scheduled #1176
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy image to GHCR ๐ช | |
env: | |
REGISTRY: ghcr.io | |
# PLATFORMs is a comma-separted list of architectures to build for. | |
# We disable linux/arm64 due to runner mem saturation. | |
PLATFORMS: linux/amd64 | |
on: | |
repository_dispatch: | |
types: | |
- scheduled | |
workflow_dispatch: | |
inputs: | |
origin: | |
description: DockerHub org or username where the base image is located | |
required: true | |
type: choice | |
default: rocker | |
options: | |
- rocker | |
- rhub | |
distribution: | |
description: Rocker/RHub Distro Name. | |
required: true | |
type: choice | |
default: rstudio | |
options: | |
- rstudio | |
- rstudio-local | |
- gcc13 | |
- gcc14 | |
- atlas | |
- valgrind | |
- intel | |
- nosuggests | |
- mkl | |
r_version: | |
description: | | |
R version (also used as the tag to pull the origin image). | |
required: true | |
type: choice | |
default: "4.4.1" | |
options: | |
- "4.1.0" | |
- "4.1.1" | |
- "4.1.2" | |
- "4.1.3" | |
- "4.2.0" | |
- "4.2.1" | |
- "4.2.2" | |
- "4.3.0" | |
- "4.3.1" | |
- "4.3.2" | |
- "4.3.3" | |
- "4.4.0" | |
- "4.4.1" | |
- "latest" | |
latest_r_version: | |
description: | | |
R Version to be aliased as the 'latest' tag". | |
(Only relevant for rocker images). | |
required: false | |
type: string | |
default: "4.4.1" | |
bioc_version: | |
description: BioConductor Release | |
required: true | |
type: choice | |
default: "3.19" | |
options: | |
- "3.13" | |
- "3.14" | |
- "3.15" | |
- "3.16" | |
- "3.17" | |
- "3.18" | |
- "3.19" | |
- "devel" | |
latest_bioc_version: | |
description: | | |
BioC Version to be aliased as the 'latest' tag". | |
(Only relevant for rocker images). | |
required: false | |
type: string | |
default: "3.19" | |
tag: | |
description: | | |
Custom Image Tag/Version. Defaults to current date in the `YYYY.MM.DD` format if unspecified. | |
required: false | |
default: "" | |
tag_latest: | |
description: Tag image as `latest` | |
default: false | |
type: boolean | |
release_tag: | |
description: | | |
Release tag to which SBOM generated for image should be attached. | |
Release tags follow the `YYYY.MM.DD` format. | |
This must be specified if you want to upload artifacts to the release. | |
required: false | |
default: "" | |
jobs: | |
normalize-inputs: | |
name: Normalize inputs ๐งน | |
runs-on: ubuntu-latest | |
steps: | |
- name: Normalize ๐งฝ | |
id: normalizer | |
run: | | |
function normalize() { | |
local var=$1 | |
if [ "$var" == "" ] | |
then { | |
var=$2 | |
} | |
fi | |
echo ${var} | |
} | |
ORIGIN=$(normalize ${{ github.event.inputs.origin }} ${{ github.event.client_payload.origin }}) | |
DISTRIBUTION=$(normalize ${{ github.event.inputs.distribution }} ${{ github.event.client_payload.distribution }}) | |
ORIGIN_DISTRIBUTION=${DISTRIBUTION//"-local"} | |
R_VERSION=$(normalize ${{ github.event.inputs.r_version }} ${{ github.event.client_payload.r_version }}) | |
BIOC_VERSION=$(normalize ${{ github.event.inputs.bioc_version }} ${{ github.event.client_payload.bioc_version }}) | |
LATEST_R_VERSION=$(normalize ${{ github.event.inputs.latest_r_version }} ${{ github.event.client_payload.latest_r_version }}) | |
LATEST_BIOC_VERSION=$(normalize ${{ github.event.inputs.latest_bioc_version }} ${{ github.event.client_payload.latest_bioc_version }}) | |
TAG=$(normalize ${{ github.event.inputs.tag }} ${{ github.event.client_payload.tag }}) | |
TAG_LATEST=$(normalize ${{ github.event.inputs.tag_latest }} ${{ github.event.client_payload.tag_latest }}) | |
RELEASE_TAG=$(normalize ${{ github.event.inputs.release_tag }} ${{ github.event.client_payload.release_tag }}) | |
RELEASE_TAG=$(normalize ${RELEASE_TAG} $(date +%Y%m%d)) | |
echo "ORIGIN=$ORIGIN" >> $GITHUB_OUTPUT | |
echo "ORIGIN_DISTRIBUTION=$ORIGIN_DISTRIBUTION" >> $GITHUB_OUTPUT | |
echo "DISTRIBUTION=$DISTRIBUTION" >> $GITHUB_OUTPUT | |
echo "R_VERSION=$R_VERSION" >> $GITHUB_OUTPUT | |
echo "BIOC_VERSION=$BIOC_VERSION" >> $GITHUB_OUTPUT | |
echo "LATEST_R_VERSION=$LATEST_R_VERSION" >> $GITHUB_OUTPUT | |
echo "LATEST_BIOC_VERSION=$LATEST_BIOC_VERSION" >> $GITHUB_OUTPUT | |
echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
echo "TAG_LATEST=$TAG_LATEST" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_OUTPUT | |
shell: bash | |
outputs: | |
origin: ${{ steps.normalizer.outputs.ORIGIN }} | |
origin_distribution: ${{ steps.normalizer.outputs.ORIGIN_DISTRIBUTION }} | |
distribution: ${{ steps.normalizer.outputs.DISTRIBUTION }} | |
r_version: ${{ steps.normalizer.outputs.R_VERSION }} | |
bioc_version: ${{ steps.normalizer.outputs.BIOC_VERSION }} | |
latest_r_version: ${{ steps.normalizer.outputs.LATEST_R_VERSION }} | |
latest_bioc_version: ${{ steps.normalizer.outputs.LATEST_BIOC_VERSION }} | |
tag: ${{ steps.normalizer.outputs.TAG }} | |
tag_latest: ${{ steps.normalizer.outputs.TAG_LATEST }} | |
release_tag: ${{ steps.normalizer.outputs.RELEASE_TAG }} | |
build: | |
runs-on: ubuntu-latest | |
needs: normalize-inputs | |
name: Build & Deploy ๐ ${{ needs.normalize-inputs.outputs.distribution }} - ${{ needs.normalize-inputs.outputs.r_version }} | BioC - ${{ needs.normalize-inputs.outputs.bioc_version }} | |
# Token permissions | |
permissions: | |
contents: read | |
packages: write | |
# Build steps | |
steps: | |
- name: Reclaim Disk Space ๐ฎ | |
uses: insightsengineering/disk-space-reclaimer@v1 | |
with: | |
tools-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: false | |
docker-images: true | |
- name: Checkout repository ๐ณ | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
id: buildx | |
with: | |
install: true | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: ${{ env.PLATFORMS }} | |
- name: Cache Docker layers โป๏ธ | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}-${{ needs.normalize-inputs.outputs.bioc_version }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}-${{ needs.normalize-inputs.outputs.bioc_version }} | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}-${{ needs.normalize-inputs.outputs.r_version }}- | |
${{ runner.os }}-buildx-${{ needs.normalize-inputs.outputs.distribution }}- | |
${{ runner.os }}-buildx- | |
- name: Log in to the Container registry ๐ | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set build variables ๐ | |
id: build_vars | |
run: | | |
# Set Image name | |
image_name="${{ needs.normalize-inputs.outputs.distribution }}_${{ needs.normalize-inputs.outputs.r_version }}_bioc_${{ needs.normalize-inputs.outputs.bioc_version }}" | |
# For Fedora-based rhub images. | |
if [[ "${{ needs.normalize-inputs.outputs.distribution }}" =~ ^gcc.*|^atlas$|^valgrind$|^intel$|^nosuggests$|^mkl$ ]] | |
then { | |
image_name="${{ needs.normalize-inputs.outputs.distribution }}" | |
} | |
fi | |
# Set default tag as 'YYYY.MM.DD' date if it isn't set | |
tag="${{ needs.normalize-inputs.outputs.tag }}" | |
if [ "${tag}" == "" ] | |
then { | |
tag=$(date +%Y.%m.%d) | |
} | |
fi | |
tag_latest="${{ needs.normalize-inputs.outputs.tag_latest }}" | |
# Set full image name | |
full_names="${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:${tag}" | |
echo "OUTPUT_IMAGE_NAME=${full_names}" >> $GITHUB_OUTPUT | |
if [ "${tag_latest}" == "true" ] | |
then | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${image_name}:latest" | |
fi | |
if [ "${image_name}" == "rstudio-local_${{ needs.normalize-inputs.outputs.latest_r_version }}_bioc_${{ needs.normalize-inputs.outputs.latest_bioc_version }}" ] \ | |
|| [ "${image_name}" == "rstudio_${{ needs.normalize-inputs.outputs.latest_r_version }}_bioc_${{ needs.normalize-inputs.outputs.latest_bioc_version }}" ] | |
then | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ needs.normalize-inputs.outputs.distribution }}:latest" | |
full_names="$full_names,${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ needs.normalize-inputs.outputs.distribution }}:${tag}" | |
fi | |
echo "FULL_NAMES=${full_names}" >> $GITHUB_OUTPUT | |
echo "github.ref = ${{ github.ref }}" | |
# Set push if branch is main | |
if [ "${{ github.ref }}" == 'refs/heads/main' ]; then | |
echo "DOCKER_PUSH=true" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = true" | |
else | |
echo "DOCKER_PUSH=false" >> $GITHUB_OUTPUT | |
echo "DOCKER_PUSH = false" | |
fi | |
echo "SBOM_OUTPUT_FILENAME=$GITHUB_WORKSPACE/sbom.json" >> $GITHUB_OUTPUT | |
- name: Build and push image ๐ | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./ | |
file: Dockerfile | |
push: ${{ steps.build_vars.outputs.DOCKER_PUSH }} | |
tags: ${{ steps.build_vars.outputs.FULL_NAMES }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
build-args: | | |
ORIGIN=${{ needs.normalize-inputs.outputs.origin }} | |
ORIGIN_DISTRIBUTION=${{ needs.normalize-inputs.outputs.origin_distribution }} | |
DISTRIBUTION=${{ needs.normalize-inputs.outputs.distribution }} | |
R_VERSION=${{ needs.normalize-inputs.outputs.r_version }} | |
BIOC_VERSION=${{ needs.normalize-inputs.outputs.bioc_version }} | |
platforms: ${{ env.PLATFORMS }} | |
- name: Generate image manifest and R package list ๐ณ | |
run: | | |
docker manifest inspect ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} > manifest.json | |
docker run -v ${PWD}:/app ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }} \ | |
R -e 'write.csv(installed.packages(), file="/app/package_list.csv")' | |
- name: Reclaim Disk Space for SBOM Generation ๐ฎ | |
uses: insightsengineering/disk-space-reclaimer@v1 | |
with: | |
tools-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: false | |
docker-images: true | |
- name: Generate SBOM ๐ | |
uses: anchore/sbom-action@v0 | |
with: | |
image: "${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}" | |
output-file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
artifact-name: "sbom.spdx" | |
- name: Upload image manifest to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
if: "${{ needs.normalize-inputs.outputs.release_tag }} != ''" | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "manifest.json" | |
asset_name: "image.manifest.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Upload R package list to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
if: "${{ needs.normalize-inputs.outputs.release_tag }} != ''" | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "package_list.csv" | |
asset_name: "package.list.${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.csv" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Upload SBOM to release ๐ผ | |
uses: svenstaro/upload-release-action@v2 | |
if: "${{ needs.normalize-inputs.outputs.release_tag }} != ''" | |
with: | |
repo_token: ${{ secrets.REPO_GITHUB_TOKEN }} | |
file: "${{ steps.build_vars.outputs.SBOM_OUTPUT_FILENAME }}" | |
asset_name: "SBOM for ${{ steps.build_vars.outputs.OUTPUT_IMAGE_NAME }}.spdx.json" | |
tag: "${{ needs.normalize-inputs.outputs.release_tag }}" | |
overwrite: true | |
- name: Move cache โป๏ธ | |
run: | | |
rm -rf /tmp/.buildx-cache | |
if [ -f /tmp/.buildx-cache-new ] | |
then { | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
} | |
fi |