Merge pull request #880 from AlexsLemonade/sjspielman/879-jq-syntax #266
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker Image | |
| # Every time we merge to master or a tag is pushed, we build and push the Docker image | |
| # For pull requests, we only build if one of the following files is modified: | |
| # Dockerfile, renv.lock, requirements.txt, or current-modules.json | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| tags: | |
| - "*" | |
| pull_request: | |
| branches: | |
| - main | |
| - master | |
| paths: | |
| - Dockerfile | |
| - renv.lock | |
| - requirements.txt | |
| - current-modules.json | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| # This workflow contains a single job called "build" | |
| build: | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| # Steps represent a sequence of tasks that will be executed as part of the job | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v5 | |
| - name: Check that current-modules release-tag matches git tag | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| GIT_TAG=${GITHUB_REF#refs/tags/} | |
| MODULES_TAG=$(jq -r '."release-tag"' current-modules.json) | |
| if [ "$GIT_TAG" != "$MODULES_TAG" ]; then | |
| echo "Error: current-modules.json release-tag ($MODULES_TAG) does not match git tag ($GIT_TAG)" | |
| echo "Please update release-tag in current-modules.json to match the git tag (and modules, if needed), then update the GitHub release accordingly." | |
| exit 1 | |
| fi | |
| - name: Load 1Password secrets | |
| uses: 1password/load-secrets-action@v2 | |
| with: | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TRAINING_OP_SERVICE_ACCOUNT_TOKEN }} | |
| DOCKER_USER: ${{ secrets.OP_DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
| ACTION_MONITORING_SLACK: ${{ secrets.OP_ACTION_MONITORING_SLACK }} | |
| # Login to Dockerhub | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USER }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # set up Docker build | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ccdl/training_rstudio | |
| # each github tag will create a matching tag on dockerhub, | |
| # with the most recent given the "latest" tag | |
| # the most recent push to master will get an "edge" tag | |
| tags: | | |
| type=ref,event=tag | |
| type=edge,branch=master | |
| # Build Docker image, push only on push events | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: ${{ github.event_name == 'push' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=registry,ref=ccdl/training_rstudio:buildcache | |
| cache-to: type=registry,ref=ccdl/training_rstudio:buildcache,mode=max | |
| # If we have a failure, Slack us | |
| - name: Report failure to Slack | |
| if: ${{ github.event_name == 'push' }} | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: "failure" | |
| message_format: "Training build & push Docker workflow failed" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ env.ACTION_MONITORING_SLACK }} |