-
Notifications
You must be signed in to change notification settings - Fork 0
162 lines (141 loc) · 5.77 KB
/
docker.yml
File metadata and controls
162 lines (141 loc) · 5.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Build, push and archive Docker image
on:
release:
types: [published]
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
ZENODO_TOKEN: ${{ secrets.ZENODO_TOKEN }}
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v5
- name: Skip if template has not been initialised
id: guard
run: |
# {{ZENODO_DOI}} is documented to remain unsubstituted until the first
# GitHub release mints the concept DOI — so don't treat it as a blocker.
# See docs/fair4rs-checklist.md.
placeholder_files=$(grep -rln '{{[A-Z_]\+}}' . --include='*.md' --include='*.yml' --include='*.yaml' --include='*.json' --include='*.cff' --include='*.py' --include='*.toml' 2>/dev/null \
| grep -v 'claude/skills/init-template/' \
| while read f; do
if grep -oE '\{\{[A-Z_]+\}\}' "$f" | grep -qv '{{ZENODO_DOI}}'; then
echo "$f"
fi
done)
if [ -n "$placeholder_files" ]; then
echo "::notice::Template placeholders detected ({{...}} tokens). Run /init-template before releasing. Skipping Docker build."
echo "skip=true" >> "$GITHUB_OUTPUT"
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
- name: Log in to GHCR
if: steps.guard.outputs.skip != 'true'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
if: steps.guard.outputs.skip != 'true'
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
type=raw,value=latest
- name: Build and push
if: steps.guard.outputs.skip != 'true'
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# ----- Optional: archive the Docker image to Zenodo -----
# Set the GitHub secret ZENODO_TOKEN to enable. Image is uploaded to
# Zenodo as a separate deposit with its own DOI (per FAIR4RS F1.2).
- name: Export Docker image
if: ${{ env.ZENODO_TOKEN != '' && steps.guard.outputs.skip != 'true' }}
run: |
TAG="${{ github.event.release.tag_name || 'latest' }}"
docker save ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG#v} \
| gzip > docker-image.tar.gz
echo "IMAGE_FILE=docker-image.tar.gz" >> $GITHUB_ENV
echo "IMAGE_TAG=${TAG}" >> $GITHUB_ENV
ls -lh docker-image.tar.gz
- name: Upload Docker image to Zenodo
if: ${{ env.ZENODO_TOKEN != '' && steps.guard.outputs.skip != 'true' }}
run: |
set -euo pipefail
REPO_NAME="${{ github.event.repository.name }}"
TAG="${IMAGE_TAG}"
REPO_URL="${{ github.event.repository.html_url }}"
RESPONSE=$(curl -s -X POST "https://zenodo.org/api/deposit/depositions" \
-H "Authorization: Bearer ${ZENODO_TOKEN}" \
-H "Content-Type: application/json" \
-d '{}')
DEPOSIT_ID=$(echo "$RESPONSE" | jq -r '.id')
BUCKET_URL=$(echo "$RESPONSE" | jq -r '.links.bucket')
if [ "$DEPOSIT_ID" = "null" ] || [ -z "$DEPOSIT_ID" ]; then
echo "::error::Failed to create Zenodo deposit: $RESPONSE"
exit 1
fi
echo "Created Zenodo deposit: $DEPOSIT_ID"
FILENAME="${REPO_NAME}-${TAG}-docker.tar.gz"
curl -s -X PUT "${BUCKET_URL}/${FILENAME}" \
-H "Authorization: Bearer ${ZENODO_TOKEN}" \
-H "Content-Type: application/octet-stream" \
-T docker-image.tar.gz \
--progress-bar | cat
echo "Uploaded ${FILENAME}"
METADATA=$(cat <<METAEOF
{
"metadata": {
"title": "${REPO_NAME} ${TAG} — Docker container image",
"upload_type": "software",
"description": "Docker container image for <a href='${REPO_URL}'>${REPO_NAME}</a> ${TAG}. Built from the Dockerfile in the repository. Load with: <code>docker load < ${FILENAME}</code>",
"creators": [
{
"name": "${{ github.actor }}"
}
],
"keywords": [
"docker",
"container",
"reproducible-research",
"FORRT",
"FAIR4RS"
],
"license": "MIT",
"related_identifiers": [
{
"identifier": "${REPO_URL}",
"relation": "isSupplementTo",
"resource_type": "software",
"scheme": "url"
}
],
"version": "${TAG}"
}
}
METAEOF
)
curl -s -X PUT "https://zenodo.org/api/deposit/depositions/${DEPOSIT_ID}" \
-H "Authorization: Bearer ${ZENODO_TOKEN}" \
-H "Content-Type: application/json" \
-d "$METADATA"
PUBLISH_RESPONSE=$(curl -s -X POST \
"https://zenodo.org/api/deposit/depositions/${DEPOSIT_ID}/actions/publish" \
-H "Authorization: Bearer ${ZENODO_TOKEN}")
DOI=$(echo "$PUBLISH_RESPONSE" | jq -r '.doi')
echo "Published Docker image to Zenodo with DOI: ${DOI}"
echo "ZENODO_DOI=${DOI}" >> $GITHUB_ENV