- Create GH project
- Add submodule to
machina/images
- use https clone link option when adding to allow for anonymous cloning
git submodule add https://github.com/ehrenb/<REPO>.git
git commit -m <MSG>
git push
- Add GH Repository Secrets,
DOCKER_USERNAME
andDOCKER_PASSWORD
for Actions
- Settings -> Secrets and Variables -> Actions
- Create Publish GH workflow
- Actions -> "Skip this and set up a workflow yourself" -> name
docker-image.yml
- Populate using any of the other
docker-image.yml
files (except for machina-docs, which publishes on tag AND main commit)
- Create Docker Hub project, named after
<REPO>
gh auth login
- set a tag version
export TAG=v1.X
- create release (release and tag) for base:
pushd .
cd images/machina-base &&\
gh release create $TAG -t $TAG --generate-notes --latest
popd
Once image(s) are created, continue...
- create release (release and tag) for ghidra base:
pushd .
cd images/machina-base-ghidra &&\
gh release create $TAG -t $TAG --generate-notes --latest
popd
Once image is created, continue...
- tag and push worker modules
Ignore non-zero exit codes, because releases have already been made for some submodules.
git submodule foreach 'gh release create $TAG -t $TAG --generate-notes --latest || :'
- Could poll 'gh workflow view' to detect when an image has built and been pushed, then trigger subsequent releases.
- set a tag version
export TAG=v1.X
- delete release for all modules
git submodule foreach gh release delete $TAG -y --cleanup-tag
Disable a workflow across all repositories
Use '|| :' to ignore non-zero exit codes across 'git submodule foreach'
git submodule foreach 'gh workflow disable "Publish Release" || :'
This old workflow depended on using a 'release' Github Action that triggered a new release when a tag was created. Ultimately, I moved away from this because deleting the tags was still a manual process. To streamline both the creation of tags+releases and the deletion, 'gh release' cli can do all of this without additional Actions.
order matters:
- tag and push base:
pushd .
cd images/machina-base &&\
git tag -a $TAG -m "$TAG" &&|
git push origin $TAG
popd
Once image(s) are created, continue
- tag and push ghidra base
pushd .
cd images/machina-base-ghidra &&\
git tag -a $TAG -m "$TAG" &&|
git push origin $TAG
popd
Once image is created, continue
- tag and push worker modules
git submodule foreach git tag -f -a $TAG -m "$TAG" &&\
git submodule foreach git push -f origin $TAG
By default, to allow for anonymous cloning, repositories are pulled using HTTPS. This defaults the 'push' remote to use HTTPS as well. In order to push to this repository (and all submodules) with SSH instead of HTTPS, set the remote for each repo to its respective SSH url:
cd machina
git remote set-url --push origin [email protected]:ehrenb/machina.git &&\
git submodule foreach 'git remote set-url --push origin [email protected]:ehrenb/${name##*/}.git'
docstrings format: Sphinx
Compose 'depends_on' dependency graph:
cd machina/
docker run --rm -it --name dcv -v $(pwd):/input pmsipilot/docker-compose-viz render -m image --force docker-compose.yml --output-file=topology.png --no-volumes --no-ports --no-networks