Skip to content
Docker Image CI

build on gpu base image #14

Sign in to view logs

build on gpu base image

build on gpu base image #14

Workflow file for this run

.github/workflows/docker-image.yml at 1165e8a
name: Docker Image CI
on:
push:
branches: [ main ]
tags: [ '*.*.*' ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
versionTag:
description: 'Version tag to push to Docker Hub (lowercase, alphanumeric)'
required: true
type: string
jobs:
build_test_push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
steps:
- name: Check out the repository
uses: actions/checkout@v3
- name: Docker prune to save space # If you switch to self-hosted runners, this should be removed.
run: echo y | docker system prune -a
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
with:
cosign-release: 'v1.4.0'
- name: Log into GitHub Packages registry (ghcr.io)
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log into Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/fets-ai/fetsTool_docker_dependencies
flavor: | # Handle prefixing and "latest" generation -- use "tags" property to specify events/tags further
latest=true
tags: |
type=semver,pattern={{version}}
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
# Build Docker Image (but don't push yet -- wait for the test step first).
# https://github.com/docker/build-push-action
- name: Build the image
id: build
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: false
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Push Docker image with Buildx (but don't push on PR)
# https://github.com/docker/build-push-action
# This won't re-build the images fully or anything, they should already exist from the build step and use the cache.
- name: Upload to Docker Hub (docker.io) and GitHub Packages (ghcr.io)
id: upload
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Below is for signing images (keyless) with cosign. But this adds confusing sha256-digest.sig tags to the container registry.
# Leave this commented if container signing is not required.
# # Sign the resulting Docker image digest except on PRs.
# # Uses cosign keyless signing: https://github.com/sigstore/cosign/blob/main/KEYLESS.md
# # This will only write to the public Rekor transparency log when the Docker
# # repository is public to avoid leaking data. If you would like to publish
# # transparency data even for private images, pass --force to cosign below.
# # https://github.com/sigstore/cosign
#- name: Sign published Docker image (ghcr.io)
# if: ${{ github.event_name != 'pull_request' }}
# env:
# COSIGN_EXPERIMENTAL: "true"
# # This step uses the identity token to provision an ephemeral certificate
# # against the sigstore community Fulcio instance.
# run: cosign sign ghcr.io/fets-ai/front-end@${{ steps.upload.outputs.digest }}