Skip to content

docker_images

docker_images #561

Workflow file for this run

name: docker_images
on:
push:
paths-ignore:
- 'cloud-chatops/**'
- '.github/workflows/cloud_chatops.yaml'
pull_request:
paths-ignore:
- 'cloud-chatops/**'
- '.github/workflows/cloud_chatops.yaml'
schedule: [{cron: "14 14 * * TUE"}] # Every Tuesday at 14:14
jobs:
setup:
if: github.event_name != 'pull_request' || !contains('OWNER,MEMBER,COLLABORATOR', github.event.pull_request.author_association)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }} # fix SHA
- name: List all images
id: metadata
run: |
echo "images=$(
find -name Dockerfile | sed -r 's#\./(.+)/Dockerfile#\1#g' | jq -Rsc 'split("\n")[:-1]'
)" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
outputs:
images: ${{ steps.metadata.outputs.images }}
sha: ${{ steps.metadata.outputs.sha_short }}
build:
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: ${{ fromJson(needs.setup.outputs.images) }}
steps:
- name: Maximize build space # free up space for building images
uses: easimon/maximize-build-space@v10
with:
root-reserve-mb: 512
swap-size-mb: 1024
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
build-mount-path: '/var/lib/docker/'
- name: Restart docker # restart the docker service
run: sudo service docker restart
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- name: Login to DockerHub # increase pull rate limit
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Harbor
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/login-action@v3
with:
registry: harbor.stfc.ac.uk
username: ${{ secrets.STAGING_HARBOR_USERNAME }}
password: ${{ secrets.STAGING_HARBOR_TOKEN }}
- name: Login to Harbor
if: ${{ github.ref == 'refs/heads/master' }}
uses: docker/login-action@v3
with:
registry: harbor.stfc.ac.uk
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_TOKEN }}
- name: Build & push to staging
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
context: "{{defaultContext}}:${{ matrix.image }}"
tags: "harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}"
- name: Build & push to prod
if: ${{ github.ref == 'refs/heads/master' }}
uses: docker/build-push-action@v6
with:
push: true
context: "{{defaultContext}}:${{ matrix.image }}"
tags: "harbor.stfc.ac.uk/stfc-cloud/${{ matrix.image }}:latest"
- name: Inform of tagged name
if: ${{ github.ref != 'refs/heads/master' }}
run: echo "::notice title=published::harbor.stfc.ac.uk/stfc-cloud-staging/${{ matrix.image }}:${{ needs.setup.outputs.sha }}"
finished: # convenient single job name to apply branch protection to
needs: build
runs-on: ubuntu-latest
steps: [{run: true}]