-
Notifications
You must be signed in to change notification settings - Fork 2
130 lines (126 loc) · 4.56 KB
/
containers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Upload Container image
on:
push:
branches:
- main
tags:
- 'v*'
workflow_dispatch: # allow to manually trigger this workflow
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: false
env:
REGISTRY: ghcr.io
IMAGE_NAME: appthreat/chen-platform
jobs:
deploy:
if: github.repository_owner == 'appthreat'
runs-on: ubuntu-24.04
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- uses: sbt/setup-sbt@v1
- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
with:
coverage: "none"
php-version: "8.3"
tools: composer:v2
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '23.x'
- uses: oras-project/setup-oras@v1
- name: Trim CI agent
run: |
chmod +x ci/free_disk_space.sh
./ci/free_disk_space.sh
- name: Delete `.rustup` directory
run: rm -rf /home/runner/.rustup # to save disk space
if: runner.os == 'Linux'
- name: Delete `.cargo` directory # to save disk space
run: rm -rf /home/runner/.cargo
if: runner.os == 'Linux'
- uses: actions/cache@v4
with:
path: |
~/.sbt
~/.coursier
key: ${{ runner.os }}-sbt-${{ hashfiles('**/build.sbt') }}
- run: |
sbt stage createDistribution
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCALAPY_PYTHON_LIBRARY: "python3.12"
- name: Export python requirements
run: |
python3.12 -m pip install --upgrade pip
python3.12 -m pip install poetry
python3.12 -m poetry self add poetry-plugin-export
python3.12 -m poetry export -f requirements.txt --with=science --without-hashes --output target/chen-science-requirements.txt
python3.12 -m poetry export -f requirements.txt --with=database --without-hashes --output target/chen-database-requirements.txt
- name: Upload chen to ghcr
run: |
cd target
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/$IMAGE_NAME:v2 \
--annotation-file ../ci/annotations.json \
./chen.zip:application/vnd.appthreat.chen.layer.v1+tar \
./chen-science-requirements.txt:application/vnd.appthreat.chen.layer.v1+tar \
./chen-database-requirements.txt:application/vnd.appthreat.chen.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_USERNAME: ${{ github.actor }}
- name: Setup nydus
run: |
curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz
tar -xvf nydus-static-v2.2.4-linux-amd64.tgz
chmod +x nydus-static/*
mv nydus-static/* /usr/local/bin/
rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/appthreat/chen
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
file: ci/Dockerfile
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha,scope=chen
cache-to: type=gha,mode=max,scope=chen
- name: nydusify
run: |
nydusify convert --oci --oci-ref --source ${{ steps.meta.outputs.tags }} --target ${{ steps.meta.outputs.tags }}-nydus --prefetch-dir /opt
nydusify check --target ${{ steps.meta.outputs.tags }}-nydus
if: github.ref == 'refs/heads/main'
continue-on-error: true