Docker Images #4122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Images | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: '1 0 * * *' | |
release: | |
types: [published] | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
docker: | |
name: Build, test, and publish Docker images to Docker Hub | |
permissions: | |
contents: read | |
packages: write # for docker to push to registry | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Prepare | |
id: prep | |
run: | | |
DOCKER_IMAGE=pyhf/pyhf | |
VERSION=latest | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=${GITHUB_REF_NAME} | |
elif [[ $GITHUB_REF == refs/pull/* ]]; then | |
VERSION=pr-${{ github.event.number }} | |
fi | |
TAGS="${DOCKER_IMAGE}:${VERSION}" | |
TAGS="$TAGS,${DOCKER_IMAGE}:latest,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" | |
# Releases also have GITHUB_REFs that are tags, so reuse VERSION | |
if [ "${{ github.event_name }}" = "release" ]; then | |
TAGS="$TAGS,${DOCKER_IMAGE}:latest-stable,ghcr.io/${{github.repository}}:latest-stable,ghcr.io/${{github.repository}}:${VERSION}" | |
fi | |
echo "steps.prep.outputs.version=${VERSION}" | |
echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
echo "steps.prep.outputs.tags=${TAGS}" | |
echo "tags=${TAGS}" >> $GITHUB_OUTPUT | |
echo "steps.prep.outputs.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test build | |
id: docker_build_test | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
tags: ${{ steps.prep.outputs.tags }} | |
labels: | | |
org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
org.opencontainers.image.created=${{ steps.prep.outputs.created }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
load: true | |
push: false | |
- name: Image digest | |
run: echo ${{ steps.docker_build_test.outputs.digest }} | |
- name: List built images | |
run: docker images | |
- name: Run CLI API check | |
run: | | |
printf "\npyhf\n" | |
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} | |
printf "\npyhf --version\n" | |
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --version | |
printf "\npyhf --help\n" | |
docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --help | |
- name: Check for curl and tar | |
run: >- | |
docker run --rm | |
--entrypoint /bin/bash | |
pyhf/pyhf:sha-${GITHUB_SHA::8} | |
-c "which curl; which tar" | |
- name: Build and publish to registry | |
# every PR will trigger a push event on main, so check the push event is actually coming from main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'scikit-hep/pyhf' | |
id: docker_build_latest | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
tags: | | |
pyhf/pyhf:latest | |
ghcr.io/${{ github.repository }}:latest | |
labels: | | |
org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
org.opencontainers.image.created=${{ steps.prep.outputs.created }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
- name: Build and publish to registry with release tag | |
if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' | |
id: docker_build_release | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: docker/Dockerfile | |
tags: ${{ steps.prep.outputs.tags }} | |
labels: | | |
org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
org.opencontainers.image.created=${{ steps.prep.outputs.created }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
push: true | |
platforms: linux/amd64,linux/arm64 |