Build and Push Docker and Singularity Images #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker and Singularity Images | |
| on: | |
| release: | |
| types: [created] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag for the release' | |
| required: false | |
| default: '' | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| SINGULARITY_LIBRARY_TOKEN: ${{ secrets.SINGULARITY_LIBRARY_TOKEN }} | |
| SIGNING_PRIVATE_KEY_BASE64: ${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }} | |
| SIGNING_PUBLIC_KEY_BASE64: ${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }} | |
| SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
| DOCKER_IMAGE_NAME: opaino/genopred_pipeline | |
| SINGULARITY_IMAGE_NAME: library://opain/genopred/genopred_pipeline | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| DOCKERFILE_PATH: pipeline/misc/docker/Dockerfile | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Export Secrets to Environment | |
| run: | | |
| echo "SINGULARITY_LIBRARY_TOKEN=${{ secrets.SINGULARITY_LIBRARY_TOKEN }}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin | |
| - name: Set Tag | |
| id: set_tag | |
| run: | | |
| if [ "${{ github.event_name }}" == "release" ]; then | |
| echo "::set-output name=tag::${{ github.event.release.tag_name }}" | |
| else | |
| echo "::set-output name=tag::${{ github.event.inputs.tag || github.sha }}" | |
| fi | |
| # - name: Set up Docker Buildx | |
| # run: | | |
| # docker buildx build --platform linux/amd64 -f $DOCKERFILE_PATH -t $DOCKER_IMAGE_NAME:latest -t $DOCKER_IMAGE_NAME:${{ steps.set_tag.outputs.tag }} --push . | |
| # | |
| - name: Setup Apptainer | |
| uses: eWaterCycle/[email protected] | |
| - name: Convert Docker Image to Singularity SIF | |
| run: | | |
| apptainer pull image.sif docker://${DOCKER_IMAGE_NAME}:latest | |
| - name: Install expect | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y expect | |
| - name: Decode and Import Signing Keys | |
| run: | | |
| echo "${{ secrets.SIGNING_PRIVATE_KEY_BASE64 }}" | base64 --decode > private.key | |
| echo "${{ secrets.SIGNING_PUBLIC_KEY_BASE64 }}" | base64 --decode > public.key | |
| expect -c ' | |
| spawn apptainer key import private.key | |
| expect "Enter your key passphrase : " | |
| send -- "${{ secrets.SIGNING_KEY_PASSWORD }}\r" | |
| expect eof | |
| ' | |
| expect -c ' | |
| spawn apptainer key import public.key | |
| expect "Enter your key passphrase : " | |
| send -- "${{ secrets.SIGNING_KEY_PASSWORD }}\r" | |
| expect eof | |
| ' | |
| - name: Sign the Singularity Image | |
| run: | | |
| expect -c ' | |
| spawn apptainer sign image.sif | |
| expect "Enter your key passphrase : " | |
| send -- "${{ secrets.SIGNING_KEY_PASSWORD }}\r" | |
| expect eof | |
| ' | |
| - name: Create Token File | |
| run: echo "${{ secrets.SINGULARITY_LIBRARY_TOKEN }}" > tokenfile | |
| - name: Login to Singularity Library | |
| run: | | |
| apptainer remote add --no-login SylabsCloud cloud.sycloud.io | |
| apptainer remote use SylabsCloud | |
| apptainer remote login --tokenfile tokenfile | |
| - name: Push Singularity Image to Singularity Library | |
| run: | | |
| apptainer push image.sif $SINGULARITY_IMAGE_NAME:latest | |
| - name: Setup tmate session | |
| if: ${{ failure() }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: 60 |