Build and Push Docker and Singularity Images #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker and Singularity Images | |
| on: | |
| release: | |
| types: [created] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag for the release' | |
| required: false | |
| default: '' | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| SINGULARITY_LIBRARY_TOKEN: ${{ secrets.SINGULARITY_LIBRARY_TOKEN }} | |
| SIGNING_PRIVATE_KEY_BASE64: ${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }} | |
| SIGNING_PUBLIC_KEY_BASE64: ${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }} | |
| DOCKER_IMAGE_NAME: opaino/genopred_pipeline | |
| SINGULARITY_IMAGE_NAME: library://opain/genopred | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| DOCKERFILE_PATH: pipeline/misc/docker/Dockerfile | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin | |
| - name: Set Tag | |
| id: set_tag | |
| run: | | |
| if [ "${{ github.event_name }}" == "release" ]; then | |
| echo "::set-output name=tag::${{ github.event.release.tag_name }}" | |
| else | |
| echo "::set-output name=tag::${{ github.event.inputs.tag || github.sha }}" | |
| fi | |
| # - name: Set up Docker Buildx | |
| # run: | | |
| # docker buildx build --platform linux/amd64 -f $DOCKERFILE_PATH -t $DOCKER_IMAGE_NAME:latest -t $DOCKER_IMAGE_NAME:${{ steps.set_tag.outputs.tag }} --push . | |
| # | |
| - name: Setup Apptainer | |
| uses: eWaterCycle/[email protected] | |
| - name: Convert Docker Image to Singularity SIF | |
| run: | | |
| apptainer pull ${GITHUB_WORKSPACE}/image.sif docker://${DOCKER_IMAGE_NAME}:latest | |
| - name: Decode and Import Signing Keys | |
| run: | | |
| echo "${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }}" | base64 --decode > private.key | |
| echo "${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }}" | base64 --decode > public.key | |
| apptainer key import private.key | |
| apptainer key import public.key | |
| - name: Sign the Singularity Image | |
| run: | | |
| apptainer sign ${GITHUB_WORKSPACE}/image.sif | |
| - name: Create Token File | |
| run: echo "${{ secrets.SINGULARITY_LIBRARY_TOKEN }}" > ${GITHUB_WORKSPACE}/tokenfile | |
| - name: Login to Singularity Library | |
| run: apptainer remote login --tokenfile ${GITHUB_WORKSPACE}/tokenfile | |
| - name: Push Singularity Image to Singularity Library | |
| run: | | |
| apptainer push ${GITHUB_WORKSPACE}/image.sif $SINGULARITY_IMAGE_NAME:latest | |
| apptainer push ${GITHUB_WORKSPACE}/image.sif $SINGULARITY_IMAGE_NAME:${{ steps.set_tag.outputs.tag }} | |