Passing GitHub token to Dockerfile #6
Comments
|
Hi Brian, you are trying to render a Out of curiosity, did you create the book from within the Docker? If so, I assume it would not successfully set things for Github? Unless you preset your git/github settings within the Docker? |
|
In this case, I was actually trying to render the BiocBook via GHA. I've tried adapting the script a number of ways, but none of them seems to recognise the GH token. The main changes were in step I also tried exporting the GH token to the env in step name: biocbook
on:
push:
branches:
- master
- devel
- RELEASE_**
jobs:
build-push:
runs-on: ubuntu-latest
name: build-book (${{ github.ref_name }})
permissions:
contents: write
packages: write
steps:
- name: 🧾 Checkout repository
uses: actions/checkout@v3
# - name: ⏳ Collect Workflow Telemetry
# uses: runforesight/workflow-telemetry-action@v1
- name: 🐳 Set up QEMU
uses: docker/setup-qemu-action@v2
- name: 🐳 Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: 📝 Get book info
id: info
env:
OWNER: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "GITHUB_TOKEN=${GITHUB_TOKEN}" >> "${GITHUB_ENV}"
Pkgname=$(grep -m1 -E '^Package: +' DESCRIPTION | sed -E 's/.*: +//')
echo Pkgname=${Pkgname} >> "${GITHUB_ENV}"
pkgname=${Pkgname,,}
echo pkgname=${pkgname} >> "${GITHUB_ENV}"
owner=${OWNER,,}
echo owner=${owner} >> "${GITHUB_ENV}"
echo pkgversion=$(grep -m1 -E '^Version: +' DESCRIPTION | sed -E 's/.*: +//') >> "${GITHUB_ENV}"
- name: 🔐 Log in to the Github Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ env.owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: 🏷 Get metadata for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ env.owner }}/${{ env.pkgname }}
tags: |
${{ github.ref_name }}
${{ env.pkgversion }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'devel') }}
- name: 📦 Install, build and check package in local Docker image
id: docker
uses: docker/build-push-action@v4
env:
GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
with:
context: .
load: true
tags: ${{ steps.meta.outputs.tags }}
build-args: |
BIOC_VERSION=devel
GITHUB_PAT=${{ env.GITHUB_TOKEN }}
- name: 🚀 Push local Docker image to ghcr.io
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
build-args: |
BIOC_VERSION=devel
- name: 📚 Recover pkg artifacts generated during build in local Docker container (pkg bundle and book)
env:
IMG: ${{ steps.docker.outputs.ImageID }}
run: |
SHA=$(docker container create ${{ env.IMG }})
docker container cp ${SHA}:/${{ env.Pkgname }}_${{ env.pkgversion }}.tar.gz .
tar --extract --gzip --file ${{ env.Pkgname }}_${{ env.pkgversion }}.tar.gz
echo bundle_path=${{ env.Pkgname }}_${{ env.pkgversion }}.tar.gz >> "${GITHUB_ENV}"
echo book_path=${{ env.Pkgname }}/inst/doc/book/ >> "${GITHUB_ENV}"
- name: 🏷 Get gh-branch directory to deploy to
run: |
echo target_folder=$(echo ${{ github.ref_name }} | sed 's,RELEASE_,,' | tr '_' '.') >> "${GITHUB_ENV}"
- name: 🚀 Deploy book to Github Pages on versioned branch
uses: JamesIves/github-pages-deploy-action@v4.4.3
with:
folder: ${{ env.book_path }}/
target-folder: docs/${{ env.target_folder }}/
branch: gh-pages
clean: false
- name: 💾 Upload package bundle artifact
uses: actions/upload-artifact@v3
with:
name: bundle
path: ${{ env.bundle_path }}
- name: 💾 Upload book artifact
uses: actions/upload-artifact@v3
with:
name: book
path: ${{ env.book_path }}
Then I modified the Docker container to try and use the GH token when installing packages: |
|
Still running into this issue of not being able to pass the GH token inside the Docker container on GHA via the biocbook.yml workflow. |
My BiocBook package has a bunch of deps that are only available on GH atm, so installing them quickly hits the GH API limit. On GHA, this isn't a problem for building outside of Docker containers. But when trying to build within Docker container, the GH token does not get passed to it automatically.
I think the key step is here:
https://github.com/js2264/BiocBookDemo/blob/556074fdd218f22778653b7a99a3a77ac626ada7/.github/workflows/biocbook.yml#L60
I've been experimenting with some ways of getting around this by passing in the token from the BioBook workflow. I'll keep you posted on any solutions I find, but do let me know if you've already come across some yourself @js2264
Related issues:
Thanks!,
Brian
The text was updated successfully, but these errors were encountered: