Skip to content

Build neurodesktop-dev #215

Build neurodesktop-dev

Build neurodesktop-dev #215

name: Build neurodesktop-dev
# Scheduled production builds at 17:00 UTC every day.
# Build manually from here: https://github.com/NeuroDesk/neurodesktop/actions/workflows/build-neurodesktop.yml
# DockerHub: https://hub.docker.com/r/vnmd/neurodesktop
# Github Packages: https://github.com/NeuroDesk/neurodesktop/pkgs/container/neurodesktop%2Fneurodesktop
on:
workflow_dispatch:
inputs:
force_push:
description: 'Force push?'
type: boolean
required: true
default: false
# schedule:
# - cron: '0 17 * * *'
env:
DOCKERHUB_ORG: ${{ vars.DOCKERHUB_ORG }}
OCIR_REPO: ${{ vars.OCIR_REPO }}
jobs:
build-image:
runs-on: ubuntu-22.04
steps:
- name: Fetch github api rate limit
run: |
GITHUB_RATE_REMAINING=$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/rate_limit | jq '.rate.remaining')
echo "GITHUB_RATE_REMAINING=${GITHUB_RATE_REMAINING}"
echo "GITHUB_RATE_REMAINING=$GITHUB_RATE_REMAINING" >> $GITHUB_ENV
# - name: Maximize build space
# uses: easimon/maximize-build-space@master
# with:
# root-reserve-mb: 40000
# swap-size-mb: 1024
# overprovision-lvm: 'true'
# remove-dotnet: 'true'
# remove-android: 'true'
# remove-haskell: 'true'
# remove-codeql: 'true'
# remove-docker-images: 'true'
- name: Checkout repository
if: ${{ env.GITHUB_RATE_REMAINING > 0 }}
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
- name: Set environment variables
if: ${{ env.GITHUB_RATE_REMAINING > 0 }}
run: |
IMAGENAME="neurodesktop-dev"
BUILDDATE=`date +%Y-%m-%d-%H%M`
SHORT_SHA=$(git rev-parse --short $GITHUB_SHA)
IMAGEID=ghcr.io/$GITHUB_REPOSITORY/$IMAGENAME
IMAGEID=$(echo $IMAGEID | tr '[A-Z]' '[a-z]')
echo "BUILDDATE=$BUILDDATE"
echo "SHORT_SHA=$SHORT_SHA"
echo "IMAGEID=$IMAGEID"
echo "IMAGENAME=$IMAGENAME"
echo "BUILDDATE=$BUILDDATE" >> $GITHUB_ENV
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
echo "IMAGEID=$IMAGEID" >> $GITHUB_ENV
echo "IMAGENAME=$IMAGENAME" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get rootfs of cached image
run: |
docker pull $IMAGEID:latest && ROOTFS_CACHE=$(docker inspect --format='{{.RootFS}}' $IMAGEID:latest) && docker rmi $IMAGEID:latest || true
echo "ROOTFS_CACHE=$ROOTFS_CACHE" >> $GITHUB_ENV
- name: Build new image
uses: docker/build-push-action@v4
with:
context: .
load: true
tags: ${{ env.IMAGEID}}:${{ env.SHORT_SHA }}
cache-from: type=registry,ref=${{ env.IMAGEID}}:latest
cache-to: type=inline
- name: Get rootfs of new image
run: |
ROOTFS_NEW=$(docker inspect --format='{{.RootFS}}' $IMAGEID:$SHORT_SHA)
PUSH_IMAGES="${IMAGEID}"
if [ ! -z "${DOCKERHUB_ORG}" ]; then
PUSH_IMAGES="${PUSH_IMAGES}, ${DOCKERHUB_ORG}/${IMAGENAME}"
fi
if [ ! -z "${OCIR_REPO}" ]; then
PUSH_IMAGES="${PUSH_IMAGES}, ${OCIR_REPO}/${IMAGENAME}"
fi
echo "PUSH_IMAGES=$PUSH_IMAGES"
echo "ROOTFS_NEW=$ROOTFS_NEW" >> $GITHUB_ENV
echo "PUSH_IMAGES=$PUSH_IMAGES" >> $GITHUB_ENV
- name: Login to DockerHub (if changes found)
if: ${{ env.DOCKERHUB_ORG != '' && (env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true') }}
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to OCIR (if changes found)
if: ${{ env.OCIR_REPO != '' && (env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true') }}
uses: docker/login-action@v2
with:
registry: syd.ocir.io
username: ${{ secrets.OCIR_USERNAME }}
password: ${{ secrets.OCIR_PASSWORD }}
- name: Get new image metadata (if changes found)
if: ${{ env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true' }}
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.PUSH_IMAGES }}
tags: |
${{ env.BUILDDATE }}
latest
labels: |
org.opencontainers.image.description=Neurodesktop
- name: Push new image (if changes found)
if: ${{ env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true' }}
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64
# platforms: linux/amd64,linux/arm64
provenance: false # fixes unknown/unknown arch builds
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.IMAGEID}}:latest
cache-to: type=inline
- name: Create github tag (if changes found)
if: ${{ env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true' }}
uses: rickstaa/[email protected]
with:
tag: ${{ env.BUILDDATE }}
# - name: Container image scan
# if: ${{ env.GITHUB_RATE_REMAINING > 0 }}
# uses: aquasecurity/[email protected]
# with:
# image-ref: ${{ env.IMAGEID }}
# format: table
# exit-code: '1'
# severity: CRITICAL
# timeout: 25m0s
# skip-files: /opt/rclone-v1.60.1-linux-amd64/README.txt, /opt/rclone-v1.60.1-linux-amd64/README.html, /opt/rclone-v1.60.1-linux-amd64/rclone.1
# - name: Generate issue on job failure
# if: always() && failure()
# uses: JasonEtco/create-an-issue@v2
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# GITHUB_WORKFLOW: ${{ env.GITHUB_WORKFLOW }}
# GITHUB_SERVER_URL: ${{ env.GITHUB_SERVER_URL }}
# GITHUB_REPOSITORY: ${{ env.GITHUB_REPOSITORY }}
# GITHUB_RUN_ID: ${{ env.GITHUB_RUN_ID }}
# with:
# filename: .github/job_failure_issue_template.md
# update_existing: true
# search_existing: open