Merge pull request #524 from jupyterhub/dependabot/npm_and_yarn/follo… #450
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a GitHub workflow defining a set of jobs with a set of steps. | |
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# | |
# Publish NPM package and Docker image | |
# | |
name: Release | |
on: | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/publish.yml" | |
push: | |
paths-ignore: | |
- "**.md" | |
- ".github/workflows/*" | |
- "!.github/workflows/publish.yml" | |
branches-ignore: | |
- "dependabot/**" | |
- "pre-commit-ci-update-config" | |
tags: | |
- "**" | |
workflow_dispatch: | |
jobs: | |
# Run tests using node, publish a package when tagged | |
# https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages | |
publish-npm: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
registry-url: https://registry.npmjs.org/ | |
- run: npm ci | |
- run: npm publish | |
if: startsWith(github.ref, 'refs/tags/') | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.npm_token }} | |
publish-docker: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
# Setup docker to build for multiple platforms, see: | |
# https://github.com/docker/build-push-action/tree/HEAD#usage | |
# https://github.com/docker/build-push-action/blob/HEAD/docs/advanced/multi-platform.md | |
- name: Set up QEMU (for docker buildx) | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx (for multi-arch builds) | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup push rights to Docker Hub | |
# This was setup by... | |
# 1. Creating a Docker Hub service account "jupyterhubbot" | |
# 2. Creating a access token for the service account specific to this | |
# repository: https://hub.docker.com/settings/security | |
# 3. Making the account part of the "bots" team, and granting that team | |
# permissions to push to the relevant images: | |
# https://hub.docker.com/orgs/jupyterhub/teams/bots/permissions | |
# 4. Registering the username and token as a secret for this repo: | |
# https://github.com/jupyterhub/configurable-http-proxy/settings/secrets/actions | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.DOCKERHUB_TOKEN }}" docker.io | |
# https://github.com/jupyterhub/action-major-minor-tag-calculator | |
# If this is a tagged build this will return additional parent tags. | |
# E.g. 1.2.3 is expanded to Docker tags | |
# [{prefix}:1.2.3, {prefix}:1.2, {prefix}:1, {prefix}:latest] unless | |
# this is a backported tag in which case the newer tags aren't updated. | |
# For branches this will return the branch name. | |
# If GITHUB_TOKEN isn't available (e.g. in PRs) returns no tags []. | |
- name: Get list of tags | |
id: gettags | |
uses: jupyterhub/action-major-minor-tag-calculator@v3 | |
with: | |
githubToken: ${{ secrets.GITHUB_TOKEN }} | |
prefix: >- | |
quay.io/jupyterhub/configurable-http-proxy: | |
jupyterhub/configurable-http-proxy: | |
defaultTag: quay.io/jupyterhub/configurable-http-proxy:noref | |
- name: Display tags | |
run: echo "Docker tags ${{ steps.gettags.outputs.tags }}" | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: ${{ startsWith(github.ref, 'refs/tags/') }} | |
# tags parameter must be a string input so convert `gettags` JSON | |
# array into a comma separated list of tags | |
tags: ${{ join(fromJson(steps.gettags.outputs.tags)) }} |