Move patch to inline #137
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
- edited | |
jobs: | |
docker_build: | |
runs-on: [self-hosted, ubuntu, x64] | |
outputs: | |
tag: ${{ steps.build_tag.outputs.tag }} | |
steps: | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: hippocampusgirl | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.REGISTRY }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Set up build tag | |
id: build_tag | |
shell: bash | |
env: | |
github_ref: ${{ github.ref }} | |
github_repository: ${{ github.repository }} | |
run: | | |
version=$(echo "${github_ref}" | cut -d '/' -f 3) | |
if [[ "$version" == "main" ]]; then | |
version="latest" | |
fi | |
owner=$( \ | |
echo "${github_repository}" | \ | |
cut -d'/' -f1 | \ | |
tr '[:upper:]' '[:lower:]' \ | |
) | |
name=$( \ | |
echo "${github_repository}" | \ | |
cut -d'/' -f2 | \ | |
sed -r 's/([A-Za-z0-9])([A-Z])([a-z0-9])/\1-\L\2\3/g' | \ | |
tr '[:upper:]' '[:lower:]' \ | |
) | |
echo "repo=${name}" >> ${GITHUB_OUTPUT} | |
echo "tag=${name}:${version}" >> ${GITHUB_OUTPUT} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push to container registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: "." | |
file: "./Dockerfile" | |
platforms: linux/amd64 | |
cache-from: | | |
type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache | |
cache-to: | | |
type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache,compression=zstd,mode=max | |
outputs: | | |
type=image,name=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.tag }},push=true,compression=gzip,compression-level=9,force-compression=true | |
labels: | | |
org.opencontainers.image.title=${{ github.event.repository.name }} | |
org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.created=${{ github.event.repository.updated_at}} | |
singularity_build: | |
runs-on: self-hosted | |
needs: | |
- docker_build | |
strategy: | |
matrix: | |
singularity_version: | |
- "v3.11.5" | |
- "v2.6" | |
container: | |
image: quay.io/singularity/docker2singularity:${{ matrix.singularity_version }} | |
options: --privileged | |
steps: | |
- name: Patch docker2singularity | |
shell: bash | |
run: | | |
space=" " | |
patch <<EOF | |
--- docker2singularity.sh | |
+++ docker2singularity.sh | |
@@ -314,6 +314,8 @@ | |
echo "(8/10) Stopping and removing the container..." | |
docker stop \$container_id >> /dev/null | |
docker rm \$container_id >> /dev/null | |
+docker container prune --force >> /dev/null | |
+docker image prune --all --force >> /dev/null | |
${space} | |
# Build a final image from the sandbox | |
echo "(9/10) Building \${image_format} container..." | |
EOF | |
- name: Convert to Singularity | |
shell: bash | |
env: | |
docker_build_tag: ${{ needs.docker_build.outputs.tag }} | |
run: | | |
singularity_image_name=$(echo -n ${docker_build_tag} | tr -c '[:alnum:]' '-') | |
mkdir -p -v /output | |
docker-entrypoint.sh /docker2singularity.sh \ | |
--name ${singularity_image_name} \ | |
${{ secrets.REGISTRY }}/${docker_build_tag} | |
- name: Upload to DigitalOcean | |
shell: bash | |
env: | |
DIGITALOCEAN_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_ACCESS_KEY }} | |
DIGITALOCEAN_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SECRET_KEY }} | |
DIGITALOCEAN_REGION: ${{ secrets.DIGITALOCEAN_REGION }} | |
DIGITALOCEAN_SPACE_NAME: ${{ secrets.DIGITALOCEAN_SPACE_NAME }} | |
run: | | |
apk add python3 py3-pip | |
pip3 install --upgrade pip | |
pip3 install s3cmd | |
s3cmd --stop-on-error \ | |
--ssl --no-encrypt \ | |
--access_key="${DIGITALOCEAN_ACCESS_KEY}" \ | |
--secret_key="${DIGITALOCEAN_SECRET_KEY}" \ | |
--host="${DIGITALOCEAN_REGION}.digitaloceanspaces.com" \ | |
--host-bucket="%(bucket)s.${DIGITALOCEAN_REGION}.digitaloceanspaces.com" \ | |
--dump-config \ | |
> ${HOME}/.s3cfg | |
singularity_image_file=$(find "/output" -type f | head -n1) | |
s3cmd put ${singularity_image_file} s3://${DIGITALOCEAN_SPACE_NAME}/singularity/ | |
s3cmd setacl s3://${DIGITALOCEAN_SPACE_NAME}/singularity/$(basename ${singularity_image_file}) --acl-public |