Skip to content

Commit 20a8761

Browse files
slabasanslabasan
committed
add permissions section to github workflow for container build
1 parent c02d02f commit 20a8761

File tree

1 file changed

+54
-51
lines changed

1 file changed

+54
-51
lines changed

.github/workflows/push_images.yml

Lines changed: 54 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -9,15 +9,18 @@ on:
99
required: true
1010
tutorial_dir:
1111
type: string
12-
description: The directory (relative to repo root) for the tutorial you want to build
12+
description: The directory (relative to repo root) for the tutorial you want to build
1313
required: true
14-
14+
15+
permissions:
16+
packages: write
17+
1518
jobs:
1619
setup_shared_matrix:
1720
runs-on: ubuntu-latest
1821
outputs:
1922
matrix_data: ${{ steps.set-matrix.outputs.matrix_data }}
20-
23+
2124
steps:
2225
- id: set-matrix
2326
run: |
@@ -39,7 +42,7 @@ jobs:
3942
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
4043
containers_to_build:
4144
- ["docker/Dockerfile.caliper", "ghcr.io/llnl/caliper"]
42-
45+
4346
steps:
4447
- uses: actions/checkout@v4
4548
with:
@@ -48,17 +51,17 @@ jobs:
4851
- name: Remove unneeded stuff to make space for container
4952
uses: jlumbroso/free-disk-space@v1.3.1
5053
with:
51-
tool-cache: true
54+
tool-cache: true
5255
android: true
5356
dotnet: true
5457
haskell: true
5558
large-packages: true
56-
docker-images: false
59+
docker-images: false
5760
swap-storage: true
58-
61+
5962
- name: Set up Docker
6063
uses: docker/setup-docker-action@v4
61-
64+
6265
- name: Set up QEMU
6366
uses: docker/setup-qemu-action@v3
6467

@@ -71,13 +74,13 @@ jobs:
7174
registry: ghcr.io
7275
username: ${{ github.actor }}
7376
password: ${{ secrets.GITHUB_TOKEN }}
74-
77+
7578
- name: Pull layers if they exist
7679
env:
7780
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
7881
run: docker pull ${container} || echo "${container} has not yet been pushed"
79-
80-
- name: Build container
82+
83+
- name: Build container
8184
env:
8285
context: ${{ matrix.tutorial_dir }}
8386
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -109,7 +112,7 @@ jobs:
109112
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
110113
containers_to_build:
111114
- ["docker/Dockerfile.thicket", "ghcr.io/llnl/thicket"]
112-
115+
113116
steps:
114117
- uses: actions/checkout@v4
115118
with:
@@ -118,17 +121,17 @@ jobs:
118121
- name: Remove unneeded stuff to make space for container
119122
uses: jlumbroso/free-disk-space@v1.3.1
120123
with:
121-
tool-cache: true
124+
tool-cache: true
122125
android: true
123126
dotnet: true
124127
haskell: true
125128
large-packages: true
126-
docker-images: false
129+
docker-images: false
127130
swap-storage: true
128-
131+
129132
- name: Set up Docker
130133
uses: docker/setup-docker-action@v4
131-
134+
132135
- name: Set up QEMU
133136
uses: docker/setup-qemu-action@v3
134137

@@ -147,7 +150,7 @@ jobs:
147150
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
148151
run: docker pull ${container} || echo "${container} has not yet been pushed"
149152

150-
- name: Build container
153+
- name: Build container
151154
env:
152155
context: ${{ matrix.tutorial_dir }}
153156
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -161,7 +164,7 @@ jobs:
161164
env:
162165
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
163166
run: docker push ${container}
164-
167+
165168
build_benchpark_container:
166169
needs:
167170
- setup_shared_matrix
@@ -179,7 +182,7 @@ jobs:
179182
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
180183
containers_to_build:
181184
- ["docker/Dockerfile.benchpark", "ghcr.io/llnl/benchpark"]
182-
185+
183186
steps:
184187
- uses: actions/checkout@v4
185188
with:
@@ -188,17 +191,17 @@ jobs:
188191
- name: Remove unneeded stuff to make space for container
189192
uses: jlumbroso/free-disk-space@v1.3.1
190193
with:
191-
tool-cache: true
194+
tool-cache: true
192195
android: true
193196
dotnet: true
194197
haskell: true
195198
large-packages: true
196-
docker-images: false
199+
docker-images: false
197200
swap-storage: true
198-
201+
199202
- name: Set up Docker
200203
uses: docker/setup-docker-action@v4
201-
204+
202205
- name: Set up QEMU
203206
uses: docker/setup-qemu-action@v3
204207

@@ -216,8 +219,8 @@ jobs:
216219
env:
217220
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
218221
run: docker pull ${container} || echo "${container} has not yet been pushed"
219-
220-
- name: Build container
222+
223+
- name: Build container
221224
env:
222225
context: ${{ matrix.tutorial_dir }}
223226
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -249,7 +252,7 @@ jobs:
249252
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
250253
containers_to_build:
251254
- ["docker/Dockerfile.spawn", "ghcr.io/llnl/reproducible-benchmarking-spawn"]
252-
255+
253256
steps:
254257
- uses: actions/checkout@v4
255258
with:
@@ -258,17 +261,17 @@ jobs:
258261
- name: Remove unneeded stuff to make space for container
259262
uses: jlumbroso/free-disk-space@v1.3.1
260263
with:
261-
tool-cache: true
264+
tool-cache: true
262265
android: true
263266
dotnet: true
264267
haskell: true
265268
large-packages: true
266-
docker-images: false
269+
docker-images: false
267270
swap-storage: true
268-
271+
269272
- name: Set up Docker
270273
uses: docker/setup-docker-action@v4
271-
274+
272275
- name: Set up QEMU
273276
uses: docker/setup-qemu-action@v3
274277

@@ -286,8 +289,8 @@ jobs:
286289
env:
287290
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
288291
run: docker pull ${container} || echo "${container} has not yet been pushed"
289-
290-
- name: Build container
292+
293+
- name: Build container
291294
env:
292295
context: ${{ matrix.tutorial_dir }}
293296
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -301,7 +304,7 @@ jobs:
301304
env:
302305
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
303306
run: docker push ${container}
304-
307+
305308
build_init_container:
306309
needs:
307310
- setup_shared_matrix
@@ -310,15 +313,15 @@ jobs:
310313
strategy:
311314
fail-fast: true
312315
matrix:
313-
tag:
316+
tag:
314317
- ${{ github.event.inputs.tag }}
315318
tutorial_dir:
316319
- ${{ github.event.inputs.tutorial_dir }}
317320
docker_os: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_os }}
318321
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
319322
containers_to_build:
320323
- ["docker/Dockerfile.init", "ghcr.io/llnl/reproducible-benchmarking-init"]
321-
324+
322325
steps:
323326
- uses: actions/checkout@v4
324327
with:
@@ -327,17 +330,17 @@ jobs:
327330
- name: Remove unneeded stuff to make space for container
328331
uses: jlumbroso/free-disk-space@v1.3.1
329332
with:
330-
tool-cache: true
333+
tool-cache: true
331334
android: true
332335
dotnet: true
333336
haskell: true
334337
large-packages: true
335-
docker-images: false
338+
docker-images: false
336339
swap-storage: true
337-
340+
338341
- name: Set up Docker
339342
uses: docker/setup-docker-action@v4
340-
343+
341344
- name: Set up QEMU
342345
uses: docker/setup-qemu-action@v3
343346

@@ -355,8 +358,8 @@ jobs:
355358
env:
356359
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
357360
run: docker pull ${container} || echo "${container} has not yet been pushed"
358-
359-
- name: Build container
361+
362+
- name: Build container
360363
env:
361364
context: ${{ matrix.tutorial_dir }}
362365
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -370,7 +373,7 @@ jobs:
370373
env:
371374
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
372375
run: docker push ${container}
373-
376+
374377
build_hub_container:
375378
needs:
376379
- setup_shared_matrix
@@ -379,15 +382,15 @@ jobs:
379382
strategy:
380383
fail-fast: true
381384
matrix:
382-
tag:
385+
tag:
383386
- ${{ github.event.inputs.tag }}
384387
tutorial_dir:
385388
- ${{ github.event.inputs.tutorial_dir }}
386389
docker_os: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_os }}
387390
docker_arch: ${{ fromJson(needs.setup_shared_matrix.outputs.matrix_data).docker_arch }}
388391
containers_to_build:
389392
- ["docker/Dockerfile.hub", "ghcr.io/llnl/reproducible-benchmarking-hub"]
390-
393+
391394
steps:
392395
- uses: actions/checkout@v4
393396
with:
@@ -396,17 +399,17 @@ jobs:
396399
- name: Remove unneeded stuff to make space for container
397400
uses: jlumbroso/free-disk-space@v1.3.1
398401
with:
399-
tool-cache: true
402+
tool-cache: true
400403
android: true
401404
dotnet: true
402405
haskell: true
403406
large-packages: true
404-
docker-images: false
407+
docker-images: false
405408
swap-storage: true
406-
409+
407410
- name: Set up Docker
408411
uses: docker/setup-docker-action@v4
409-
412+
410413
- name: Set up QEMU
411414
uses: docker/setup-qemu-action@v3
412415

@@ -424,8 +427,8 @@ jobs:
424427
env:
425428
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
426429
run: docker pull ${container} || echo "${container} has not yet been pushed"
427-
428-
- name: Build container
430+
431+
- name: Build container
429432
env:
430433
context: ${{ matrix.tutorial_dir }}
431434
dockerfile: ${{ matrix.containers_to_build[0] }}
@@ -438,4 +441,4 @@ jobs:
438441
- name: Deploy container
439442
env:
440443
container: "${{ matrix.containers_to_build[1] }}:${{ matrix.tag }}"
441-
run: docker push ${container}
444+
run: docker push ${container}

0 commit comments

Comments
 (0)