Update dependency numpy to v1 [SECURITY] #264
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push Docker image | |
on: | |
push: | |
paths: | |
- '.github/workflows/buildDockerImage.yml' | |
- 'Dockerfile' | |
- 'Dockerfile-base' | |
- 'Dockerfile-assets/**' | |
jobs: | |
buildAndPushImage: | |
name: Build and push Docker image | |
if: "!contains(github.event.head_commit.message, '[skip ci]') && github.actor != 'allcontributors'" | |
runs-on: ubuntu-20.04 | |
steps: | |
# Free disk space | |
# Inspiration | |
# - https://github.com/easimon/maximize-build-space/blob/master/action.yml | |
# - https://githubmemory.com/repo/ros-industrial/industrial_ci/issues/648 | |
# - https://github.saobby.my.eu.orgmunity/t/bigger-github-hosted-runners-disk-space/17267/11 | |
- name: Maximize build space | |
run: | | |
sudo apt-get -qq purge build-essential ghc* | |
sudo apt-get clean | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /usr/local/lib/android | |
sudo rm -rf /opt/ghc | |
sudo rm -rf /usr/local/share/boost | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
docker system prune -f | |
# checkout repository | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 | |
# Build Docker image | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to GHCR | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: "${{ secrets.DOCKER_REGISTRY_USERNAME }}" | |
password: "${{ secrets.DOCKER_REGISTRY_TOKEN }}" | |
- id: get-timestamp | |
name: Get timestamp | |
run: | | |
TIMESTAMP=$(date --rfc-3339=seconds | sed 's/ /T/') | |
echo "timestamp=$TIMESTAMP" >> $GITHUB_OUTPUT | |
- name: Copy Dockerfile to Dockerfile-assets | |
run: | | |
cp Dockerfile Dockerfile-assets/ | |
cp Dockerfile-base Dockerfile-assets/ | |
- name: Build base image | |
uses: docker/build-push-action@v2 | |
with: | |
context: Dockerfile-assets | |
file: Dockerfile-base | |
pull: true | |
load: true | |
push: false | |
tags: | | |
ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} | |
labels: | | |
org.opencontainers.image.revision=${{github.sha}} | |
org.opencontainers.image.created=${{steps.get-timestamp.outputs.timestamp}}" | |
cache-from: type=registry,ref=ghcr.io/biosimulators/biosimulators-base:buildcache | |
cache-to: type=registry,ref=ghcr.io/biosimulators/biosimulators-base:buildcache,mode=max | |
- name: Push base Docker image | |
run: docker image push ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} | |
- name: Label base Docker image | |
run: docker image tag ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators-base:latest | |
- name: Maximize build space | |
run: | | |
docker system prune -f | |
- name: Build image | |
uses: docker/build-push-action@v2 | |
with: | |
context: Dockerfile-assets | |
file: Dockerfile | |
pull: false | |
load: true | |
push: false | |
tags: | | |
ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} | |
labels: | | |
org.opencontainers.image.revision=${{github.sha}} | |
org.opencontainers.image.created=${{steps.get-timestamp.outputs.timestamp}}" | |
cache-from: type=registry,ref=ghcr.io/biosimulators/biosimulators:buildcache | |
cache-to: type=registry,ref=ghcr.io/biosimulators/biosimulators:buildcache,mode=max | |
- name: Push Docker image | |
run: docker image push ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} | |
- name: Label Docker image | |
run: docker image tag ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators:latest | |
- name: Maximize build space | |
run: | | |
docker system prune -f | |
# Test Docker image | |
- name: Test Docker image | |
run: | | |
cwd=$(pwd) | |
docker run \ | |
--rm \ | |
--entrypoint bash \ | |
--mount type=bind,source=${cwd},target=/app/Biosimulators \ | |
ghcr.io/biosimulators/biosimulators:latest \ | |
-c " | |
pipenv install --dev --system --deploy | |
/bin/bash /xvfb-startup.sh python -m pytest --forked --verbose Biosimulators/tests/ | |
" | |
# Get version number | |
- id: get-version-number | |
name: Get version number | |
if: startsWith(github.ref, 'refs/tags/') | |
env: | |
TAG: ${{ github.ref }} | |
run: | | |
version="${TAG/refs\/tags\//}" | |
echo "version=$version" >> $GITHUB_OUTPUT | |
# Create GitHub release | |
- name: Create GitHub release | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ steps.get-version-number.outputs.version }} | |
release_name: Release ${{ steps.get-version-number.outputs.version }} | |
# Push Docker image | |
- name: Push Docker image | |
if: startsWith(github.ref, 'refs/tags/') | |
env: | |
VERSION: ${{ steps.get-version-number.outputs.version }} | |
run: | | |
docker image tag ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators-base:${VERSION} | |
docker image tag ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators:${VERSION} | |
docker push ghcr.io/biosimulators/biosimulators-base:${VERSION} | |
docker push ghcr.io/biosimulators/biosimulators-base:latest | |
docker push ghcr.io/biosimulators/biosimulators:${VERSION} | |
docker push ghcr.io/biosimulators/biosimulators:latest |