Build container images for each environment and push them to GHCR

flox · Nov 20, 2024 · 47ec03c · 47ec03c
1 parent 3395e18
commit 47ec03c
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 23 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,8 +17,8 @@ jobs:
     runs-on: "ubuntu-latest"
 
     outputs:
-      envs_test: "${{ steps.envs.outputs.envs_test }}"
-      envs_push: "${{ steps.envs.outputs.envs_push }}"
+      envs_per_system: "${{ steps.envs.outputs.envs_per_system }}"
+      envs_only: "${{ steps.envs.outputs.envs_only }}"
 
     steps:
       - name: "Checkout"
@@ -30,8 +30,8 @@ jobs:
       - name: "Find environment"
         id: "envs"
         run: |
-          envs_test="["
-          envs_push="["
+          envs_per_system="["
+          envs_only="["
 
           update_all=${{ github.event_name == 'schedule' && 'true' || '' }}
           BASE_SHA="${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || 'HEAD~1' }}"
@@ -55,33 +55,33 @@ jobs:
               fi
 
               readarray systems < <(yq e -o=j -I=0 '.options.systems[]' $manifest_path)
-              comma_test=""
-              if [ "$envs_test" != "[" ]; then comma_test=","; fi
+              comma_per_system=""
+              if [ "$envs_per_system" != "[" ]; then comma_per_system=","; fi
               for system in "${systems[@]}"; do
                 system=$(echo $system | xargs)
-                envs_test="$envs_test$comma_test{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}"
-                comma_test=","
+                envs_per_system="$envs_per_system$comma_per_system{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}"
+                comma_per_system=","
               done
 
-              comma_push=""
+              comma_only=""
               if [ "$name" == "flaim" ]; then continue; fi
-              if [ "$envs_push" != "[" ]; then comma_push=","; fi
-              envs_push="$envs_push$comma_push{\"example\":\"$name\"}"
+              if [ "$envs_only" != "[" ]; then comma_only=","; fi
+              envs_only="$envs_only$comma_only{\"example\":\"$name\"}"
             fi
           done <<< "$(find $PWD -name manifest.toml)"
-          envs_test="$envs_test]"
-          envs_push="$envs_push]"
+          envs_per_system="$envs_per_system]"
+          envs_only="$envs_only]"
 
-          echo "-- ENVS_TEST ---------------"
-          echo "$envs_test" | jq
+          echo "-- envs_per_system ---------"
+          echo "$envs_per_system" | jq
           echo "----------------------------"
 
-          echo "-- ENVS_PUSH ---------------"
-          echo "$envs_push" | jq
+          echo "-- envs_only ---------------"
+          echo "$envs_only" | jq
           echo "----------------------------"
 
-          echo "envs_test=$envs_test" >> "$GITHUB_OUTPUT"
-          echo "envs_push=$envs_push" >> "$GITHUB_OUTPUT"
+          echo "envs_per_system=$envs_per_system" >> "$GITHUB_OUTPUT"
+          echo "envs_only=$envs_only" >> "$GITHUB_OUTPUT"
 
   test:
     name: "Test '${{ matrix.example }}' example on '${{ matrix.system }}'"
@@ -96,7 +96,7 @@ jobs:
       fail-fast: false
       max-parallel: 8
       matrix:
-        include: ${{ fromJSON(needs.envs.outputs.envs_test ) }}
+        include: ${{ fromJSON(needs.envs.outputs.envs_per_system ) }}
 
     steps:
       - name: "Setup SSH"
@@ -135,6 +135,57 @@ jobs:
                 --option access-tokens "github.com=${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" \
                 github:flox/floxenvs/${{ github.sha }}#apps.${{ matrix.system }}.test-${{ matrix.example }} -- ${{ matrix.start_services }}
 
+  containarize:
+    name: "Containarize '${{ matrix.example }}'"
+    runs-on: "ubuntu-latest"
+
+    if: (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
+
+    needs:
+      - "envs"
+      - "test"
+
+    env:
+      FLOX_BIN: "flox -vvv"
+
+    timeout-minutes: 30
+
+    permissions:
+      contents:       "read"
+      packages:       "write"
+      attestations:   "write"
+      id-token:       "write"
+
+    strategy:
+      fail-fast: false
+      max-parallel: 8
+      matrix:
+        include: ${{ fromJSON(needs.envs.outputs.envs_only ) }}
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install flox"
+        uses: "flox/install-flox-action@main"
+
+      - name: "Login to Github Container Registry"
+        uses: "docker/login-action@v3"
+        with:
+          registry: "ghcr.io"
+          username: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: "Containarize"
+        run: |
+          flox containerize -d ./${{ matrix.example }}
+
+      - name: "Tag & Push"
+        run: |
+          docker tag ${{ matrix.example }}:latest ghcr.io/flox/floxenvs:${{ matrix.example }}-latest
+          docker push ghcr.io/flox/floxenvs:${{ matrix.example }}-latest
+
+
   push:
     name: "Sync '${{ matrix.example }}' manifest"
     runs-on: "ubuntu-latest"
@@ -150,9 +201,11 @@ jobs:
       FLOX_REMOTE_OWNER:  "flox"
       FLOX_AUTH0_URL:     "https://auth.flox.dev"
 
+    timeout-minutes: 30
+
     strategy:
       matrix:
-        include: ${{ fromJSON(needs.envs.outputs.envs_push ) }}
+        include: ${{ fromJSON(needs.envs.outputs.envs_only ) }}
 
     steps:
       - name: "Checkout"
@@ -209,6 +262,7 @@ jobs:
     needs:
       - "test"
       - "push"
+      - "containarize"
 
     steps:
       - name: "Slack Notification"

diff --git a/1password/.flox/env.json b/1password/.flox/env.json
@@ -1,4 +1,4 @@
 {
-  "name": "op-inject-manifest",
+  "name": "1password",
   "version": 1
-}
+}