ramius #68
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ramius | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| job_setup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: retrieve ${{ github.event.repository.name }} project | |
| uses: actions/checkout@v5 | |
| - id: sbom | |
| name: retrieve and interpolate versions and tags for upstream dependencies | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # retrieve equivalent semantic version (x.y) of almalinux image latest tag | |
| read -r almalinux <<< $( | |
| echo '{}' \ | |
| | jq -r \ | |
| --compact-output \ | |
| --arg version_latest "$(./utils/equate_tag_semver "docker.io/library/almalinux:9")" \ | |
| '{almalinux: {version: $version_latest }}' | |
| ) | |
| # retrieve equivalent version of coverity image latest tag | |
| read -r coverity <<< $( | |
| echo '{}' \ | |
| | jq -r \ | |
| --compact-output \ | |
| --arg version_latest "$(./utils/equate_tag "ghcr.io/mantidproject/cov-analysis-linux64:latest" | jq -r '.[]')" \ | |
| '{coverity: {version: $version_latest }}' | |
| ) | |
| # retrieve version and download_url for github actions runner | |
| gha_runner=$( | |
| curl -s https://api.github.com/repos/actions/runner/releases/latest | |
| ) | |
| if ! parsed=$(jq -e --compact-output '{ | |
| gha_runner: { | |
| download_url: (.assets[] | select(.name | test("linux-x64")) | .browser_download_url), | |
| version: (.name) | |
| } | |
| }' <<< "${gha_runner}" 2>/dev/null); then | |
| echo "Error parsing GitHub API response:" >&2 | |
| echo "${gha_runner}" >&2 | |
| exit 1 | |
| fi | |
| read -r gha_runner <<< "${parsed}" | |
| echo -n "JSON=" >> $GITHUB_OUTPUT | |
| ( | |
| echo -n "${almalinux}" | |
| echo -n "${coverity}" | |
| echo -n "${gha_runner}" | |
| ) \ | |
| | jq -r -s --compact-output '. | add' >> $GITHUB_OUTPUT | |
| outputs: | |
| sbom: ${{ steps.sbom.outputs.JSON }} | |
| job_debug: | |
| needs: job_setup | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: almalinux:9.7 | |
| - name: debug | |
| run: | | |
| echo ${{ toJSON(needs.job_setup.outputs.sbom) }} | jq -r '.' | |
| echo ${{ toJSON(steps.meta.outputs) }} | jq -r '.' | |
| job_docker: | |
| needs: job_setup | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: retrieve ${{ github.event.repository.name }} project | |
| uses: actions/checkout@v5 | |
| - name: setup buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository_owner }}/github-runner-coverity | |
| labels: | | |
| org.opencontainers.image.title=GitHub Runner with Coverity | |
| org.opencontainers.image.description=Github Runner w/ Coverity on AlmaLinux ${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }} | |
| org.opencontainers.image.vendor=Mantid Project | |
| org.opencontainers.image.licenses=GPL-3.0 | |
| org.opencontainers.image.documentation=https://github.com/mantidproject/dockerfiles/blob/main/README.md | |
| - name: build and push - github runner w/ coverity | |
| uses: docker/build-push-action@v6 | |
| with: | |
| labels: | | |
| org.opencontainers.image.title=GitHub Runner with Coverity | |
| org.opencontainers.image.description=Github Runner w/ Coverity on AlmaLinux ${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }} | |
| push: true | |
| context: Linux/coverity/docker | |
| tags: ghcr.io/${{ github.repository_owner }}/github-runner-coverity:${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }} | |
| provenance: false | |
| build-args: | | |
| "ALMALINUX_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }}" | |
| "COVERITY_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}" | |
| "GHA_RUNNER_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).gha_runner.version }}" | |
| "GHA_RUNNER_DOWNLOAD=${{ fromJSON(needs.job_setup.outputs.sbom).gha_runner.download_url }}" | |
| secrets: | | |
| "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" | |
| # outputs: | | |
| # "type=image,name=target,annotation-index.org.opencontainers.image.description=Github Runner w/ Coverity v${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }} | |
| # annotations: | | |
| # index:org.opencontainers.image.description=Github Runner w/ Coverity v${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }} on AlmaLinux ${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }} |