[go: up one dir, main page]

Skip to content

Docker Images

Docker Images #4064

Workflow file for this run

name: Docker Images
on:
push:
branches:
- main
tags:
- v*
pull_request:
branches:
- main
schedule:
- cron: '1 0 * * *'
release:
types: [published]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
docker:
name: Build, test, and publish Docker images to Docker Hub
permissions:
contents: read
packages: write # for docker to push to registry
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=pyhf/pyhf
VERSION=latest
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF_NAME}
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${DOCKER_IMAGE}:${VERSION}"
TAGS="$TAGS,${DOCKER_IMAGE}:latest,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
# Releases also have GITHUB_REFs that are tags, so reuse VERSION
if [ "${{ github.event_name }}" = "release" ]; then
TAGS="$TAGS,${DOCKER_IMAGE}:latest-stable,ghcr.io/${{github.repository}}:latest-stable,ghcr.io/${{github.repository}}:${VERSION}"
fi
echo "steps.prep.outputs.version=${VERSION}"
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "steps.prep.outputs.tags=${TAGS}"
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "steps.prep.outputs.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Test build
id: docker_build_test
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
load: true
push: false
- name: Image digest
run: echo ${{ steps.docker_build_test.outputs.digest }}
- name: List built images
run: docker images
- name: Run CLI API check
run: |
printf "\npyhf\n"
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8}
printf "\npyhf --version\n"
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --version
printf "\npyhf --help\n"
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --help
- name: Check for curl and tar
run: >-
docker run --rm
--entrypoint /bin/bash
pyhf/pyhf:sha-${GITHUB_SHA::8}
-c "which curl; which tar"
- name: Build and publish to registry
# every PR will trigger a push event on main, so check the push event is actually coming from main
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'scikit-hep/pyhf'
id: docker_build_latest
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
tags: |
pyhf/pyhf:latest
ghcr.io/${{ github.repository }}:latest
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
push: true
platforms: linux/amd64,linux/arm64
- name: Build and publish to registry with release tag
if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf'
id: docker_build_release
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
push: true
platforms: linux/amd64,linux/arm64