Merge pull request #10 from shaneknapp/update-push-workflow #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push container image, and push update to datahub repo if needed | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_CONFIG: $HOME/.docker | |
| IMAGE: ${{ vars.IMAGE }} | |
| outputs: | |
| image-tag: ${{ steps.build-and-push.outputs.IMAGE_SHA_TAG }} | |
| steps: | |
| - name: Check out the image repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| with: | |
| files_ignore: | | |
| README.md | |
| CONTRIBUTING.md | |
| LICENSE | |
| .github/** | |
| images/** | |
| - name: Cleanup disk space | |
| if: steps.changed-files.outputs.any_changed == 'true' | |
| run: | | |
| sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc | |
| df -h | |
| - name: Log in to GAR | |
| if: steps.changed-files.outputs.any_changed == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: us-central1-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.GAR_SECRET_KEY }} | |
| - name: Build the image and push to artifact registry | |
| id: build-and-push | |
| if: steps.changed-files.outputs.any_changed == 'true' | |
| uses: jupyterhub/repo2docker-action@master | |
| with: | |
| FORCE_REPO2DOCKER_VERSION: jupyter-repo2docker==2024.07.0 | |
| DOCKER_REGISTRY: us-central1-docker.pkg.dev | |
| IMAGE_NAME: ${{ env.IMAGE }} | |
| # Disable pushing a 'latest' tag, as this often just causes confusion | |
| LATEST_TAG_OFF: true | |
| # Put repo contents in /srv/repo, rather than the default (/home/jovyan). The home directory | |
| # is mounted over by persistent storage when we are using the built image in a JupyterHub, and | |
| # so all contents put in /home/jovyan are lost. This particularly prevents any 'start' script from | |
| # working, as it is needed in runtime. | |
| REPO_DIR: /srv/repo | |
| # Lets us monitor disks getting full as images get bigger over time | |
| - name: Show how much disk space is left | |
| run: df -h | |
| update-deployment-image-tag: | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| repository-projects: write | |
| env: | |
| HUB: ${{ vars.HUB }} | |
| IMAGE: ${{ vars.IMAGE }} | |
| IMAGE_TAG: ${{ needs.build-and-push.outputs.image-tag }} | |
| steps: | |
| - name: Checkout the datahub repo | |
| if: ${{ env.IMAGE_TAG }} | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.DATAHUB_CREATE_PR }} | |
| fetch-depth: 0 | |
| repository: 'berkeley-dsep-infra/datahub' | |
| sparse-checkout: | | |
| deployments/ | |
| - name: Set git identity | |
| if: ${{ env.IMAGE_TAG }} | |
| run: | | |
| git config --global user.email "${{ vars.IMAGE_BUILDER_BOT_EMAIL }}" | |
| git config --global user.name "${{ vars.IMAGE_BUILDER_BOT_NAME }}" | |
| - name: Update the tag for any deployments that use this image | |
| if: ${{ env.IMAGE_TAG }} | |
| run: | | |
| for deployment in $(grep -lr ${IMAGE} deployments/); do | |
| old_hash=$(grep ${IMAGE} ${deployment} | awk -F":" '{print $3}') | |
| new_hash=${IMAGE_TAG} | |
| sed -i -e "s,${IMAGE}:${old_hash},${IMAGE}:${new_hash},g" ${deployment} | |
| echo "Updated ${deployment} with new image tag ${new_hash}" | |
| done | |
| - name: Create feature branch, add, commit, push changes and open a pull request | |
| if: ${{ env.IMAGE_TAG }} | |
| env: | |
| GH_TOKEN: ${{ secrets.DATAHUB_CREATE_PR }} | |
| run: | | |
| CHANGED_FILES=$(git status --porcelain -uno | awk '{print $2}') | |
| git diff | |
| git checkout -b update-${HUB}-image-tag-${IMAGE_TAG} | |
| # to be safe, only add files that have changed | |
| for file in $(echo -e ${CHANGED_FILES}); do | |
| git add ${file} | |
| done | |
| BRANCH="update-${HUB}-image-tag-${IMAGE_TAG}" | |
| MESSAGE="update ${HUB} image tag to ${IMAGE_TAG}" | |
| git commit -m "${MESSAGE}" | |
| git push origin ${BRANCH} | |
| # | |
| # now create a PR! | |
| # | |
| cat << EOF > ${HOME}/pr-body.txt | |
| ${MESSAGE} | |
| ${CHANGED_FILES} | |
| EOF | |
| BODY=$(cat ${HOME}/pr-body.txt) | |
| gh pr new -t "${MESSAGE}" -b "${BODY}" -H${BRANCH} -Bstaging | |
| - name: Print out a message if no PR is created | |
| if: ${{ ! env.IMAGE_TAG }} | |
| run: | | |
| echo "Image not updated, no push to datahub repo required" |