-
Notifications
You must be signed in to change notification settings - Fork 6
182 lines (177 loc) · 6.72 KB
/
build-all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: Build Notebook Images
on:
push:
branches: [ master ]
tags:
- 'v*.*.*'
pull_request:
branches:
- 'master'
jobs:
build-matrix:
name: Create Build Matrix
runs-on: ubuntu-latest
steps:
-
name: Checkout
id: set-matrix
uses: actions/checkout@v3
with:
fetch-depth: 0 # No shallow clone, we need all history
-
name: Bump version and push tag
if: github.event_name != 'pull_request'
id: tag_version
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Create a GitHub release
if: github.event_name != 'pull_request'
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
- name: generate matrix
id: generate-matrix
env:
RELEASE: ${{ steps.tag_version.outputs.new_tag }}
# run: echo "::set-output name=matrix::{\"include\":[$(for changed_folder in $(dirname $(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) | sort -u); do find $changed_folder -name "*Dockerfile"; done | sed 's/^\|$/"/g'|paste -sd, -)]}"
run: |
if [ -z "${RELEASE}" ];
then
RELEASE="pr"
CHANGED_DIRS=$(git diff-tree --no-commit-id --name-only -r ${{ github.event.pull_request.head.sha }} | xargs -I {} dirname {})
else
CHANGED_DIRS=$(git diff-tree --no-commit-id --name-only -r ${{ github.sha }} | xargs -I {} dirname {})
fi
if [ -z "${CHANGED_DIRS}" ];
then
CHANGED_DIRS=$(dirname $(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}))
if [ "${CHANGED_DIRS}" == "." ];
then
CHANGED_DIRS=
fi
fi
echo "${CHANGED_DIRS}"
DOCKERFILES=$(for CHANGED_DIR in ${CHANGED_DIRS}; do find ${CHANGED_DIR} -name "*Dockerfile"; done | sort -u)
echo "${DOCKERFILES}"
MATRIX_PROJECTS_JSON="["
MATRIX_INCLUDE_JSON="["
for DOCKERFILE in ${DOCKERFILES}; do
DIR=$(dirname ${DOCKERFILE})
if [[ "$(basename ${DOCKERFILE})" == *"cuda"* ]]
then
MATRIX_PROJECTS_JSON+=$(sed 's/^/"/;s/$/"/' <<< "${DIR}"-cuda)
PROJECT="${DIR}"-cuda
else
MATRIX_PROJECTS_JSON+=$(sed 's/^/"/;s/$/"/' <<< "${DIR}")
PROJECT="${DIR}"
fi
echo "{$MATRIX_PROJECTS_JSON}"
MATRIX_INCLUDE_JSON+="{\"path\": \"${DIR}\", \"project\": \"${PROJECT}\", \"dockerfile\": \"${DOCKERFILE}\", \"version\": \"${RELEASE}\"}"
echo "${MATRIC_INCLUDE_JSON}"
done
echo "{$MATRIX_PROJECTS_JSON}"
echo "${MATRIC_INCLUDE_JSON}"
MATRIX_INCLUDE_JSON="${MATRIX_INCLUDE_JSON//\}\{/\}, \{}"
MATRIX_INCLUDE_JSON+="]"
MATRIX_PROJECTS_JSON="${MATRIX_PROJECTS_JSON//\"\"/\", \"}"
MATRIX_PROJECTS_JSON+="]"
MATRIX_JSON="{\"include\": ${MATRIX_INCLUDE_JSON}}"
echo "${MATRIX_JSON}"
CONTINUE_DOCKER_JOB="no"
if [[ "${MATRIX_PROJECTS_JSON}" != "[]" ]]; then
CONTINUE_DOCKER_JOB="yes"
fi
echo "${CONTINUE_DOCKER_JOB}"
echo "::set-output name=continue::${CONTINUE_DOCKER_JOB}"
echo "::set-output name=matrix::${MATRIX_JSON}"
outputs:
matrix: ${{ steps.generate-matrix.outputs.matrix }}
continue: ${{ steps.generate-matrix.outputs.continue }}
build-images:
if: needs.build-matrix.outputs.continue == 'yes'
name: Build and push notebook images
runs-on: ubuntu-latest
needs: build-matrix
strategy:
matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Get latest tag
id: latest_tag
uses: DavidSpek/[email protected]
with:
img: 'ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}'
-
name: Docker meta
id: meta
uses: crazy-max/ghaction-docker-meta@v4
with:
# list of Docker images to use as base name for tags
images: |
kubeflownotebooks/${{ matrix.project }}
ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{raw}},value=${{ steps.latest_tag.outputs.new_v_minor }}
type=sha
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.MY_GITHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v3
with:
context: ${{ matrix.path }}
file: ${{ matrix.dockerfile }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Run Snyk to check Docker image for vulnerabilities
if: ${{ github.event_name != 'pull_request' }}
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@master
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ghcr.io/davidspek/kubeflownotebook-${{ matrix.project }}:${{ steps.latest_tag.outputs.new_v_minor }}
args: --file=${{ matrix.dockerfile }} --exclude-base-image-vulns
- name: Upload result to GitHub Code Scanning
continue-on-error: true
if: ${{ github.event_name != 'pull_request' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif