Add common and harness specific configuration for deployment and publication #24
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Rebuild Bowtie Image | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches-ignore: | |
| - "wip*" | |
| env: | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| concurrency: | |
| group: images-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| meta: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| latest-version: ${{ steps.version.outputs.value }} | |
| implementation-name: ${{ steps.impl.outputs.name }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| enable-cache: true | |
| - name: Compute implementation name | |
| id: impl | |
| run: echo "name=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_OUTPUT | |
| - name: Compute latest implementation version | |
| id: version | |
| run: | | |
| version=$(uvx --from 'bowtie-json-schema' --python 3.13 bowtie info \ | |
| --implementation ${{ steps.impl.outputs.name }} \ | |
| --format json | jq -r '.version // empty') | |
| echo "value=${version}" >> $GITHUB_OUTPUT | |
| build: | |
| needs: meta | |
| runs-on: ubuntu-latest | |
| outputs: | |
| current-version: ${{ steps.current-version.outputs.value }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| attestations: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install qemu | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y qemu-user-static | |
| - name: Build | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| context: '.' | |
| containerfiles: | | |
| Dockerfile | |
| image: ${{ needs.meta.outputs.implementation-name }} | |
| tags: ${{ github.sha }} ${{ github.ref == 'refs/heads/main' && 'latest' || '' }} | |
| archs: amd64, arm64 | |
| - name: Set DOCKER_HOST so podman-built images are findable | |
| run: | | |
| systemctl --user enable --now podman.socket | |
| sudo loginctl enable-linger $USER | |
| podman --remote info | |
| echo "DOCKER_HOST=unix://$(podman info --format '{{.Host.RemoteSocket.Path}}')" >> $GITHUB_ENV | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| enable-cache: true | |
| - name: Smoke Test | |
| run: | | |
| uvx --from 'bowtie-json-schema' --python 3.13 bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format json | |
| uvx --from 'bowtie-json-schema' --python 3.13 bowtie smoke -i "localhost/${{ steps.build_image.outputs.image-with-tag }}" --format markdown >> $GITHUB_STEP_SUMMARY | |
| - name: Collect current version | |
| id: current-version | |
| run: | | |
| version=$(uvx --from 'bowtie-json-schema' --python 3.13 bowtie info \ | |
| --implementation "localhost/${{ steps.build_image.outputs.image-with-tag }}" \ | |
| --format json | jq -r '.version // empty') | |
| echo "value=${version}" >> $GITHUB_OUTPUT | |
| - name: Print collected versions | |
| run: echo "latest_version=${{ needs.meta.outputs.latest-version }}; current_version=${{ steps.current-version.outputs.value }}" | |
| - name: Log in to ghcr.io | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| - name: Publish | |
| id: push | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build_image.outputs.image }} | |
| tags: ${{ steps.current-version.outputs.value }} ${{ steps.build_image.outputs.tags }} | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| - name: Generate attestation for images | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| mark-previous-version: | |
| needs: [build, meta] | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.build.outputs.current-version != needs.meta.outputs.latest-version | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout current head | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.before }} | |
| - name: Mark the current head with the latest version before the update | |
| env: | |
| TAG: v${{ needs.meta.outputs.latest-version }} | |
| run: git tag $TAG && git push origin $TAG | |
| automerge: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: (!cancelled() && github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Automatically merge allowed PRs | |
| run: gh pr merge --auto --merge "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |