From f108392c29b75e5b19fcce8aed0bab44fd743677 Mon Sep 17 00:00:00 2001 From: Alastair Llewellyn Drong Date: Sun, 29 Sep 2024 11:20:52 -0700 Subject: [PATCH] keep it simple for now --- .github/workflows/docker-build.yaml | 95 +++++++---------------------- 1 file changed, 23 insertions(+), 72 deletions(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 2b6cc90..32ee4c4 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -1,85 +1,36 @@ -name: Docker +name: Build and Run Docker Image + on: - # schedule: - # - cron: '38 5 * * *' push: - branches: [ "master", "development", "ci" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*', 'testtag' ] - pull_request: - branches: [ "master", "development", "ci" ] - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: docker.io - # github.repository as / - IMAGE_NAME: pyterrabacktyl:${{ github.ref_name == 'main' && 'latest' || github.ref_name }} - + branches: + - 'release/**' # Trigger on push to release branches jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write + build_and_run: + runs-on: ubuntu-latest # Use a GitHub-hosted runner steps: - - name: Checkout repository + - name: Checkout Code uses: actions/checkout@v3 - # Set up BuildKit Docker container builder to be able to build - # multi-platform images and export cache - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Set Up Docker Build + env: + DOCKER_IMAGE_NAME: pyterrabacktyl + RELEASE_VERSION: ${{ github.ref_name }} # Extract version from branch name + run: | + echo "Building release version $RELEASE_VERSION" + echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 - with: - context: . - # push: ${{ github.event_name != 'pull_request' }} - push: ${{ github.event_name == 'moose' }} # TODO: forced to always be false for testing - tags: ${{ env.IMAGE_NAME }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Build Docker Image + run: | + docker build . --file Dockerfile --tag $DOCKER_IMAGE_NAME:$RELEASE_VERSION - - name: Run New Docker Image - id: run-pyterrabacktyl-image + - name: Run Docker Container run: | docker images - #docker run -d localhost/${{ env.IMAGE_NAME }} + #docker run --name my_running_container $DOCKER_IMAGE_NAME:$RELEASE_VERSION - - name: Show Docker Tags - run: docker images - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - # - name: Sign the published Docker image - # if: ${{ github.event_name != 'pull_request' }} - # env: - # # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - # TAGS: ${{ steps.meta.outputs.tags }} - # DIGEST: ${{ steps.build-and-push.outputs.digest }} - # # This step uses the identity token to provision an ephemeral certificate - # # against the sigstore community Fulcio instance. - # run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + - name: Clean Up + run: | + docker rm -f my_running_container || true + docker rmi $DOCKER_IMAGE_NAME:$RELEASE_VERSION || true