Replace BUILD_PAT
with GITHUB_TOKEN
#261
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
schedule: | |
- cron: '0 12 * * 1' # If updating this value, be sure to update logic for all `push-image` arguments! | |
push: | |
branches: | |
- main | |
- dev | |
pull_request: | |
name: Release - Build, Test, Scan, and Push | |
jobs: | |
build-base: | |
runs-on: ubuntu-latest | |
name: product-base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} | |
concurrency: | |
group: base-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }}-${{ github.ref }} | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
steps: | |
- name: Check Out Repo - cron main | |
if: github.event.schedule == '0 12 * * 1' | |
uses: actions/checkout@v3 | |
with: | |
ref: main | |
- name: Check Out Repo | |
if: github.event.schedule != '0 12 * * 1' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-base-args ${{ matrix.config.os }} product-base \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-base-tags ${{ matrix.config.os }} product-base \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./product/base | |
os: ${{ matrix.config.os }} | |
product: product-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./product/base | |
os: ${{ matrix.config.os }} | |
product: product-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# End retry logic | |
build-base-pro: | |
needs: build-base | |
runs-on: ubuntu-latest | |
name: product-base-pro-build-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
concurrency: | |
group: build-base-pro-${{ matrix.config.os }}-r${{ matrix.config.r-primary }}_${{ matrix.config.r-alternate }}-py${{ matrix.config.py-primary }}_${{ matrix.config.py-alternate }}-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Check Out Repo - cron main | |
if: github.event.schedule == '0 12 * * 1' | |
uses: actions/checkout@v3 | |
with: | |
ref: main | |
- name: Check Out Repo | |
if: github.event.schedule != '0 12 * * 1' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-base-args ${{ matrix.config.os }} product-base-pro \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-base-tags ${{ matrix.config.os }} product-base-pro \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./product/pro | |
os: ${{ matrix.config.os }} | |
product: product-base-pro | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./product/pro | |
os: ${{ matrix.config.os }} | |
product: product-base-pro | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# End retry logic | |
build-products: | |
needs: [ build-base, build-base-pro ] | |
runs-on: ubuntu-latest | |
name: build-${{ matrix.config.product }}-${{ matrix.config.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- {product: 'workbench', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {product: 'connect', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: 'connect-content-init', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: 'package-manager', os: 'ubuntu1804', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {product: 'package-manager', os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"} | |
- {product: 'r-session-complete', os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {product: 'r-session-complete', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {product: 'workbench-for-microsoft-azure-ml', os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
concurrency: | |
group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Check Out Repo - cron main | |
if: github.event.schedule == '0 12 * * 1' | |
uses: actions/checkout@v3 | |
with: | |
ref: main | |
- name: Check Out Repo | |
if: github.event.schedule != '0 12 * * 1' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Version | |
id: get-version | |
run: | | |
VERSION=`just -f ci.Justfile get-version ${{ matrix.config.product }} --type=release --local` | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-product-args \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-product-tags \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: ${{ matrix.config.product }} | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: ${{ matrix.config.product }} | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.BUILD_PAT }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
# End retry logic | |
build-workbench-for-google-cloud-workstations: | |
needs: [ build-base, build-base-pro ] | |
runs-on: ubuntu-latest | |
name: build-workbench-for-google-cloud-workstations | |
concurrency: | |
group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Check Out Repo - cron main | |
if: github.event.schedule == '0 12 * * 1' | |
uses: actions/checkout@v3 | |
with: | |
ref: main | |
- name: Check Out Repo | |
if: github.event.schedule != '0 12 * * 1' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Version | |
id: get-version | |
run: | | |
VERSION=$(just workbench-for-google-cloud-workstations/get-version) | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$(just workbench-for-google-cloud-workstations/get-build-args) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$(just workbench-for-google-cloud-workstations/get-build-tags) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./workbench-for-google-cloud-workstations | |
os: ubuntu2004 | |
product: workbench-for-google-cloud-workstations | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./workbench-for-google-cloud-workstations | |
os: ubuntu2004 | |
product: workbench-for-google-cloud-workstations | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# End retry logic |