Skip to content

Pin dockerfile SHA, bump monthly with dependabot #339

Pin dockerfile SHA, bump monthly with dependabot

Pin dockerfile SHA, bump monthly with dependabot #339

Workflow file for this run

# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
name: Release
# Always tests wheel building, but only publish to PyPI on pushed tags.
on:
pull_request:
paths-ignore:
- "docs/**"
- ".github/workflows/*.yaml"
- "!.github/workflows/release.yaml"
push:
paths-ignore:
- "docs/**"
- ".github/workflows/*.yaml"
- "!.github/workflows/release.yaml"
branches-ignore:
- "dependabot/**"
- "pre-commit-ci-update-config"
tags: ["**"]
workflow_dispatch:
jobs:
build-release:
runs-on: ubuntu-22.04
permissions:
# id-token=write is required for pypa/gh-action-pypi-publish, and the PyPI
# project needs to be configured to trust this workflow.
#
# ref: https://github.com/jupyterhub/team-compass/issues/648
#
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: install build package
run: |
pip install --upgrade pip
pip install build
pip freeze
- name: build release
run: |
python -m build --sdist --wheel .
ls -l dist
- name: test to see if built js file is in the package
run: |
tar -tvf dist/*.tar.gz | grep dist/viewer.js
unzip -l dist/*.whl | grep dist/viewer.js
- name: publish to pypi
uses: pypa/gh-action-pypi-publish@release/v1
if: startsWith(github.ref, 'refs/tags/')
publish-images:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
include:
- vncserver: tigervnc
- vncserver: turbovnc
steps:
- uses: actions/checkout@v4
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx (for multi-arch builds)
uses: docker/setup-buildx-action@v3
- name: Make decisions on pushing and suffix (based on vnc server chosen)
id: decisions
run: |
if [ "${{ startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main') }}" = "true" ]; then
echo "push=true" >> $GITHUB_OUTPUT
else
echo "push=false" >> $GITHUB_OUTPUT
fi
# We provide image tags with -tigervnc and -turbovnc suffixes to allow
# for an explicit choice, but also ship with a default choice of
# TigerVNC.
if [ "${{ matrix.vncserver == 'tigervnc' }}" == "true" ]; then
echo 'suffix="",-${{ matrix.vncserver }}' >> $GITHUB_OUTPUT
else
echo "suffix=-${{ matrix.vncserver }}" >> $GITHUB_OUTPUT
fi
# For builds triggered by a git tag 1.2.3, we calculate image tags like:
# [{prefix}:1.2.3, {prefix}:1.2, {prefix}:1, {prefix}:latest]
#
# More details at
# https://github.com/jupyterhub/action-major-minor-tag-calculator.
#
- name: Get image tags
id: tags
uses: jupyterhub/action-major-minor-tag-calculator@v3
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
prefix: "quay.io/jupyterhub/jupyter-remote-desktop-proxy:"
suffix: ${{ steps.decisions.outputs.suffix }}
branchRegex: ^\w[\w-.]*$
defaultTag: quay.io/jupyterhub/jupyter-remote-desktop-proxy:noref
- name: Login to container registry
# Credentials to Quay.io was setup by...
# 1. Creating a [Robot Account](https://quay.io/organization/jupyterhub?tab=robots)
# 2. Giving it push permissions to the image repository
# 3. Adding Robot Account credentials as workflow environment secrets
if: steps.decisions.outputs.push == 'true'
run: |
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io
- name: Build and push image
uses: docker/build-push-action@v6
with:
build-args: |
vncserver=${{ matrix.vncserver }}
context: .
platforms: linux/amd64,linux/arm64
push: ${{ steps.decisions.outputs.push }}
tags: ${{ join(fromJson(steps.tags.outputs.tags)) }}