diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..b1516eb3 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,117 @@ +name: Container Images +on: + push: + branches: + - main + pull_request: + release: + type: [published] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} + type=ref,event=tag + type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/') }} + type=ref,event=pr + + - name: Show tags + run: | + echo "Tags generated by metadata-action:\n" + for tag in ${{ steps.metadata.output.tags }}; do + echo $tag + done + + - name: Extract version from tag + if: startsWith(github.ref, 'refs/tags/') + run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV + + - name: Log into GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + BASE_APE_IMAGE_TAG=latest-slim + + - name: Fetch all tags and store them + run: | + # List all tags + tags=$(git tag -l) + echo "All tags:" + echo "$tags" + + # Save tags in an environment variable for later use + echo "ALL_TAGS=$(echo $tags | tr '\n' ' ')" >> $GITHUB_ENV + + - name: Retain last two minor versions + run: | + # Fetch all tags in the format X.Y.Z + echo "Using stored tags..." + all_tags="${{ env.ALL_TAGS }}" + echo "All tags:" + echo "$all_tags" + + # Extract the minor versions (X.Y) from tags in the format vX.X.X + latest_minor=$(echo "$all_tags" | tr ' ' '\n' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sed -E 's/^v([0-9]+\.[0-9]+)\.[0-9]+$/\1/' | uniq | tail -n 1) + echo "Last minor version:" + echo "$latest_minor" + + keep_tags="" + for minor in $latest_minor; do + echo "Processing minor version: $minor" + patches=$(echo "$all_tags" | tr ' ' '\n' | grep "^v$minor\.") + echo "Latest patch for $minor: $patches" + keep_tags="$keep_tags $patches" + done + + # Store the tags in the environment variable + keep_tags=$(echo $keep_tags | tr ' ' '\n' | paste -sd ',' -) + echo "Tags to keep: $keep_tags" + echo "keep_tags=$keep_tags" >> $GITHUB_ENV + echo "keep_tags=$keep_tags" + + - name: Run container retention policy + if: github.ref == 'refs/heads/main' + uses: snok/container-retention-policy@v3.0.0 + with: + account: ApeWorX + token: ${{ secrets.GITHUB_TOKEN }} + image-tags: "!stable* !latest* !${{ env.keep_tags }}" + tag-selection: both + cut-off: 4w + dry-run: true + diff --git a/Dockerfile b/Dockerfile index c4acd160..8593a635 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ #--------------------------------------------------------------------------------------------- # Build with builder image to reduce image size +ARG BASE_APE_IMAGE_TAG FROM python:3.11 as builder USER root WORKDIR /wheels @@ -13,7 +14,7 @@ RUN pip install --upgrade pip && pip install wheel RUN pip wheel . --wheel-dir=/wheels # Install from wheels -FROM apeworx/ape:stable +FROM ghcr.io/apeworx/ape:${BASE_APE_IMAGE_TAG:-latest-slim} USER root COPY --from=builder /wheels /wheels RUN pip install --upgrade pip \