Release: OCI to GHCR (full) #255
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Stage OCI container images through GitHub Actions (GHA) to GitHub Container Registry (GHCR). | |
| name: "Release: OCI to GHCR (full)" | |
| on: | |
| pull_request: ~ | |
| push: | |
| tags: | |
| - '*.*.*' | |
| schedule: | |
| - cron: '45 04 * * *' # every day at 04:45 am | |
| # Allow job to be triggered manually. | |
| workflow_dispatch: | |
| permissions: | |
| # Permit pushing to GHCR. | |
| contents: read | |
| packages: write | |
| # Enable signed provenance/attestations. | |
| id-token: write | |
| # Cancel in-progress jobs when pushing to the same branch. | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| # The name for the produced image at ghcr.io. | |
| env: | |
| IMAGE_NAME: "${{ github.repository }}" | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| env: | |
| UV_SYSTEM_PYTHON: true | |
| steps: | |
| - name: Acquire sources | |
| uses: actions/checkout@v6 | |
| - name: Install Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| cache-dependency-glob: | | |
| pyproject.toml | |
| enable-cache: true | |
| version: "latest" | |
| - name: Build wheel package | |
| run: | | |
| uv pip install build | |
| python -m build | |
| - name: Upload wheel package | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: ${{ runner.os }}-wheel-${{ github.sha }} | |
| path: dist/*.whl | |
| retention-days: 7 | |
| - name: Run tests | |
| run: | | |
| compose_file="release/oci-full/test.yml" | |
| if [[ -f "${compose_file}" ]]; then | |
| export DOCKER_BUILDKIT=1 | |
| export COMPOSE_DOCKER_CLI_BUILD=1 | |
| docker compose --file "${compose_file}" build | |
| docker compose --file "${compose_file}" run --rm sut | |
| docker compose --file "${compose_file}" down --volumes --remove-orphans | |
| fi | |
| build-and-publish: | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| if: ${{ ! (startsWith(github.actor, 'dependabot') || github.event.pull_request.head.repo.fork ) }} | |
| steps: | |
| - name: Acquire sources | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Define image name and tags | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # List of OCI images to use as base name for tags | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME }} | |
| # Generate OCI image tags based on the following events/attributes | |
| tags: | | |
| type=schedule,pattern=nightly | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Inspect metadata | |
| run: | | |
| echo "Tags: ${{ steps.meta.outputs.tags }}" | |
| echo "Labels: ${{ steps.meta.outputs.labels }}" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Inspect builder | |
| run: | | |
| echo "Name: ${{ steps.buildx.outputs.name }}" | |
| echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
| echo "Status: ${{ steps.buildx.outputs.status }}" | |
| echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
| echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Build and push image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: release/oci-full/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| sbom: true | |
| provenance: mode=max | |
| - name: Display git status | |
| run: | | |
| set -x | |
| git describe --tags --always | |
| git status |