Docker buildx bake experiment for builds #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| schedule: | |
| - cron: '0 14 * * 1' # If updating this value, be sure to update logic for all `push-image` arguments! | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| pull_request: | |
| name: Workbench for Azure ML - Build, Test, Scan, and Push | |
| jobs: | |
| build-workbench-for-azure-ml: | |
| env: | |
| product: workbench-for-microsoft-azure-ml | |
| os: ubuntu2204 | |
| r-primary: 4.2.3 | |
| r-alternate: 4.1.3 | |
| py-primary: 3.9.14 | |
| py-alternate: 3.8.15 | |
| runs-on: ubuntu-latest-4x | |
| name: build-workbench-for-azure-ml | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Check Out Repo - cron main | |
| if: github.event.schedule == '0 14 * * 1' | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: main | |
| - name: Check Out Repo | |
| if: github.event.schedule != '0 14 * * 1' | |
| uses: actions/checkout@v3 | |
| - name: Set up Just | |
| uses: extractions/setup-just@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Version | |
| id: get-version | |
| run: | | |
| VERSION=$(just -f ci.Justfile get-version ${{ env.product }} --type=release --local) | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Get build args | |
| id: get-build-args | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| BUILD_ARGS=$( \ | |
| just -f ci.Justfile \ | |
| R_VERSION=${{ env.r-primary }} \ | |
| R_VERSION_ALT=${{ env.r-alternate }} \ | |
| PYTHON_VERSION=${{ env.py-primary }} \ | |
| PYTHON_VERSION_ALT=${{ env.py-alternate }} \ | |
| get-product-args \ | |
| ${{ env.product }} \ | |
| ${{ env.os }} \ | |
| ${{ steps.get-version.outputs.VERSION }} \ | |
| ) | |
| echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
| echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
| echo "$EOF" >> $GITHUB_OUTPUT | |
| - name: Get tags | |
| id: get-tags | |
| run: | | |
| IMAGE_TAGS=$( \ | |
| just -f ci.Justfile \ | |
| R_VERSION=${{ env.r-primary }} \ | |
| R_VERSION_ALT=${{ env.r-alternate }} \ | |
| PYTHON_VERSION=${{ env.py-primary }} \ | |
| PYTHON_VERSION_ALT=${{ env.py-alternate }} \ | |
| get-product-tags \ | |
| ${{ env.product }} \ | |
| ${{ env.os }} \ | |
| ${{ steps.get-version.outputs.VERSION }} \ | |
| ) | |
| echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
| - name: Build/Test/Scan/Push product image | |
| id: build1 | |
| uses: ./.github/actions/build-test-scan-push | |
| continue-on-error: true | |
| with: | |
| context: ./${{ env.product }} | |
| os: ${{ env.os }} | |
| product: ${{ env.product }} | |
| image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
| build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
| push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 14 * * 1' }} | |
| snyk-token: ${{ secrets.SNYK_TOKEN }} | |
| snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
| ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
| # Begin retry logic | |
| - name: Wait 60s on failure before retrying | |
| if: steps.build1.outcome == 'failure' | |
| run: sleep 60 | |
| - name: Retry - Build/Test/Scan/Push product image | |
| id: build2 | |
| if: steps.build1.outcome == 'failure' | |
| uses: ./.github/actions/build-test-scan-push | |
| with: | |
| context: ./${{ env.product }} | |
| os: ${{ env.os }} | |
| product: ${{ env.product }} | |
| image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
| build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
| push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 14 * * 1' }} | |
| snyk-token: ${{ secrets.SNYK_TOKEN }} | |
| snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
| ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
| # End retry logic |