" | sort -u )"
for id in ${ids} ; do
podman history "${id}"
buildah bud \
--build-arg=base="${id}" \
--file=Dockerfile.test \
"images/${image}"
done
buildah rmi --prune || true
- name: Check Tags
run: |
# FIX upstream: Quay.io does not support immutable images currently.
# => Try to use the REST API to check for duplicate tags.
response=$(
curl -H "Authorization: Bearer $TOKEN" \
-sL \
'https://quay.io/api/v1/repository/bioconda/${{ steps.buildah-build.outputs.image }}/image'
)
existing_tags="$(
printf %s "${response}" \
| jq -r '.images[].tags[]'
)" \
|| {
printf %s\\n \
'Could not get list of image tags.' \
'Does the repository exist on Quay.io?' \
'Quay.io REST API response was:' \
"${respone}"
exit 1
}
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
if [ \! "${tag}" = latest ] ; then
if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then
printf 'Tag %s already exists!\n' "${tag}"
exit 1
fi
fi
done
env:
TOKEN: ${{ secrets.secrets.QUAY_BIOCONDA_TOKEN }}
- if: ${{ github.ref == 'refs/heads/main' }}
name: Push
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.buildah-build.outputs.image }}
tags: ${{ steps.buildah-build.outputs.tags }}
registry: ${{ secrets.QUAY_BIOCONDA_REPO }}
username: ${{ secrets.QUAY_BIOCONDA_USERNAME }}
password: ${{ secrets.QUAY_BIOCONDA_TOKEN }}
- if: ${{ github.ref == 'refs/heads/main' }}
name: Test Pushed
run: |
image='${{ steps.buildah-build.outputs.image }}'
ids="$(
for tag in ${{ steps.buildah-build.outputs.tags }} ; do
buildah images --quiet --no-trunc "${image}:${tag}"
done
)"
ids="$( printf %s "${ids}" | sort -u )"
for id in ${ids} ; do
podman history "${id}"
buildah bud \
--build-arg=base="${id}" \
--file=Dockerfile.test \
"images/${image}"
done
buildah rmi --prune || true