Skip to content

Build container image for GHCR #211

Build container image for GHCR

Build container image for GHCR #211

name: Build container image for GHCR
on:
push:
branches:
- devel
- RELEASE_*
workflow_dispatch:
schedule:
- cron: '0 18 * * 5'
jobs:
build-amd64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
base:
- {image: 'ghcr.io/bioconductor/rocker-r-ver', amdtag: 'devel-amd64', outname: 'r-ver'}
- {image: 'ghcr.io/bioconductor/rocker-rstudio', amdtag: 'devel-amd64', outname: 'bioconductor_docker'}
- {image: 'rocker/tidyverse', amdtag: 'devel', outname: 'tidyverse'}
- {image: 'ghcr.io/bioconductor/rocker-cuda', amdtag: 'devel-amd64', outname: 'cuda'}
- {image: 'ghcr.io/bioconductor/rocker-ml', amdtag: 'devel-amd64', outname: 'ml'}
- {image: 'ghcr.io/bioconductor/rocker-ml-verse', amdtag: 'devel-amd64', outname: 'ml-verse'}
- {image: 'rocker/shiny', amdtag: 'latest', outname: 'shiny'}
steps:
- uses: actions/checkout@v4
- name: Free root space
uses: almahmoud/free-root-space@main
with:
verbose: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata for container image
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/${{ matrix.base.outname }}
tags: |
type=raw,value={{branch}}
- name: Extract container name without tag
id: vars
run: |
echo container=$(echo '${{ steps.meta.outputs.tags }}' | awk -F':' '{print $1}') >> $GITHUB_OUTPUT
- name: Build and push AMD64 by digest
id: build
uses: docker/build-push-action@v6
with:
build-args: |
BASE_IMAGE=${{ matrix.base.image }}
amd64_tag=${{ matrix.base.amdtag }}
file: Dockerfile
platforms: linux/amd64
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ steps.vars.outputs.container }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.base.outname }}-amd64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
build-arm64:
runs-on: ubuntu-latest-arm64
strategy:
fail-fast: false
matrix:
base:
- {image: 'ghcr.io/bioconductor/rocker-r-ver', armtag: 'devel-arm64', outname: 'r-ver'}
- {image: 'ghcr.io/bioconductor/rocker-rstudio', armtag: 'devel-arm64', outname: 'bioconductor_docker'}
steps:
- uses: actions/checkout@v3
- name: Free root space
uses: almahmoud/free-root-space@main
with:
verbose: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/${{ matrix.base.outname }}
tags: |
type=raw,value={{branch}}
- name: Extract container name without tag
id: vars
run: |
echo container=$(echo '${{ steps.meta.outputs.tags }}' | awk -F':' '{print $1}') >> $GITHUB_OUTPUT
- name: Build and push ARM64 by digest
id: build
uses: docker/build-push-action@v6
with:
build-args: |
BASE_IMAGE=${{ matrix.base.image }}
arm64_tag=${{ matrix.base.armtag }}
file: Dockerfile
platforms: linux/arm64
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ steps.vars.outputs.container }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.base.outname }}-arm64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
needs: [build-amd64, build-arm64]
runs-on: ubuntu-latest
if: always()
strategy:
fail-fast: false
matrix:
base:
- {image: 'ghcr.io/bioconductor/rocker-r-ver', amdtag: 'devel-amd64', outname: 'r-ver', platforms: 'amd64,arm64'}
- {image: 'ghcr.io/bioconductor/rocker-rstudio', amdtag: 'devel-amd64', outname: 'bioconductor_docker', platforms: 'amd64,arm64'}
- {image: 'rocker/tidyverse', amdtag: 'devel', outname: 'tidyverse', platforms: 'amd64'}
- {image: 'ghcr.io/bioconductor/rocker-cuda', amdtag: 'devel-amd64', outname: 'cuda', platforms: 'amd64'}
- {image: 'ghcr.io/bioconductor/rocker-ml', amdtag: 'devel-amd64', outname: 'ml', platforms: 'amd64'}
- {image: 'ghcr.io/bioconductor/rocker-ml-verse', amdtag: 'devel-amd64', outname: 'ml-verse', platforms: 'amd64'}
- {image: 'rocker/shiny', amdtag: 'latest', outname: 'shiny', platforms: 'amd64'}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Echo platforms to build
id: buildlist
shell: bash
run: |
PLATFORMLIST="${{matrix.base.platforms}}"
IFS=','; for item in $PLATFORMLIST; do echo "$item=build" >> $GITHUB_OUTPUT; done
- name: Download AMD64 digests
if: steps.buildlist.outputs.amd64 == 'build'
uses: actions/download-artifact@v4
with:
name: digests-${{ matrix.base.outname }}-amd64
path: /tmp/digests/amd64
- name: Download ARM64 digests
if: steps.buildlist.outputs.arm64 == 'build'
uses: actions/download-artifact@v4
with:
name: digests-${{ matrix.base.outname }}-arm64
path: /tmp/digests/arm64
- name: Set image tags
id: meta1
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository_owner }}/${{ matrix.base.outname }}
tags: |
type=raw,value={{branch}}
- name: Set image tags
id: meta2
uses: docker/metadata-action@v5
with:
images: |
docker.io/${{ github.repository_owner }}/${{ matrix.base.outname }}
ghcr.io/${{ github.repository_owner }}/${{ matrix.base.outname }}
tags: |
type=raw,value={{branch}}
- name: Create manifest list and push
shell: bash
run: |
# Prepare tags
echo '${{ steps.meta2.outputs.tags }}' > /tmp/tags
cat /tmp/tags | xargs -i bash -c 'printf "%s" "-t {} " >> /tmp/tagargs'
TAG_ARGS="$(cat /tmp/tagargs)"
# Add R version tags for ghcr.io images
if [[ "${{ matrix.base.image }}" == *"ghcr.io"* ]]; then
R_VER=$(docker pull ${{ matrix.base.image }}:${{ matrix.base.amdtag }} 2>&1 > /dev/null && \
docker inspect ${{ matrix.base.image }}:${{ matrix.base.amdtag }} | \
jq -r '.[].Config.Env[]|select(match("^R_VERSION"))|.[index("=")+1:]')
if [ ! -z "$R_VER" ]; then
for tag in $TAGS; do
TAG_ARGS="$TAG_ARGS -t ${tag}-R-${R_VER}"
done
fi
fi
# Add alternative tags without _docker in name
if [[ "${{ matrix.base.outname }}" == *"_docker"* ]]; then
for tag in $TAGS; do
ALT_TAG=$(echo $tag | sed 's/_docker//')
TAG_ARGS="$TAG_ARGS -t $ALT_TAG"
done
fi
CONTAINERNAME=$(echo '${{ steps.meta1.outputs.tags }}' | awk -F':' '{print $1}')
# Create manifest list
DIGESTS=""
for eachdir in $(ls /tmp/digests); do
DIGESTS_ARCH=$(cd /tmp/digests/$eachdir && find . -type f -exec echo "$CONTAINERNAME@sha256{}" \; | sed 's/\.\//:/')
DIGESTS="$DIGESTS $DIGESTS_ARCH"
done
docker buildx imagetools create $TAG_ARGS $DIGESTS
- name: Inspect images
run: |
cat /tmp/tags | xargs -i bash -c 'docker buildx imagetools inspect {}'