internal-images #862
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yamllint --format github .github/workflows/internal-images.yml | |
--- | |
name: internal-images | |
# Refresh the tags once a day. This limits impact of rate-limited images. See RATIONALE.md | |
on: | |
schedule: | |
- cron: "23 3 * * *" | |
workflow_dispatch: # Allows manual refresh | |
# This builds images and pushes them to ghcr.io/tetratelabs/wazero/internal-$tag | |
# Using these avoid docker.io rate-limits particularly on pull requests. | |
jobs: | |
copy-images: | |
runs-on: ubuntu-22.04 # Hard-coding an LTS means maintenance, but only once each 2 years! | |
strategy: | |
matrix: | |
# Be precise in tag versions to improve reproducibility | |
include: | |
- source: tonistiigi/binfmt:qemu-v6.2.0 # for docker/setup-qemu-action | |
target_tag: binfmt | |
steps: | |
# Same as doing this locally: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_TOKEN}" --password-stdin | |
- name: "Login into GitHub Container Registry" | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
# GITHUB_TOKEN=<hex token value> | |
# - pushes Docker images to ghcr.io | |
# - create via https://github.com/settings/tokens | |
# - needs repo:status, public_repo, write:packages, delete:packages | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull and push | |
run: | # This will only push a single architecture, which is fine as we currently only support amd64 | |
docker pull ${{ matrix.source }} | |
docker tag ${{ matrix.source }} ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }} | |
docker push ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }} |