-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #57 from shinybrar/56-feat-signed-docker-container…
…-and-pypi-artifacts Edge Container Image
- Loading branch information
Showing
6 changed files
with
150 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,32 +12,52 @@ jobs: | |
- | ||
name: Create release | ||
id: release-please | ||
uses: google-github-actions/release-please-action@v3 | ||
uses: googleapis/release-please-action@v4.1.3 | ||
with: | ||
release-type: python | ||
package-name: skaha | ||
- | ||
name: Checkout | ||
if: ${{ steps.release-please.outputs.release_created }} | ||
uses: actions/[email protected] | ||
- | ||
name: Set up Python | ||
if: ${{ steps.release-please.outputs.release_created }} | ||
uses: actions/setup-python@v4 | ||
name: Dispatch Edge Build | ||
if: always() | ||
uses: peter-evans/[email protected] | ||
with: | ||
python-version: 3.7 | ||
repository: shinybrar/skaha | ||
event-type: edge-build | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
- | ||
name: Install dependencies | ||
name: Dispatch Release Build | ||
if: ${{ steps.release-please.outputs.release_created }} | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install --upgrade poetry | ||
uses: peter-evans/[email protected] | ||
with: | ||
repository: shinybrar/skaha | ||
event-type: release-build | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
client-payload: |- | ||
{ | ||
"release_created": ${{ steps.release-please.outputs.release_created }}, | ||
"upload_url": ${{ steps.release-please.outputs.upload_url }}, | ||
"html_url": ${{ steps.release-please.outputs.html_url }}, | ||
"tag_name": ${{ steps.release-please.outputs.tag_name }}, | ||
"major": ${{ steps.release-please.outputs.major }}, | ||
"minor": ${{ steps.release-please.outputs.minor }}, | ||
"patch": ${{ steps.release-please.outputs.patch }}, | ||
"sha": ${{ steps.release-please.outputs.sha }} | ||
} | ||
- | ||
name: Build and publish | ||
name: Dispatch PYPI Release | ||
if: ${{ steps.release-please.outputs.release_created }} | ||
env: | ||
PYPI_USERNAME: __token__ | ||
PYPI_PASSWORD: ${{ secrets.PYPI_TOKEN }} | ||
run: | | ||
poetry build | ||
poetry publish -u $PYPI_USERNAME -p $PYPI_PASSWORD | ||
uses: peter-evans/[email protected] | ||
with: | ||
repository: shinybrar/skaha | ||
event-type: pypi-release | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
client-payload: |- | ||
{ | ||
"release_created": ${{ steps.release-please.outputs.release_created }}, | ||
"upload_url": ${{ steps.release-please.outputs.upload_url }}, | ||
"html_url": ${{ steps.release-please.outputs.html_url }}, | ||
"tag_name": ${{ steps.release-please.outputs.tag_name }}, | ||
"major": ${{ steps.release-please.outputs.major }}, | ||
"minor": ${{ steps.release-please.outputs.minor }}, | ||
"patch": ${{ steps.release-please.outputs.patch }}, | ||
"sha": ${{ steps.release-please.outputs.sha }} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
name: Edge Container Build | ||
|
||
on: | ||
repository_dispatch: | ||
types: [edge-build] | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
packages: write | ||
attestations: write | ||
id-token: write | ||
|
||
env: | ||
GHCR_REGISTRY: ghcr.io | ||
DOCKERHUB_REGISTRY: docker.io | ||
IMAGE_NAME: shinybrar/skaha | ||
IMAGE_TAG: edge | ||
|
||
jobs: | ||
edge-build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Client Payload | ||
run: | | ||
echo "Client Payload: ${{ github.event.client_payload }}" | ||
- | ||
name: Checkout Code | ||
uses: actions/[email protected] | ||
- | ||
name: Edge Release Metadata | ||
id: metadata | ||
run: | | ||
DOCKERHUB_IMAGE="${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT | ||
GHCR_IMAGE="${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT | ||
- | ||
name: Setup Docker Buildx | ||
uses: docker/[email protected] | ||
with: | ||
install: true | ||
- | ||
name: Perform Dockerhub Login | ||
uses: docker/[email protected] | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- | ||
name: Perform GHCR Login | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- | ||
name: Build & Push Docker Image | ||
id: build | ||
uses: docker/[email protected] | ||
with: | ||
context: . | ||
target: production | ||
file: Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
provenance: mode=max | ||
sbom: true | ||
push: true | ||
labels: | | ||
org.opencontainers.image.title=skaha | ||
org.opencontainers.image.version=edge | ||
org.opencontainers.image.description='Python Client for CANFAR Science Portal' | ||
org.opencontainers.image.licenses=AGPL-3.0 | ||
org.opencontainers.image.source=https://github.com/shinybrar/skaha | ||
tags: | | ||
${{ steps.metadata.outputs.DOCKERHUB_IMAGE }} | ||
${{ steps.metadata.outputs.GHCR_IMAGE }} | ||
- | ||
name: Attest Container Image | ||
uses: actions/attest-build-provenance@v1 | ||
with: | ||
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} | ||
subject-digest: ${{ steps.build.outputs.digest }} | ||
push-to-registry: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
FROM python:3.13-alpine as base | ||
|
||
FROM base as builder | ||
COPY . /skaha | ||
WORKDIR /skaha | ||
|
||
# Install UV | ||
RUN set -ex \ | ||
&& apk add --no-cache curl \ | ||
&& curl -LsSf https://astral.sh/uv/install.sh | sh \ | ||
&& source $HOME/.cargo/env \ | ||
&& uv build | ||
|
||
FROM base as production | ||
COPY --from=builder /skaha/dist /skaha/dist | ||
RUN pip install --no-cache-dir /skaha/dist/*.whl |