Docker Publish #255
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Publish | |
| # This workflow will build and publish all public Docker images to the configured registry. | |
| # Set the input `dry_run` to `false` to skip pushing images to the registry. | |
| on: | |
| schedule: | |
| # Weekly on Sunday at 04:45 UTC | |
| - cron: '45 4 * * 0' | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: "Dry run (skip push step)" | |
| type: boolean | |
| required: true | |
| default: true | |
| registry: | |
| description: "Where to upload the images" | |
| required: true | |
| type: choice | |
| options: | |
| - ghcr.io | |
| - docker.io | |
| jobs: | |
| build_meltano_image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| packages: write | |
| security-events: write | |
| env: | |
| DEFAULT_PYTHON: "3.9" # will be used in 'latest' images | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
| steps: | |
| - name: Set the workflow inputs | |
| # This step makes it so that the same workflow inputs can be accessed | |
| # regardless of what event triggered it. | |
| env: | |
| DEFAULT_DRY_RUN: "true" | |
| DEFAULT_REGISTRY: "ghcr.io" | |
| run: | | |
| # Boolean values don't actually work so cast to 'true' and 'false' | |
| # https://github.com/actions/runner/issues/1483 | |
| echo "dry_run=${{ format('{0}', github.event.inputs.dry_run) || env.DEFAULT_DRY_RUN }}" >> $GITHUB_ENV | |
| echo "registry=${{ github.event.inputs.registry || env.DEFAULT_REGISTRY }}" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4.1.5 | |
| - name: Get Meltano version | |
| id: get-meltano-version | |
| run: | | |
| pipx install poetry | |
| poetry version | |
| poetry version --short | |
| echo "release-version=$(poetry version --short)" >> $GITHUB_OUTPUT | |
| - name: Generate tags | |
| id: generate-tags | |
| run: > | |
| python scripts/generate_docker_tags.py | |
| --git-sha ${{ github.sha }} | |
| -v ${{ steps.get-meltano-version.outputs.release-version }} | |
| -p ${{ matrix.python-version }} | |
| -d ${{ env.DEFAULT_PYTHON }} | |
| -r ${{ env.registry }} | |
| > tags | |
| - name: Assemble image tags | |
| id: assemble-tags | |
| run: | | |
| echo "If this is not a dry run, the image will be published with the following tags:" | |
| cat tags | |
| echo 'IMAGE_TAGS<<EOF' >> $GITHUB_ENV | |
| echo "$(cat tags)" >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| - name: Set registry username and password | |
| id: user-and-pass | |
| run: | | |
| if [[ "${{ env.registry }}" == "ghcr.io" ]]; then | |
| echo "username=${{ github.actor }}" >> $GITHUB_OUTPUT | |
| echo "password=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT | |
| fi | |
| if [[ "${{ env.registry }}" == "docker.io" ]]; then | |
| echo "username=meltano" >> $GITHUB_OUTPUT | |
| echo "password=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build, scan, then conditionally push the Docker image for a given Python version | |
| uses: ./.github/actions/docker-build-scan-push | |
| with: | |
| push: ${{ env.dry_run == 'false' }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tags: ${{ env.IMAGE_TAGS }} | |
| registry: ${{ env.registry }} | |
| username: ${{ steps.user-and-pass.outputs.username }} | |
| password: ${{ steps.user-and-pass.outputs.password }} | |
| python-version: ${{ matrix.python-version }} | |
| meltano-version: ${{ steps.get-meltano-version.outputs.release-version }} |