From 7a34d9e28247d6240617381190cfb2f8f769cdd7 Mon Sep 17 00:00:00 2001 From: sophia Date: Tue, 31 Dec 2024 11:44:13 -0800 Subject: [PATCH 1/4] Add workflow to build docker image --- .github/workflows/build-docker-image.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/build-docker-image.yml diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml new file mode 100644 index 00000000..6e44aebe --- /dev/null +++ b/.github/workflows/build-docker-image.yml @@ -0,0 +1,22 @@ +name: Build Docker image + +on: + pull_request: + +jobs: + build_docker_image: + name: "Build Docker Images 🛠" + runs-on: ubuntu-latest + steps: + - name: "Checkout Repository 🛎" + uses: actions/checkout@v4 + + - name: "Set up Docker Buildx 🏗" + uses: docker/setup-buildx-action@v3 + + - name: "Build Docker image 🚀" + uses: docker/build-push-action@v5 + with: + context: . + target: "prod" + push: false From d9b305565a0eb7888575462b366cea1b896dc260 Mon Sep 17 00:00:00 2001 From: sophia Date: Tue, 3 Dec 2024 14:48:04 -0800 Subject: [PATCH 2/4] Add release workflow --- .github/workflows/release.yml | 56 +++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5a9d9972..18a1735f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,8 @@ on: env: FORCE_COLOR: "1" PACKAGE_FILE: "conda-store-ui.tgz" + GH_CONTAINER_REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} jobs: # always build and verify @@ -145,3 +147,57 @@ jobs: npm publish --verbose --access public ${{ env.PACKAGE_FILE }} env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + build_and_push_docker_image: + name: "Build Docker Images 🛠" + runs-on: ubuntu-latest + needs: release-to-npmjs + permissions: + id-token: write # IMPORTANT: this permission is mandatory for trusted publishing + contents: read + packages: write + attestations: write + steps: + - name: "Checkout Repository 🛎" + uses: actions/checkout@v4 + + - name: "Set up Docker Buildx 🏗" + uses: docker/setup-buildx-action@v3 + + - name: "Login to GH Container Registry 🐳" + uses: docker/login-action@v3 + with: + registry: ${{ env.GH_CONTAINER_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: "Add Docker metadata 📝" + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.GH_CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=tag + type=ref,event=branch + type=sha + + - name: "Publish Docker image 🚀" + id: push + uses: docker/build-push-action@v5 + with: + context: . + target: "prod" + tags: | + ${{ steps.meta.outputs.tags }} + push: true + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true From 1cf15bc2b0688c579fcd6934545c335627c00998 Mon Sep 17 00:00:00 2001 From: Sophia Castellarin Date: Wed, 8 Jan 2025 11:55:46 -0800 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: gabalafou --- .github/workflows/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18a1735f..78e06898 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -150,6 +150,7 @@ jobs: build_and_push_docker_image: name: "Build Docker Images 🛠" + if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest needs: release-to-npmjs permissions: @@ -198,6 +199,6 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-name: ${{ env.GH_CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true From 3d462c59c7c6711cc74d738658f6dad8995861c9 Mon Sep 17 00:00:00 2001 From: sophia Date: Wed, 8 Jan 2025 12:16:25 -0800 Subject: [PATCH 4/4] Add some notes --- .github/workflows/build-docker-image.yml | 10 +++++++--- .github/workflows/release.yml | 8 +++++++- RELEASE.md | 17 +++++++++++++++++ 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index 6e44aebe..075e1e3e 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -1,11 +1,15 @@ -name: Build Docker image +name: Docker +# This workflow builds the conda-store-ui docker image for each +# pull request. This will ensure that no PR is breaking the docker +# image, which will be built and pushed to GHCR when a new release +# is cut. on: pull_request: jobs: build_docker_image: - name: "Build Docker Images 🛠" + name: "Build Docker Image 🛠" runs-on: ubuntu-latest steps: - name: "Checkout Repository 🛎" @@ -14,7 +18,7 @@ jobs: - name: "Set up Docker Buildx 🏗" uses: docker/setup-buildx-action@v3 - - name: "Build Docker image 🚀" + - name: "Build image 🚀" uses: docker/build-push-action@v5 with: context: . diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 78e06898..733bf837 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -149,7 +149,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} build_and_push_docker_image: - name: "Build Docker Images 🛠" + name: "Push Docker Images 🛠" if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest needs: release-to-npmjs @@ -178,6 +178,11 @@ jobs: with: images: | ${{ env.GH_CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }} + # ref: https://github.com/docker/metadata-action?tab=readme-ov-file#typeref + # create tags for: + # * the GH tag (eg. 2025.1.8) + # * the branch (eg. main) + # * the commit sha (eg. sha-860c190) tags: | type=ref,event=tag type=ref,event=branch @@ -193,6 +198,7 @@ jobs: ${{ steps.meta.outputs.tags }} push: true labels: ${{ steps.meta.outputs.labels }} + # ref https://docs.docker.com/build/ci/github-actions/cache/ cache-from: type=gha cache-to: type=gha,mode=max diff --git a/RELEASE.md b/RELEASE.md index bda6ff0a..14a6a0b8 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -4,6 +4,8 @@ 1. Create a new branch for the release `git checkout -b release-2024.9.1` 1. Clean the branch `git clean -fxdq` 1. Increment the version in `package.json` following our [version specification](https://conda.store/community/maintenance/release/#calver-details) + +## Part 1: Build and release the npm package 1. Build the package locally: ```bash @@ -35,6 +37,21 @@ If the dry run looks good, continue with the release checklist items. +## Part 2: Build and release the docker image + +1. Build the docker image: + + ```bash + docker build -t conda-incubator/conda-store-ui: --target prod . + ``` + +2. Push the image to [GitHub's container registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#pushing-container-images) + + ```bash + # ensure you are authenticated with github + docker push ghcr.io/conda-incubator/conda-store-ui: + ``` + ## Troubleshooting notes - If there are issues with the [GitHub Release UI](https://github.com/conda-incubator/conda-store-ui/releases/new), ensure that whatever code you published is checked into git, then tag and push both the commit and the tag: