From e6ba29ca6cc0c25b87d7c417057cc9e792cc4e18 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 00:45:34 -0500 Subject: [PATCH 01/26] Add seperate Docker workflow --- .github/workflows/docker.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000000..79029bd68d --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,34 @@ +name: Docker + +on: + push: + branches: "master" + pull_request: + # Run daily at 0:01 UTC + schedule: + - cron: '1 0 * * *' + workflow_dispatch: + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + id: docker_build + uses: docker/build-push-action@v2 + with: + push: true + tags: user/app:latest + - + name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} From 1615802cc6ad24403df590b0d119349cf79c2ac3 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 00:58:16 -0500 Subject: [PATCH 02/26] Update workflow to also test --- .github/workflows/publish-docker.yml | 85 +++++++++++++++++++++------- 1 file changed, 65 insertions(+), 20 deletions(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 726089a700..95d8661f3f 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -6,6 +6,7 @@ on: - master tags: - v* + pull_request: workflow_dispatch: jobs: @@ -14,23 +15,67 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Build and Publish to Registry - if: "!(startsWith(github.ref, 'refs/tags/'))" - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: pyhf/pyhf - dockerfile: docker/Dockerfile - tags: latest - - name: Build and Publish to Registry with Release Tag - if: startsWith(github.ref, 'refs/tags/') - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: pyhf/pyhf - dockerfile: docker/Dockerfile - tags: latest,latest-stable - tag_with_ref: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Test build + id: docker_build + uses: docker/build-push-action@v2 + with: + repository: pyhf/pyhf + dockerfile: docker/Dockerfile + tags: test + tag_with_sha: true + tag_with_ref: true + push: false + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} + + - name: List built images + run: docker images + + - name: Run CLI API check + run: | + printf "\npyhf\n" + docker run --rm pyhf/pyhf:test + printf "\npyhf --version\n" + docker run --rm pyhf/pyhf:test --version + printf "\npyhf --help\n" + docker run --rm pyhf/pyhf:test --help + + - name: Check for curl and tar + run: >- + docker run --rm + --entrypoint /bin/bash + pyhf/pyhf:test + -c "which curl; which tar" + + + + # - uses: actions/checkout@v2 + # - name: Build and Publish to Registry + # if: "!(startsWith(github.ref, 'refs/tags/'))" + # uses: docker/build-push-action@v1 + # with: + # username: ${{ secrets.DOCKER_USERNAME }} + # password: ${{ secrets.DOCKER_PASSWORD }} + # repository: pyhf/pyhf + # dockerfile: docker/Dockerfile + # tags: latest + # - name: Build and Publish to Registry with Release Tag + # if: startsWith(github.ref, 'refs/tags/') + # uses: docker/build-push-action@v1 + # with: + # username: ${{ secrets.DOCKER_USERNAME }} + # password: ${{ secrets.DOCKER_PASSWORD }} + # repository: pyhf/pyhf + # dockerfile: docker/Dockerfile + # tags: latest,latest-stable + # tag_with_ref: true From d93b5692d2ff42c5171426f21bc612a1f68bd011 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 00:58:50 -0500 Subject: [PATCH 03/26] Remove docker workflow that was added --- .github/workflows/docker.yml | 34 ---------------------------------- 1 file changed, 34 deletions(-) delete mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 79029bd68d..0000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Docker - -on: - push: - branches: "master" - pull_request: - # Run daily at 0:01 UTC - schedule: - - cron: '1 0 * * *' - workflow_dispatch: - -jobs: - docker: - runs-on: ubuntu-latest - steps: - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v2 - with: - push: true - tags: user/app:latest - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} From 167d9905277ad4c2ab1388a9af80269a37fcbf16 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:04:45 -0500 Subject: [PATCH 04/26] Add testing of images --- .github/workflows/publish-docker.yml | 43 +++++++++++++--------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 95d8661f3f..77cc95ec46 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -10,8 +10,8 @@ on: workflow_dispatch: jobs: - build-and-publish: - name: Build and publish Docker images to Docker Hub + docker: + name: Build, test, and publish Docker images to Docker Hub runs-on: ubuntu-latest steps: @@ -57,25 +57,22 @@ jobs: pyhf/pyhf:test -c "which curl; which tar" + - name: Build and Publish to Registry + if: "!(startsWith(github.ref, 'refs/tags/'))" + id: docker_build + uses: docker/build-push-action@v2 + with: + repository: pyhf/pyhf + dockerfile: docker/Dockerfile + tags: latest + push: true - - # - uses: actions/checkout@v2 - # - name: Build and Publish to Registry - # if: "!(startsWith(github.ref, 'refs/tags/'))" - # uses: docker/build-push-action@v1 - # with: - # username: ${{ secrets.DOCKER_USERNAME }} - # password: ${{ secrets.DOCKER_PASSWORD }} - # repository: pyhf/pyhf - # dockerfile: docker/Dockerfile - # tags: latest - # - name: Build and Publish to Registry with Release Tag - # if: startsWith(github.ref, 'refs/tags/') - # uses: docker/build-push-action@v1 - # with: - # username: ${{ secrets.DOCKER_USERNAME }} - # password: ${{ secrets.DOCKER_PASSWORD }} - # repository: pyhf/pyhf - # dockerfile: docker/Dockerfile - # tags: latest,latest-stable - # tag_with_ref: true + # - name: Build and Publish to Registry with Release Tag + # if: startsWith(github.ref, 'refs/tags/') + # id: docker_build + # uses: docker/build-push-action@v2 + # with: + # repository: pyhf/pyhf + # dockerfile: docker/Dockerfile + # tags: latest,latest-stable + # push: true From c7bba0a8d7a17fcb1a43ea577acc08e7e249437f Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:05:08 -0500 Subject: [PATCH 05/26] Remove Docker tests from CI --- .github/workflows/ci.yml | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4e89155191..8096e436ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,35 +55,3 @@ jobs: if: github.event_name == 'schedule' && matrix.python-version == 3.8 run: | python -m pytest -r sx --benchmark-sort=mean tests/benchmarks/test_benchmark.py - - docker: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Build Docker image - uses: docker/build-push-action@v1 - with: - repository: pyhf/pyhf - dockerfile: docker/Dockerfile - tags: test - tag_with_sha: true - tag_with_ref: true - push: false - - name: List built images - run: docker images - - name: Run CLI API check - run: | - printf "\npyhf\n" - docker run --rm pyhf/pyhf:test - printf "\npyhf --version\n" - docker run --rm pyhf/pyhf:test --version - printf "\npyhf --help\n" - docker run --rm pyhf/pyhf:test --help - - name: Check for curl and tar - run: >- - docker run --rm - --entrypoint /bin/bash - pyhf/pyhf:test - -c "which curl; which tar" From 650edef384d36a1dff039574cc68c329ef703380 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:08:44 -0500 Subject: [PATCH 06/26] Add check for PR --- .github/workflows/publish-docker.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 77cc95ec46..68d785f74c 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -7,6 +7,8 @@ on: tags: - v* pull_request: + branches: + - master workflow_dispatch: jobs: @@ -58,7 +60,8 @@ jobs: -c "which curl; which tar" - name: Build and Publish to Registry - if: "!(startsWith(github.ref, 'refs/tags/'))" + # every PR will trigger a push event on master, so check the push event is actually coming from master + if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'scikit-hep/pyhf' && "!(startsWith(github.ref, 'refs/tags/'))" id: docker_build uses: docker/build-push-action@v2 with: From 3edf8fe370c156a4019f4c98aa67d05230c16514 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:11:37 -0500 Subject: [PATCH 07/26] rename --- .github/workflows/publish-docker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 68d785f74c..7592978136 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -1,4 +1,4 @@ -name: Publish Docker Images +name: Docker Images on: push: @@ -59,7 +59,7 @@ jobs: pyhf/pyhf:test -c "which curl; which tar" - - name: Build and Publish to Registry + - name: Build and publish to registry # every PR will trigger a push event on master, so check the push event is actually coming from master if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'scikit-hep/pyhf' && "!(startsWith(github.ref, 'refs/tags/'))" id: docker_build @@ -70,7 +70,7 @@ jobs: tags: latest push: true - # - name: Build and Publish to Registry with Release Tag + # - name: Build and publish to registry with release tag # if: startsWith(github.ref, 'refs/tags/') # id: docker_build # uses: docker/build-push-action@v2 From 760d672913f4897081386e2f638d0dbd6da229d8 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:12:09 -0500 Subject: [PATCH 08/26] Rename workflow to docker --- .github/workflows/{publish-docker.yml => docker.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{publish-docker.yml => docker.yml} (100%) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/docker.yml similarity index 100% rename from .github/workflows/publish-docker.yml rename to .github/workflows/docker.yml From edf31f1491e408f481cdbc1f2049656090f8018c Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:12:54 -0500 Subject: [PATCH 09/26] Add cron --- .github/workflows/docker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7592978136..ccb0642016 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,6 +9,8 @@ on: pull_request: branches: - master + schedule: + - cron: '1 0 * * *' workflow_dispatch: jobs: From 70e5c7773ca72f048596926e1654d2f261e9c356 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:14:17 -0500 Subject: [PATCH 10/26] comment out push restrictions for tests --- .github/workflows/docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ccb0642016..3b4979544c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,10 +2,10 @@ name: Docker Images on: push: - branches: - - master - tags: - - v* + # branches: + # - master + # tags: + # - v* pull_request: branches: - master From 00f6fd46eb49b80a301293673cbefb3ebbbdd034 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:16:07 -0500 Subject: [PATCH 11/26] make ids unique --- .github/workflows/docker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3b4979544c..c6139f2bbc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -29,7 +29,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Test build - id: docker_build + id: docker_build_test uses: docker/build-push-action@v2 with: repository: pyhf/pyhf @@ -64,7 +64,7 @@ jobs: - name: Build and publish to registry # every PR will trigger a push event on master, so check the push event is actually coming from master if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'scikit-hep/pyhf' && "!(startsWith(github.ref, 'refs/tags/'))" - id: docker_build + id: docker_build_latest uses: docker/build-push-action@v2 with: repository: pyhf/pyhf @@ -74,7 +74,7 @@ jobs: # - name: Build and publish to registry with release tag # if: startsWith(github.ref, 'refs/tags/') - # id: docker_build + # id: docker_build_release # uses: docker/build-push-action@v2 # with: # repository: pyhf/pyhf From 595d4fd423073e3dd47f59d3ac3b7ab3e418ec3c Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:20:54 -0500 Subject: [PATCH 12/26] Do releases of images on GitHub releases --- .github/workflows/docker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c6139f2bbc..39bf6cb2fe 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,6 +11,8 @@ on: - master schedule: - cron: '1 0 * * *' + release: + types: [published] workflow_dispatch: jobs: @@ -63,7 +65,7 @@ jobs: - name: Build and publish to registry # every PR will trigger a push event on master, so check the push event is actually coming from master - if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'scikit-hep/pyhf' && "!(startsWith(github.ref, 'refs/tags/'))" + if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'scikit-hep/pyhf' id: docker_build_latest uses: docker/build-push-action@v2 with: @@ -73,7 +75,7 @@ jobs: push: true # - name: Build and publish to registry with release tag - # if: startsWith(github.ref, 'refs/tags/') + # if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' # id: docker_build_release # uses: docker/build-push-action@v2 # with: From 7e15257f0df2774a6ecd50542684afe03547d584 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:25:20 -0500 Subject: [PATCH 13/26] Use new API --- .github/workflows/docker.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 39bf6cb2fe..fe593fb818 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -34,9 +34,8 @@ jobs: id: docker_build_test uses: docker/build-push-action@v2 with: - repository: pyhf/pyhf - dockerfile: docker/Dockerfile - tags: test + file: docker/Dockerfile + tags: pyhf/pyhf:test tag_with_sha: true tag_with_ref: true push: false @@ -69,9 +68,8 @@ jobs: id: docker_build_latest uses: docker/build-push-action@v2 with: - repository: pyhf/pyhf - dockerfile: docker/Dockerfile - tags: latest + file: docker/Dockerfile + tags: pyhf/pyhf:latest push: true # - name: Build and publish to registry with release tag @@ -79,7 +77,6 @@ jobs: # id: docker_build_release # uses: docker/build-push-action@v2 # with: - # repository: pyhf/pyhf - # dockerfile: docker/Dockerfile - # tags: latest,latest-stable + # file: docker/Dockerfile + # tags: pyhf/pyhf:latest,pyhf/pyhf:latest-stable # push: true From b1e9522965f9e074d275436ac2bb9422264fb4dc Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:30:18 -0500 Subject: [PATCH 14/26] Automatic tagging with sha no longer supported by default c.f. https://github.com/docker/build-push-action/blob/master/docs/advanced/tags-labels.md --- .github/workflows/docker.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fe593fb818..118a1cefff 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,8 +36,6 @@ jobs: with: file: docker/Dockerfile tags: pyhf/pyhf:test - tag_with_sha: true - tag_with_ref: true push: false - name: Image digest From d229445d8a4c4aafdd4b922fd06c2afccf3d14f5 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:37:09 -0500 Subject: [PATCH 15/26] Use DockerHub access token --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 118a1cefff..bbe31e7f6a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -28,7 +28,7 @@ jobs: uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Test build id: docker_build_test From 04d2f224c43a23ef2cfa37d05aa50bdad05fa2e9 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:39:22 -0500 Subject: [PATCH 16/26] Add QEMU to see if it matters --- .github/workflows/docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bbe31e7f6a..b7389cd3e7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,6 +21,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 From 267a13790bee9eed92b96455c134709ebb37630a Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:45:10 -0500 Subject: [PATCH 17/26] Use path context for git scm to work https://github.com/docker/build-push-action#path-context --- .github/workflows/docker.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b7389cd3e7..421a62b0e6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,6 +21,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -37,6 +40,7 @@ jobs: id: docker_build_test uses: docker/build-push-action@v2 with: + context: . file: docker/Dockerfile tags: pyhf/pyhf:test push: false @@ -69,6 +73,7 @@ jobs: id: docker_build_latest uses: docker/build-push-action@v2 with: + context: . file: docker/Dockerfile tags: pyhf/pyhf:latest push: true @@ -78,6 +83,7 @@ jobs: # id: docker_build_release # uses: docker/build-push-action@v2 # with: + # context: . # file: docker/Dockerfile # tags: pyhf/pyhf:latest,pyhf/pyhf:latest-stable # push: true From ea4b3be8d1f9cbd901d0434fcf17a89013d8948e Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 01:51:05 -0500 Subject: [PATCH 18/26] load to local context c.f. https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-load-the-single-platform-build-result-to-docker-images---load --- .github/workflows/docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 421a62b0e6..da6160209c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -43,6 +43,7 @@ jobs: context: . file: docker/Dockerfile tags: pyhf/pyhf:test + load: true push: false - name: Image digest @@ -76,6 +77,7 @@ jobs: context: . file: docker/Dockerfile tags: pyhf/pyhf:latest + load: true push: true # - name: Build and publish to registry with release tag @@ -86,4 +88,5 @@ jobs: # context: . # file: docker/Dockerfile # tags: pyhf/pyhf:latest,pyhf/pyhf:latest-stable + # load: true # push: true From 929369a85cfe7d3e14ea365d8afa3dfd88b804e3 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:08:07 -0500 Subject: [PATCH 19/26] Set tags based off of situation --- .github/workflows/docker.yml | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index da6160209c..ada04db9a2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -24,6 +24,27 @@ jobs: - name: Checkout uses: actions/checkout@v2 + - name: Prepare + id: prep + run: | + DOCKER_IMAGE=pyhf/pyhf + VERSION=latest + if [[ $GITHUB_REF == refs/tags/* ]]; then + VERSION=${GITHUB_REF#refs/tags/} + elif [[ $GITHUB_REF == refs/heads/* ]]; then + VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') + elif [[ $GITHUB_REF == refs/pull/* ]]; then + VERSION=pr-${{ github.event.number }} + fi + TAGS="${DOCKER_IMAGE}:${VERSION}" + TAGS="$TAGS,${DOCKER_IMAGE}:test" + if [ "${{ github.event_name }}" = "push" ]; then + TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" + fi + echo ::set-output name=version::${VERSION} + echo ::set-output name=tags::${TAGS} + echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -42,7 +63,11 @@ jobs: with: context: . file: docker/Dockerfile - tags: pyhf/pyhf:test + tags: ${{ steps.prep.outputs.tags }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} load: true push: false From 42ba15f6d47b55279521b96d77b0a54389eb8122 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:08:38 -0500 Subject: [PATCH 20/26] add labels --- .github/workflows/docker.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ada04db9a2..9bde45a617 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -101,7 +101,11 @@ jobs: with: context: . file: docker/Dockerfile - tags: pyhf/pyhf:latest + tags: ${{ steps.prep.outputs.tags }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} load: true push: true @@ -113,5 +117,9 @@ jobs: # context: . # file: docker/Dockerfile # tags: pyhf/pyhf:latest,pyhf/pyhf:latest-stable + # labels: | + # org.opencontainers.image.source=${{ github.event.repository.html_url }} + # org.opencontainers.image.created=${{ steps.prep.outputs.created }} + # org.opencontainers.image.revision=${{ github.sha }} # load: true # push: true From eb38afcaf02c51fb49b08ef4eb1edeed7edaad5a Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:22:29 -0500 Subject: [PATCH 21/26] Update tags available Explains v2 workflow c.f. https://github.com/docker/build-push-action/blob/master/UPGRADE.md --- .github/workflows/docker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9bde45a617..3d33f43cd1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -37,9 +37,9 @@ jobs: VERSION=pr-${{ github.event.number }} fi TAGS="${DOCKER_IMAGE}:${VERSION}" - TAGS="$TAGS,${DOCKER_IMAGE}:test" - if [ "${{ github.event_name }}" = "push" ]; then - TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" + TAGS="$TAGS,${DOCKER_IMAGE}:latest,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" + if [ "${{ github.event_name }}" = "release" ]; then + TAGS="$TAGS,${DOCKER_IMAGE}:latest-stable" fi echo ::set-output name=version::${VERSION} echo ::set-output name=tags::${TAGS} From 00b64583633c53a1bdc59679fba86887ec128ec1 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:23:37 -0500 Subject: [PATCH 22/26] try using sha for test tag --- .github/workflows/docker.yml | 38 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3d33f43cd1..b290108248 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -80,17 +80,17 @@ jobs: - name: Run CLI API check run: | printf "\npyhf\n" - docker run --rm pyhf/pyhf:test + docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} printf "\npyhf --version\n" - docker run --rm pyhf/pyhf:test --version + docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --version printf "\npyhf --help\n" - docker run --rm pyhf/pyhf:test --help + docker run --rm pyhf/pyhf:sha-${GITHUB_SHA::8} --help - name: Check for curl and tar run: >- docker run --rm --entrypoint /bin/bash - pyhf/pyhf:test + pyhf/pyhf:sha-${GITHUB_SHA::8} -c "which curl; which tar" - name: Build and publish to registry @@ -101,7 +101,7 @@ jobs: with: context: . file: docker/Dockerfile - tags: ${{ steps.prep.outputs.tags }} + tags: pyhf/pyhf:latest labels: | org.opencontainers.image.source=${{ github.event.repository.html_url }} org.opencontainers.image.created=${{ steps.prep.outputs.created }} @@ -109,17 +109,17 @@ jobs: load: true push: true - # - name: Build and publish to registry with release tag - # if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' - # id: docker_build_release - # uses: docker/build-push-action@v2 - # with: - # context: . - # file: docker/Dockerfile - # tags: pyhf/pyhf:latest,pyhf/pyhf:latest-stable - # labels: | - # org.opencontainers.image.source=${{ github.event.repository.html_url }} - # org.opencontainers.image.created=${{ steps.prep.outputs.created }} - # org.opencontainers.image.revision=${{ github.sha }} - # load: true - # push: true + - name: Build and publish to registry with release tag + if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' + id: docker_build_release + uses: docker/build-push-action@v2 + with: + context: . + file: docker/Dockerfile + tags: ${{ steps.prep.outputs.tags }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} + load: true + push: true From 851f1fa24452f04eeb652f2a81d341ab373a2564 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:29:38 -0500 Subject: [PATCH 23/26] Remove refs/heads as tags --- .github/workflows/docker.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b290108248..7102632646 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -31,8 +31,6 @@ jobs: VERSION=latest if [[ $GITHUB_REF == refs/tags/* ]]; then VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') elif [[ $GITHUB_REF == refs/pull/* ]]; then VERSION=pr-${{ github.event.number }} fi From 55e85ebe7c64b094935a2f4cbdbf7d96a8cd73bd Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:30:01 -0500 Subject: [PATCH 24/26] Uncomment on master and tags only --- .github/workflows/docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7102632646..cc804278df 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,10 +2,10 @@ name: Docker Images on: push: - # branches: - # - master - # tags: - # - v* + branches: + - master + tags: + - v* pull_request: branches: - master From 1972c73d88085a12e6833502745ef27c399b7488 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:48:16 -0500 Subject: [PATCH 25/26] Update docker image to python:3.8-slim --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9d6c733106..4d6b5b92dd 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=python:3.7-slim +ARG BASE_IMAGE=python:3.8-slim # hadolint ignore=DL3006 FROM ${BASE_IMAGE} as base From c887a71d618b4f995dde23e23b2b808d0f306477 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 10 May 2021 02:58:45 -0500 Subject: [PATCH 26/26] fix step id --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index cc804278df..b7db46c373 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -70,7 +70,7 @@ jobs: push: false - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} + run: echo ${{ steps.docker_build_test.outputs.digest }} - name: List built images run: docker images