-
Notifications
You must be signed in to change notification settings - Fork 335
153 lines (135 loc) · 5.03 KB
/
container-base-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Workflow for building IC Base Container Images
# On master branch the images are pushed to DockerHub and references updated in automated PR
name: Container IC Base Images
on:
schedule:
- cron: "0 8 * * 4"
workflow_dispatch:
pull_request:
paths:
- '.github/workflows/container-base-images.yml'
- '**/Dockerfile.base'
- '**/packages.common'
- '**/packages.dev'
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
pull-requests: write
packages: write
contents: write
jobs:
build-base-image:
name: Build Base Container Image
runs-on: ubuntu-latest
timeout-minutes: 45
strategy:
matrix:
include:
- IMAGE: "guestos-base"
CONTEXT: "ic-os/guestos/context"
REFFILE: "ic-os/guestos/context/docker-base.prod"
BUILD_ARGS: ""
- IMAGE: "guestos-base-dev"
CONTEXT: "ic-os/guestos/context"
REFFILE: "ic-os/guestos/context/docker-base.dev"
BUILD_ARGS: "PACKAGE_FILES=packages.common packages.dev"
- IMAGE: "boundaryos-base"
CONTEXT: "ic-os/boundary-guestos/context"
REFFILE: "ic-os/boundary-guestos/context/docker-base.prod"
BUILD_ARGS: ""
- IMAGE: "hostos-base"
CONTEXT: "ic-os/hostos/context"
REFFILE: "ic-os/hostos/context/docker-base.prod"
BUILD_ARGS: ""
- IMAGE: "hostos-base-dev"
CONTEXT: "ic-os/hostos/context"
REFFILE: "ic-os/hostos/context/docker-base.dev"
BUILD_ARGS: "PACKAGE_FILES=packages.common packages.dev"
- IMAGE: "setupos-base"
CONTEXT: "ic-os/setupos/context"
REFFILE: "ic-os/setupos/context/docker-base.prod"
BUILD_ARGS: ""
- IMAGE: "setupos-base-dev"
CONTEXT: "ic-os/setupos/context"
REFFILE: "ic-os/setupos/context/docker-base.dev"
BUILD_ARGS: "PACKAGE_FILES=packages.common packages.dev"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get Current Date
id: date
run: echo "DATE=$(date '+%Y-%m-%d-%H')" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@a530e948adbeb357dbca95a7f8845d385edf4438 # v3
- name: Login to GHCR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Base Image
uses: docker/build-push-action@eb539f44b153603ccbfbd98e2ab9d4d0dcaf23a4 # v5
id: build-base-image
with:
context: ${{ matrix.CONTEXT }}
file: ${{ matrix.CONTEXT }}/Dockerfile.base
push: ${{ github.ref_name == 'master' }}
tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.IMAGE }}:${{ env.DATE }}
build-args: ${{ matrix.BUILD_ARGS }}
- name: Collect SHA256 Digest
shell: bash
run: |
set -xeuo pipefail
mkdir -p "$(dirname artifacts/${{ matrix.REFFILE }})"
echo ghcr.io/dfinity/${{matrix.IMAGE}}@${{ steps.build-base-image.outputs.imageid }} \
> artifacts/${{ matrix.REFFILE }}
- name: Upload SHA256 Digest Artifact
uses: actions/upload-artifact@v4
with:
name: sha256-${{ matrix.IMAGE }}
path: artifacts
retention-days: 1
update-ref-files-pr:
name: Update Reference Files PR
runs-on: ubuntu-latest
timeout-minutes: 10
needs: [build-base-image]
if: ${{ github.ref_name == 'master' }}
steps:
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@v4
- name: Get Current Date
id: date
run: echo "DATE=$(date '+%Y-%m-%d-%H%M')" >> $GITHUB_ENV
- name: Download SHA256 Digest Artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
pattern: sha256-*
merge-multiple: true
- name: Update Base Image Refs
shell: bash
run: |
set -xeuo pipefail
find artifacts
rsync -rv artifacts/ .
rm -rf artifacts
- name: Create Pull Request
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
with:
token: ${{ steps.app-token.outputs.token }}
base: master
branch: base-image-refs-update-${{ env.DATE }}
delete-branch: true
title: "chore: Update Base Image Refs [${{ env.DATE }}]"
body: |
Updating base container image references.
Run URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
draft: false