Publish Dependencies Image #47
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Dependencies Image | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| build_secret: | |
| type: string | |
| description: Build secret | |
| push: | |
| branches: | |
| - deps-image | |
| paths-ignore: | |
| - '**.md' | |
| - '**.txt' | |
| - '.**ignore' | |
| - 'docs/**' | |
| # TODO: what if package.dependencies, files were updated? | |
| # this is meant to avoid triggering the on.push event for the version bump | |
| - '**package*.json' | |
| jobs: | |
| check-user-permissions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check user permission | |
| uses: stjude/proteinpaint/.github/actions/check-user-permissions@master | |
| with: | |
| BUILD_SECRET: ${{ secrets.BUILD_SECRET }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INPUT_BUILD_SECRET: ${{ github.event.inputs.build_secret }} | |
| build: | |
| needs: check-user-permissions | |
| if: github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.PAT }} | |
| - name: Login to GitHub Container Registry | |
| run: | | |
| echo $CR_PAT | docker login ghcr.io -u stjude --password-stdin | |
| env: | |
| CR_PAT: ${{ secrets.PAT }} | |
| # Setup .npmrc file to publish to GitHub Packages | |
| - uses: actions/setup-node@v3 | |
| with: | |
| cache: 'npm' | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| scope: '@sjcrh' | |
| - name: Build image | |
| run: | | |
| npm install glob | |
| cd container | |
| BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
| if [[ "$BRANCH" != "devContainers" && "$BRANCH" != "release-chain" && "$BRANCH" != "master" && ${{ github.event_name }} != "workflow_dispatch" ]]; then | |
| echo "skipping build and publishing" | |
| else | |
| cd deps | |
| ./version.sh deps | |
| ./build.sh -m "ghcr.io/stjude/" | |
| TAG="$(node -p "require('./package.json').version")" | |
| cd .. | |
| HASH=$(git rev-parse --short HEAD 2>/dev/null) | |
| docker push ghcr.io/stjude/ppbase:$TAG | |
| docker push ghcr.io/stjude/ppbase:latest |