From 3059374e53596e733272aa0d9361ba5fa35d08ef Mon Sep 17 00:00:00 2001 From: wysiwys Date: Mon, 10 Feb 2025 16:53:28 +0100 Subject: [PATCH 1/2] implement retag workflow and use latest image --- .github/workflows/c.yml | 15 ++++++-- .github/workflows/docker-c-latest.yml | 54 +++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/docker-c-latest.yml diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index c6a2b8f7f..0703593da 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -8,6 +8,11 @@ on: workflow_dispatch: merge_group: +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-c + VERSION_TAG: latest + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -28,12 +33,14 @@ jobs: outputs: # only run if files in `.docker/c/` unchanged should-run: ${{ steps.changes.outputs.docker-c == 'false' }} + image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION_TAG }} extract: needs: [setup] if: ${{ needs.setup.outputs.should-run == 'true' }} runs-on: ubuntu-latest - container: franziskus/libcrux-c:latest + container: + image: ${{ needs.setup.outputs.image }} defaults: run: working-directory: libcrux-ml-kem @@ -57,7 +64,8 @@ jobs: needs: [setup] if: ${{ needs.setup.outputs.should-run == 'true' }} runs-on: ubuntu-latest - container: franziskus/libcrux-c:latest + container: + image: ${{ needs.setup.outputs.image }} defaults: run: working-directory: libcrux-ml-kem @@ -82,7 +90,8 @@ jobs: needs: [setup] if: ${{ needs.setup.outputs.should-run == 'true' }} runs-on: ubuntu-latest - container: franziskus/libcrux-c:latest + container: + image: ${{ needs.setup.outputs.image }} defaults: run: working-directory: libcrux-ml-dsa diff --git a/.github/workflows/docker-c-latest.yml b/.github/workflows/docker-c-latest.yml new file mode 100644 index 000000000..c8affce7c --- /dev/null +++ b/.github/workflows/docker-c-latest.yml @@ -0,0 +1,54 @@ +name: Publish latest Docker C extraction container + +on: + workflow_dispatch: + pull_request: + branches: ['main'] + paths: ['.docker/c/**'] + types: + - closed + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-c + SOURCE_TAG: unstable + TARGET_TAG: latest + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + setup: + # Only run if PR merged + if: ${{ github.event.pull_request.merged == true }} + runs-on: ubuntu-latest + steps: + - name: Setup tag names + run: echo "Setting up tag names..." + outputs: + source_image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.SOURCE_TAG }} + target_image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TARGET_TAG }} + + + publish: + needs: [setup] + runs-on: ubuntu-latest + + # We need write access to packages + permissions: + contents: read + packages: write + id-token: write + + steps: + - uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Retag and push Docker image + id: push + run: docker pull ${{ needs.setup.outputs.source_image }} && docker tag ${{ needs.setup.outputs.source_image }} ${{ needs.setup.outputs.target_image }} && docker push ${{ needs.setup.outputs.target_image }} From 1adb352b6613f7f6efcf5b0ab9e16fbf2151725e Mon Sep 17 00:00:00 2001 From: clara <144733119+wysiwys@users.noreply.github.com> Date: Tue, 11 Feb 2025 08:18:49 +0100 Subject: [PATCH 2/2] use pipe to run multiple commands Co-authored-by: Franziskus Kiefer --- .github/workflows/docker-c-latest.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-c-latest.yml b/.github/workflows/docker-c-latest.yml index c8affce7c..219e7e5f9 100644 --- a/.github/workflows/docker-c-latest.yml +++ b/.github/workflows/docker-c-latest.yml @@ -51,4 +51,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Retag and push Docker image id: push - run: docker pull ${{ needs.setup.outputs.source_image }} && docker tag ${{ needs.setup.outputs.source_image }} ${{ needs.setup.outputs.target_image }} && docker push ${{ needs.setup.outputs.target_image }} + run: | + docker pull ${{ needs.setup.outputs.source_image }} + docker tag ${{ needs.setup.outputs.source_image }} ${{ needs.setup.outputs.target_image }} + docker push ${{ needs.setup.outputs.target_image }}