switch user to nebari #751
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Build and push images to: | |
| # GitHub Container Registry (ghcr.io) | |
| # Red Hat Container Registry (quay.io) | |
| name: "Build Docker Images" | |
| on: | |
| workflow_dispatch: null | |
| push: | |
| branches: | |
| - "*" | |
| paths: | |
| - "Dockerfile" | |
| - "dask-worker/*" | |
| - "jupyterhub/*" | |
| - "jupyterlab/*" | |
| - "nebari-workflow-controller/*" | |
| - "scripts/*" | |
| - ".github/workflows/build-push-docker.yaml" | |
| tags: | |
| - "*" | |
| workflow_run: | |
| workflows: ["Update Pixi Lockfiles"] | |
| types: | |
| - completed | |
| env: | |
| DOCKER_ORG: nebari | |
| GPU_IMAGE_SUFFIX: gpu | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| security-events: write | |
| # https://docs.github.com/en/actions/using-jobs/using-concurrency | |
| concurrency: | |
| # only cancel in-progress jobs or runs for the current workflow - matches against branch & tags | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-images: | |
| name: "Build Docker Images" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| dockerfile: | |
| - jupyterlab | |
| - jupyterhub | |
| - dask-worker | |
| - workflow-controller | |
| platform: | |
| - gpu | |
| - cpu | |
| exclude: | |
| # excludes JupyterHub/GPU, Workflow Controller/GPU | |
| - dockerfile: jupyterhub | |
| platform: gpu | |
| - dockerfile: workflow-controller | |
| platform: gpu | |
| steps: | |
| - name: "Checkout Repository 🛎️" | |
| uses: actions/checkout@v3 | |
| - name: "Set up Docker Buildx 🛠️" | |
| uses: docker/setup-buildx-action@v2 | |
| - name: "Login to GitHub Container Registry 🔐" | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.BOT_GHCR_TOKEN }} | |
| - name: "Login to Quay Container Registry 🔐" | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_TOKEN }} | |
| - name: "Set Image Suffix for GPU 📷" | |
| if: ${{ matrix.platform == 'gpu' }} | |
| run: | | |
| echo "IMAGE_SUFFIX=-$GPU_IMAGE_SUFFIX" >> $GITHUB_ENV | |
| - name: "Generate Docker images tags 🏷️" | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| "quay.io/${{ env.DOCKER_ORG }}/nebari-${{ matrix.dockerfile }}${{ env.IMAGE_SUFFIX }}" | |
| "ghcr.io/${{ github.repository_owner }}/nebari-${{ matrix.dockerfile }}${{ env.IMAGE_SUFFIX }}" | |
| tags: | | |
| # branch event -> e.g. `main-f0f6994-20221001` | |
| type=ref, event=branch, suffix=-{{sha}}-{{date 'YYYYMMDD'}} | |
| # needed for integration tests | |
| type=ref, event=branch | |
| # on tag push -> e.g. `2022.10.1` | |
| type=ref, event=tag | |
| - name: "Inspect image dir tree 🔍" | |
| run: | | |
| sudo apt-get install tree | |
| tree . | |
| - name: "Build docker images 🐳" | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: "Dockerfile" | |
| target: ${{ matrix.dockerfile }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| sbom: true | |
| provenance: true |