Skip to content

Deploy Docker Image #178

Deploy Docker Image

Deploy Docker Image #178

---
name: Deploy Docker Image
on:
workflow_dispatch: # give possibility to run it manually
schedule:
- cron: "0 0 * * Wed,Sun" # Run every day at midnight UTC
permissions: write-all
env:
REGISTRY: ghcr.io
R_REPOS: "https://cran.r-project.org"
OLD_RELEASE: "4.3"
concurrency:
group: deploy-docker-image-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
get_old_release:
name: Get Old Release Version
runs-on: ubuntu-latest
outputs:
oldrel: ${{ steps.oldrelease.outputs.oldrelease }}
steps:
- name: get old release
id: oldrelease
run: echo "oldrelease=${{ env.OLD_RELEASE }}" >> $GITHUB_OUTPUT
deploy-image:
name: Deploy Image
runs-on: ubuntu-latest
needs: ["get_old_release"]
strategy:
fail-fast: false
matrix:
tags: ["devel", "4.4.1", "${{ needs.get_old_release.outputs.oldrel }}"]
# Token permissions
permissions:
contents: read
packages: write
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Set image specs
id: image_specs
run: |
package_name=$(grep "Package:" DESCRIPTION | awk '{print $NF}')
r_version="${{ matrix.tags }}"
image_name="${package_name}-${r_version}"
########### LATEST aka RELEAESE IMAGE NAME ###########
if [ "$r_version" == "4.4.1" ]; then
image_name="${package_name}-release"
fi
########### DEVEL IMAGE NAME ###########
if [ "$r_version" == "devel" ]; then
R_REPOS="https://packagemanager.posit.co/cran/__linux__/focal/latest"
fi
########### OLDREL IMAGE NAME ###########
if [ "$r_version" == "${{ env.OLD_RELEASE }}" ]; then
image_name="${package_name}-oldrel"
fi
#### Set outputs ####
echo "r_repos=$R_REPOS" >> $GITHUB_OUTPUT
echo "image_name=${image_name}" >> $GITHUB_OUTPUT
- name: Call deploy docker image action ${{ matrix.tags }}
uses: insightsengineering/r-image-creator@v1
with:
image-name: "${{ steps.image_specs.outputs.image_name }}"
tag-latest: true
base-image: "rocker/rstudio:${{ matrix.tags }}"
sysdeps: "curl,libcurl4-openssl-dev,libfreetype6-dev,libfontconfig1-dev,libfribidi-dev,libgit2-dev,libharfbuzz-dev,libicu-dev,libjpeg-dev,libpng-dev,libssl-dev,libtiff-dev,libxml2-dev,libxt-dev,make,npm,pandoc,qpdf,zlib1g-dev"
description-file: "https://raw.githubusercontent.com/pharmaverse/admiral/main/DESCRIPTION"
repository-owner: ${{ github.repository_owner }}
repo-user: ${{ github.actor }}
repo-token: "${{ secrets.GITHUB_TOKEN }}"
repos: ${{ steps.image_specs.outputs.r_repos }}
packages: "DT,R.cache,R.methodsS3,R.oo,R.utils,backports,cellranger,collections,covr,crosstalk,cyclocomp,diffdf,git2r,hunspell,languageserver,lazyeval,lintr,pak,progress,readxl,rematch,renv,rex,spelling,staged.dependencies,styler,xmlparsedata"
store_deps:
name: Upload Image Manifests
runs-on: ubuntu-latest
needs: ["get_old_release", "deploy-image"]
container:
image: "ghcr.io/pharmaverse/admiralci-${{ matrix.tags }}:latest"
strategy:
fail-fast: false # if one of the job "deploy-image" fails, the other parallel jobs will just continue
matrix:
tags: ["devel", "latest", "${{ needs.get_old_release.outputs.oldrel }}"]
env:
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Store deps into csv file - image ${{ matrix.tags }}
id: store_deps
run: |
installed_packages <- as.data.frame(installed.packages())
r_version <- "${{ matrix.tags }}"
if (r_version == "${{ needs.get_old_release.outputs.oldrel }}"){
r_version <- "oldrelease"
}
content <- sprintf("r_version=%s\n", r_version)
output_file <- Sys.getenv("GITHUB_OUTPUT")
write(content, file = output_file, append = TRUE)
write.csv(installed_packages, sprintf("/workspace/deps-%s.csv", r_version), row.names = FALSE)
shell: Rscript {0}
- name: Delete current release existing artifacts
uses: mknejp/delete-release-assets@v1
with:
token: ${{ github.token }}
tag: "latest"
fail-if-no-assets: false
assets: |
Dependencies.list.of.docker.image.admiralci-${{ steps.store_deps.outputs.r_version }}.csv
- name: Upload SBOM to release 🔼
uses: svenstaro/upload-release-action@v2
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
file: "/workspace/deps-${{ steps.store_deps.outputs.r_version }}.csv"
asset_name: "Dependencies list of docker image admiralci-${{ steps.store_deps.outputs.r_version }}.csv"
tag: "latest"
overwrite: true
# refacto todo: image-name, sysdeps on get-renv-list job
# note: in case of 403 error when pushing to ghcr : link current repo to the given package registry - https://github.com/docker/build-push-action/issues/687
# (got to https://github.com/<user name>?tab=packages to go to packages settings) and there https://github.com/users/<user name>/packages/container/admiralci-4.0/settings