create-env: Rebuild with newer Buildah, base, deps and fixes #147
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Build & Push: create-env' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - images/create-env/* | |
| - .github/workflows/create-env.yaml | |
| pull_request: | |
| paths: | |
| - images/create-env/* | |
| - .github/workflows/create-env.yaml | |
| jobs: | |
| build: | |
| name: Build & Push | |
| runs-on: ubuntu-24.04 | |
| container: | |
| # travier/podman-action contains newer podman/buildah versions. | |
| image: quay.io/travier/podman-action | |
| options: --privileged | |
| env: | |
| MAJOR_VERSION: 3 | |
| MINOR_VERSION: 1 | |
| IMAGE_NAME: create-env | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| run: | | |
| podman run --rm --privileged \ | |
| docker.io/tonistiigi/binfmt --install arm64 | |
| - name: Install Tools | |
| run: | | |
| set -eu | |
| # jq is not installed in travier/podman-action | |
| dnf install -qy \ | |
| jq | |
| rpm -q \ | |
| buildah podman \ | |
| coreutils findutils sed \ | |
| curl jq \ | |
| | ( | |
| while read -r line ; do | |
| printf %s\\n "${line}" | |
| case "${line}" in (*' not installed'*) | |
| err=1 ;; | |
| esac | |
| done | |
| exit "${err-0}" | |
| ) | |
| - name: Prepare | |
| id: prepare | |
| run: | | |
| curl -sSL \ | |
| 'https://raw.githubusercontent.com/bioconda/bioconda-common/master/common.sh' \ | |
| | sed -n \ | |
| 's/BIOCONDA_UTILS_TAG=v/bioconda_utils_version=/p' \ | |
| >> $GITHUB_OUTPUT | |
| - name: Build | |
| id: build | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: >- | |
| latest | |
| ${{ env.MAJOR_VERSION }} | |
| ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }} | |
| archs: amd64,arm64 | |
| context: ./images/${{ env.IMAGE_NAME }} | |
| containerfiles: | | |
| ./images/${{ env.IMAGE_NAME }}/Dockerfile | |
| build-args: | | |
| bioconda_utils_version=${{ steps.prepare.outputs.bioconda_utils_version }} | |
| - name: Test | |
| run: | | |
| set -x | |
| image='${{ steps.build.outputs.image }}' | |
| for tag in ${{ steps.build.outputs.tags }} ; do | |
| buildah manifest inspect \ | |
| "${image}:${tag}" \ | |
| | jq '.manifests|{([.[].digest]|sort|join("+")): [.[]|["'"${tag}"'", .platform.architecture, .digest]|join(" ")]}' | |
| done \ | |
| | jq -rs 'add|add[]' \ | |
| | while read tag arch digest ; do | |
| podman images --format='{{.ID}}|{{.Digest}}|{{.RepoDigests}}' \ | |
| | sed -n "/${digest}/{s/|.*//p;q}" \ | |
| | xargs -n1 -- \ | |
| sh -xc \ | |
| 'podman history "${1}" ; podman inspect "${1}"' -- | |
| buildah bud \ | |
| --arch="${arch}" \ | |
| --build-arg=base="${image}:${tag}" \ | |
| --file=Dockerfile.test \ | |
| "images/${image}" | |
| done | |
| buildah rmi --prune || true | |
| - name: Check Tags | |
| run: | | |
| # FIX upstream: Quay.io does not support immutable images currently. | |
| # => Try to use the REST API to check for duplicate tags. | |
| response="$( | |
| curl -sL \ | |
| 'https://quay.io/api/v1/repository/bioconda/${{ steps.build.outputs.image }}/tag/' | |
| )" | |
| existing_tags="$( | |
| printf %s "${response}" \ | |
| | jq -r '.tags[]|select(.end_ts == null or .end_ts >= now)|.name' | |
| )" \ | |
| || { | |
| printf %s\\n \ | |
| 'Could not get list of image tags.' \ | |
| 'Does the repository exist on Quay.io?' \ | |
| 'Quay.io REST API response was:' \ | |
| "${response}" | |
| exit 1 | |
| } | |
| for tag in ${{ steps.build.outputs.tags }} ; do | |
| case "${tag}" in | |
| latest | '${{ env.MAJOR_VERSION }}' ) ;; | |
| * ) | |
| if printf %s "${existing_tags}" | grep -qxF "${tag}" ; then | |
| printf 'Tag %s already exists!\n' "${tag}" | |
| exit 1 | |
| fi | |
| esac | |
| done | |
| - if: ${{ github.ref == 'refs/heads/main' }} | |
| name: Push | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build.outputs.image }} | |
| tags: ${{ steps.build.outputs.tags }} | |
| registry: ${{ secrets.QUAY_BIOCONDA_REPO }} | |
| username: ${{ secrets.QUAY_BIOCONDA_USERNAME }} | |
| password: ${{ secrets.QUAY_BIOCONDA_TOKEN }} | |
| - if: ${{ github.ref == 'refs/heads/main' }} | |
| name: Test Pushed | |
| run: | | |
| set -x | |
| image='${{ steps.build.outputs.image }}' | |
| for tag in ${{ steps.build.outputs.tags }} ; do | |
| buildah manifest inspect \ | |
| "${image}:${tag}" \ | |
| | jq '.manifests|{([.[].digest]|sort|join("+")): [.[]|["'"${tag}"'", .platform.architecture, .digest]|join(" ")]}' | |
| done \ | |
| | jq -rs 'add|add[]' \ | |
| | while read tag arch digest ; do | |
| podman images --format='{{.ID}}|{{.Digest}}|{{.RepoDigests}}' \ | |
| | sed -n "/${digest}/{s/|.*//p;q}" \ | |
| | xargs -n1 -- \ | |
| sh -xc \ | |
| 'podman history "${1}" ; podman inspect "${1}"' -- | |
| buildah bud \ | |
| --arch="${arch}" \ | |
| --build-arg=base="${image}:${tag}" \ | |
| --file=Dockerfile.test \ | |
| "images/${image}" | |
| done | |
| buildah rmi --prune || true |