Build and Publish Image #88

Workflow file for this run

.github/workflows/build_push.yml at a04b794

	---
	name: Build and Publish Image

	env:
	REGISTRY: ghcr.io
	CRAN_PM: https://packagemanager.posit.co/cran/__linux__
	OS_NAME: ubuntu
	OS_VERSION: jammy

	on:
	workflow_dispatch:
	inputs:
	r_version:
	description: R Version
	required: true
	type: choice
	default: "4.3.2"
	options:
	- "4.3.2"
	- "latest"
	quarto_version:
	description: Quarto version
	required: true
	type: choice
	default: "1.3.450"
	options:
	- "1.3.450"
	- "latest"
	pandoc_version:
	description: Pandoc version
	required: true
	type: choice
	default: "2.9.2.1"
	options:
	- "2.9.2.1"
	- "latest"
	cran_snapshot_date:
	description: CRAN packages snapshot date (YYYY-MM-DD)
	required: true
	type: choice
	default: "2024-01-12"
	options:
	- "2024-01-12"
	- "latest"
	custom_tag:
	description: Custom image tag
	required: false
	default: ""
	type: string

	jobs:
	build_publish:
	name: Build and Publish Image
	runs-on: ubuntu-latest

	permissions:
	packages: write

	steps:
	- name: Checkout project ⬇️
	uses: actions/checkout@v4

	- name: Checkout Rocker project ⬇️
	uses: actions/checkout@v4
	with:
	repository: rocker-org/rocker-versioned2
	path: ./rocker_scripts
	ref: master

	- name: Set up Docker Buildx 📐
	uses: docker/setup-buildx-action@v3
	with:
	install: true

	- name: Log in to the container registry 🗝️
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set build variables ✏️
	id: build_vars
	shell: bash
	run: \|
	echo "IMAGE_DATE_TAG=$(date +%Y.%m.%d)" >> $GITHUB_OUTPUT
	CRAN_DATE=$(echo ${{ github.event.inputs.cran_snapshot_date }} \| sed 's/-/\./g')
	IMAGE_NAME=${{ env.REGISTRY }}/${{ github.repository_owner }}/r_${{ github.event.inputs.r_version }}_cran_${CRAN_DATE}
	echo "IMAGE_NAME=${IMAGE_NAME,,}" >> $GITHUB_OUTPUT

	- name: Docker metadata 🐋
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ steps.build_vars.outputs.IMAGE_NAME }}
	tags: \|
	${{ steps.build_vars.outputs.IMAGE_DATE_TAG }}
	${{ github.event.inputs.custom_tag }}
	type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
	labels: \|
	org.opencontainers.image.description=Image used in CI workflows by the Boehringer-Ingelheim organisation
	org.opencontainers.image.vendor=Boehringer-Ingelheim

	- name: Build and push image 🛠️
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./Dockerfile
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	annotations: ${{ steps.meta.outputs.annotations }}
	platforms: linux/amd64
	cache-from: type=registry,ref=${{ steps.build_vars.outputs.IMAGE_NAME }}:cache
	cache-to: type=registry,ref=${{ steps.build_vars.outputs.IMAGE_NAME }}:cache,mode=min
	build-args: \|
	R_VERSION=${{ github.event.inputs.r_version }}
	CRAN=${{ env.CRAN_PM }}/${{ env.OS_VERSION }}/${{ github.event.inputs.cran_snapshot_date }}
	OS_NAME=${{ env.OS_NAME }}
	OS_VERSION=${{ env.OS_VERSION }}
	PANDOC_VERSION=${{ github.event.inputs.pandoc_version }}
	QUARTO_VERSION=${{ github.event.inputs.quarto_version }}

	outputs:
	IMAGE: ${{ steps.build_vars.outputs.IMAGE_NAME }}
	TAG: ${{ steps.build_vars.outputs.IMAGE_DATE_TAG }}

	create-release:
	if: github.ref_name == 'main'
	needs: build_publish

	name: Create release
	runs-on: ubuntu-latest

	permissions:
	contents: write

	steps:
	- name: Generate release body 📜
	id: build-release
	shell: bash
	run: \|
	NORMALISED_IMAGE=$(echo '${{ needs.build_publish.outputs.IMAGE }}' \| sed 's/\//_/g')
	echo "TAGGED_IMAGE=${{ needs.build_publish.outputs.IMAGE }}:${{ needs.build_publish.outputs.TAG }}" >> $GITHUB_OUTPUT
	echo "MANIFEST_OUTPUT_FILENAME=Image_manifest_$NORMALISED_IMAGE.json" >> $GITHUB_OUTPUT
	echo "R_PKG_OUTPUT_FILENAME=R_package_list_$NORMALISED_IMAGE.csv" >> $GITHUB_OUTPUT
	echo "SBOM_OUTPUT_FILENAME=SBOM_for_$NORMALISED_IMAGE.spdx.json" >> $GITHUB_OUTPUT

	- name: Generate image manifest and R package list 🛞
	shell: bash
	run: \|
	docker manifest inspect ${{ steps.build-release.outputs.TAGGED_IMAGE }} > ${{ steps.build-release.outputs.MANIFEST_OUTPUT_FILENAME }}
	docker run -v ${PWD}:/app ${{ steps.build-release.outputs.TAGGED_IMAGE }} \
	R -q -e 'write.csv(installed.packages(), file="/app/${{ steps.build-release.outputs.R_PKG_OUTPUT_FILENAME }}")'

	- name: Generate SBOM 📃
	uses: anchore/sbom-action@v0
	with:
	image: "${{ steps.build-release.outputs.TAGGED_IMAGE }}"
	output-file: "${{ github.workspace }}/${{ steps.build-release.outputs.SBOM_OUTPUT_FILENAME }}"

	- name: Upload artifacts to release ⬆️
	uses: marvinpinto/action-automatic-releases@latest
	with:
	prerelease: false
	repo_token: "${{ secrets.GITHUB_TOKEN }}"
	automatic_release_tag: ${{ needs.build_publish.outputs.TAG }}
	title: ${{ needs.build_publish.outputs.TAG }}
	files: \|
	${{ steps.build-release.outputs.MANIFEST_OUTPUT_FILENAME }}
	${{ steps.build-release.outputs.R_PKG_OUTPUT_FILENAME }}
	${{ steps.build-release.outputs.SBOM_OUTPUT_FILENAME }}

	sec_ops:
	if: github.ref_name == 'main'
	needs: build_publish

	permissions:
	security-events: write

	name: Update security artifacts
	uses: boehringer-ingelheim/dv.ci-images/.github/workflows/secops.yml@main
	with:
	image_tag: "${{ needs.build_publish.outputs.image }}:${{ needs.build_publish.outputs.tag }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Publish Image #88

Workflow file

Build and Publish Image #88

Jobs

Run details

Workflow file for this run