release in workflow #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| tags: [ 'v*.*.*' ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| timeout-minutes: 600 | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: true | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| large-packages: true | |
| swap-storage: false | |
| docker-images: false | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Add Swap | |
| run: | | |
| SWAP_FILE="/mnt/swapfile" | |
| swapon --show | |
| echo "Trying to disable and remove existing swap if needed..." | |
| if swapon --show=NAME | grep -q "$SWAP_FILE"; then | |
| echo "Disabling existing swap at $SWAP_FILE..." | |
| sudo swapoff "$SWAP_FILE" | |
| fi | |
| if [ -f "$SWAP_FILE" ]; then | |
| echo "Removing existing file at $SWAP_FILE..." | |
| sudo rm -f "$SWAP_FILE" | |
| fi | |
| echo "Creating new 32G swap file..." | |
| # sudo fallocate -l 32 "$SWAP_FILE" | |
| sudo dd if=/dev/zero of=$SWAP_FILE bs=1G count=32 | |
| sudo chmod 600 "$SWAP_FILE" | |
| sudo mkswap "$SWAP_FILE" | |
| sudo swapon "$SWAP_FILE" | |
| echo "Final swap status:" | |
| swapon --show | |
| free -h | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/[email protected] | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker cache - restore | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: buildx-${{ runner.os }}-${{ github.sha }} | |
| restore-keys: | | |
| buildx-${{ runner.os }}- | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
| - name: Sign the published Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} | |
| - name: Export wheel from image | |
| run: | | |
| docker create --name temp-container ${{ steps.build-and-push.outputs.imageid }} | |
| docker cp temp-container:/out ./out | |
| docker rm temp-container | |
| - name: Upload .whl to GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TAG_NAME=${GITHUB_REF##*/} | |
| gh release create "$TAG_NAME" ./out/*.whl \ | |
| --title "Release $TAG_NAME" \ | |
| --notes "Auto-release from GitHub Actions" \ | |
| || echo "Release already exists, skipping" |