Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add workflows to publish docker container on release #451

Merged
merged 4 commits into from
Jan 9, 2025
Merged

Add workflows to publish docker container on release #451

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7a34d9e
Add workflow to build docker image
soapy1 Dec 31, 2024
d9b3055
Add release workflow
soapy1 Dec 3, 2024
1cf15bc
Apply suggestions from code review
soapy1 Jan 8, 2025
3d462c5
Add some notes
soapy1 Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/build-docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Build Docker image

on:
pull_request:

jobs:
build_docker_image:
name: "Build Docker Images 🛠"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the subject of how this appears in the list of checks, currently this shows up as: "Build Docker image / Build Docker Images 🛠️"

I wonder if we can come up with a better combo. Docker / Build image? Not really sure. I also don't think a redundant title is the worst thing in the world (so long as it looks different enough from the other titles)

runs-on: ubuntu-latest
steps:
- name: "Checkout Repository 🛎"
uses: actions/checkout@v4

- name: "Set up Docker Buildx 🏗"
uses: docker/setup-buildx-action@v3

- name: "Build Docker image 🚀"
uses: docker/build-push-action@v5
with:
context: .
target: "prod"
push: false
56 changes: 56 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ on:
env:
FORCE_COLOR: "1"
PACKAGE_FILE: "conda-store-ui.tgz"
GH_CONTAINER_REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
# always build and verify
Expand Down Expand Up @@ -145,3 +147,57 @@ jobs:
npm publish --verbose --access public ${{ env.PACKAGE_FILE }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

build_and_push_docker_image:
name: "Build Docker Images 🛠"
runs-on: ubuntu-latest
needs: release-to-npmjs
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
contents: read
packages: write
attestations: write
steps:
- name: "Checkout Repository 🛎"
uses: actions/checkout@v4

- name: "Set up Docker Buildx 🏗"
uses: docker/setup-buildx-action@v3

- name: "Login to GH Container Registry 🐳"
uses: docker/login-action@v3
with:
registry: ${{ env.GH_CONTAINER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: "Add Docker metadata 📝"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.GH_CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=tag
type=ref,event=branch
type=sha

- name: "Publish Docker image 🚀"
id: push
uses: docker/build-push-action@v5
with:
context: .
target: "prod"
tags: |
${{ steps.meta.outputs.tags }}
push: true
labels: ${{ steps.meta.outputs.labels }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the difference between tags and labels?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Labels contain metadata about the image (ref link). Tags denote a version of the image. So like, when you go to pull a docker image the form is docker pull <maybe repo>/<namespace>/<image name>:<tag>. For the demo published conda-store-ui container, that is docker pull ghcr.io/conda-incubator/conda-store-ui:sha256-c8c4ab110fec1d39f91ba86df89811bdd5c93bb92037ffb550a684f63ef15c64

cache-from: type=gha
cache-to: type=gha,mode=max

- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
Loading