Build and publish docker on Tag and Release #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # When a new release is published, | |
| # upload image to Dockerhub. | |
| # | |
| # Requires the following repository secrets: | |
| # - DOCKER_IMAGE - Configured as a secret so it can be configured per fork. | |
| # - DOCKER_HUB_USERNAME | |
| # - DOCKER_HUB_ACCESS_TOKEN | |
| # - GITHUBPAT - The github account to use for downloading CRAN dependencies. | |
| # Needed to avoid "API rate limit exceeded" from github. | |
| name: Build and publish docker on Tag and Release | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| workflow_dispatch: | |
| inputs: | |
| docker_image_name: | |
| description: 'The name of the image to be deployed.' | |
| default: 'broadsea-hades' | |
| type: string | |
| tag: | |
| description: 'The tag of image to be created.' | |
| required: true | |
| type: string | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-docker-image: | |
| name: build docker image and push to ghcr and release | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| matrix: | |
| platform: [amd64, arm64] | |
| include: | |
| - platform: amd64 | |
| runner: ubuntu-latest | |
| - platform: arm64 | |
| runner: ubuntu-24.04-arm | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/Checkout@v4 | |
| - name: Log in to ghcr | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN}} | |
| - name: Prepare docker metadata | |
| id: metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tag: | | |
| type=semver,pattern={{version}} | |
| type=raw,value=${{ inputs.tag }} | |
| type=sha | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Build and push Dockerhub | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| # Allow running the image on the architectures supported by nginx-unprivileged:alpine. | |
| platforms: linux/${{ matrix.platform }} | |
| push: true | |
| secrets: | | |
| build_github_pat=${{ secrets.GITHUBPAT }} | |
| tags: ${{ steps.metadata.outputs.tags }}-${{ matrix.platform }} | |
| labels: | | |
| ${{ steps.metadata.outputs.labels }} | |
| org.opencontainers.image.licenses=Apache-2.0 | |
| - name: Inspect image | |
| run: | | |
| docker pull ${{ steps.metadata.outputs.tags }}-${{ matrix.platform }} | |
| docker image inspect ${{ env.DOCKER_IMAGE }} |