Fix/several_fixes #586
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-docker-server | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'main' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| inputs: | |
| git-ref: | |
| description: 'Git ref (optional)' | |
| required: false | |
| env: | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| IMAGE_NAME: imswitch | |
| MAIN_BRANCH: 'master' # pushing to this branch will update the "edge" tag on the image | |
| BETA_BRANCH: 'beta' # pushing to this branch will update the "beta" tag on the image | |
| STABLE_BRANCH: 'stable' # pushing to this branch will update the "stable" tag on the image | |
| TAG_PREFIX: 'v' # pushing tags with this prefix will add a version tag to the image and update the "latest" tag on the image | |
| PUSH_IMAGE: ${{ (github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork) || github.event_name == 'push' || github.event_name == 'push tag' }} | |
| jobs: | |
| build-ctr-img: | |
| permissions: | |
| contents: read | |
| actions: read | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - docker-platform: linux/amd64 | |
| gha-runner: ubuntu-24.04 | |
| - docker-platform: linux/arm64 | |
| gha-runner: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.gha-runner }} | |
| steps: | |
| - uses: actions/checkout@v7 | |
| with: | |
| # We check out the PR's HEAD commit instead of its merge commit so that | |
| # Docker container SHA tags will match git commit SHAs even before merge-ctr-imgs: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| # Don't download unnecessary data: | |
| fetch-depth: 0 | |
| filter: 'blob:none' | |
| # We fetch tags so that the staged pallet bundle has a record of ancestral tags, for | |
| # pseudoversion string generation: | |
| fetch-tags: true | |
| - name: Wait for frontend to build | |
| id: wait-build-frontend | |
| uses: lucasssvaz/wait-on-workflow@v1 | |
| with: | |
| workflow: build-frontend.yaml | |
| sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Download built frontend | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: frontend | |
| path: ./frontend/build | |
| github-token: ${{github.token}} | |
| run-id: ${{ steps.wait-build-frontend.outputs.run-id }} | |
| # Work around a bug where capital letters in the GitHub username (e.g. "PlanktoScope") make it | |
| # impossible to push to GHCR. See https://github.com/macbre/push-to-ghcr/issues/12 | |
| - name: Lowercase image registry and owner | |
| id: image_registry_case | |
| uses: ASzc/change-string-case-action@v8 | |
| with: | |
| string: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # Build and publish Docker container image | |
| - name: Get Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ steps.image_registry_case.outputs.lowercase }} | |
| tags: | | |
| type=sha | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| with: | |
| install: true | |
| driver: docker-container # Ensures proper driver setup | |
| - name: Log in to GitHub container registry | |
| if: env.PUSH_IMAGE == 'true' | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Determine version string | |
| id: version-string | |
| run: | | |
| # Get the SHA of the actual commit (not the fake merge commit) on PR-triggered runs | |
| # (refer to https://stackoverflow.com/a/68068674/23202949): | |
| if [ -n "${{ github.event.pull_request.head.sha }}" ]; then | |
| ACTUAL_SHA="${{ github.event.pull_request.head.sha }}" | |
| else | |
| # Note: we want to have a SHA to check out even in merge queues, so we always fall back | |
| # to a SHA even if it's a fictional SHA detached from any branches: | |
| ACTUAL_SHA="${{ github.sha }}" | |
| fi | |
| TAG="$(git describe --tags --exact-match --match "v*" "$ACTUAL_SHA" 2>/dev/null || printf "")" | |
| VERSION="$(git describe --tags --match "v*" --abbrev=7 "$ACTUAL_SHA")" | |
| TIMESTAMP="$(TZ=UTC git show -s --format=%ad --date=format:'t%Y%m%d%H%M%S' "$ACTUAL_SHA")" | |
| if [[ "$VERSION" != "$TAG" ]]; then | |
| VERSION="$VERSION-$TIMESTAMP" | |
| if [[ -n "${{ github.event.pull_request.head.sha }}" ]]; then | |
| # We're in a pull request | |
| VERSION="$VERSION-pr${{ github.event.pull_request.number }}" | |
| fi | |
| fi | |
| echo "version: $VERSION" | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Record version | |
| run: | | |
| VERSION="${{ steps.version-string.outputs.version }}" | |
| echo "version = \"$VERSION\"" > ./imswitch/version.py | |
| cat ./imswitch/version.py | |
| - name: Build and push by digest | |
| id: build | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| pull: true | |
| platforms: ${{ matrix.docker-platform }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=build-${{ matrix.docker-platform }} | |
| cache-to: type=gha,mode=max,scope=build-${{ matrix.docker-platform }} | |
| outputs: type=image,name=${{ steps.image_registry_case.outputs.lowercase }},push-by-digest=true,name-canonical=true,push=${{ env.PUSH_IMAGE }} | |
| build-args: | | |
| BUILD_DATE=${{ github.run_id }} | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Determine digest name | |
| run: | | |
| platform=${{ matrix.docker-platform }} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: digests-${{ env.PLATFORM_PAIR }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge-ctr-imgs: | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-ctr-img | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| # Work around a bug where capital letters in the GitHub username (e.g. "PlanktoScope") make it | |
| # impossible to push to GHCR. See https://github.com/macbre/push-to-ghcr/issues/12 | |
| - name: Lowercase image registry and owner | |
| id: image_registry_case | |
| uses: ASzc/change-string-case-action@v8 | |
| with: | |
| string: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # Build and publish Docker container image | |
| - name: Get Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| env: | |
| DOCKER_METADATA_PR_HEAD_SHA: true | |
| IS_MAIN_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) }} | |
| IS_BETA_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.BETA_BRANCH) }} | |
| IS_STABLE_BRANCH: ${{ github.ref == format('refs/heads/{0}', env.STABLE_BRANCH) }} | |
| with: | |
| images: ${{ steps.image_registry_case.outputs.lowercase }} | |
| tags: | | |
| type=match,pattern=${{ env.TAG_PREFIX }}(.*),group=1 | |
| type=raw,value=stable,enable=${{ env.IS_STABLE_BRANCH }},priority=702 | |
| type=raw,value=beta,enable=${{ env.IS_BETA_BRANCH }},priority=701 | |
| type=edge,branch=${{ env.MAIN_BRANCH }} | |
| type=ref,event=pr | |
| type=sha,priority=100 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to GitHub Container Registry | |
| if: env.PUSH_IMAGE == 'true' | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create manifest list and push | |
| if: env.PUSH_IMAGE == 'true' | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ steps.image_registry_case.outputs.lowercase }}@sha256:%s ' *) | |
| - name: Inspect image | |
| if: env.PUSH_IMAGE == 'true' | |
| run: | | |
| docker buildx imagetools inspect \ | |
| ${{ steps.image_registry_case.outputs.lowercase }}:${{ steps.meta.outputs.version }} |