Skip to content

Update dependency numpy to v1 [SECURITY] #214

Update dependency numpy to v1 [SECURITY]

Update dependency numpy to v1 [SECURITY] #214

name: Build and push Docker image
on:
push:
paths:
- '.github/workflows/buildDockerImage.yml'
- 'Dockerfile'
- 'Dockerfile-base'
- 'Dockerfile-assets/**'
jobs:
buildAndPushImage:
name: Build and push Docker image
if: "!contains(github.event.head_commit.message, '[skip ci]') && github.actor != 'allcontributors'"
runs-on: ubuntu-20.04
steps:
# Free disk space
# Inspiration
# - https://github.com/easimon/maximize-build-space/blob/master/action.yml
# - https://githubmemory.com/repo/ros-industrial/industrial_ci/issues/648
# - https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
- name: Maximize build space
run: |
sudo apt-get -qq purge build-essential ghc*
sudo apt-get clean
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
docker system prune -f
# checkout repository
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 1
# Build Docker image
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: "${{ secrets.DOCKER_REGISTRY_USERNAME }}"
password: "${{ secrets.DOCKER_REGISTRY_TOKEN }}"
- id: get-timestamp
name: Get timestamp
run: |
TIMESTAMP=$(date --rfc-3339=seconds | sed 's/ /T/')
echo "timestamp=$TIMESTAMP" >> $GITHUB_OUTPUT
- name: Copy Dockerfile to Dockerfile-assets
run: |
cp Dockerfile Dockerfile-assets/
cp Dockerfile-base Dockerfile-assets/
- name: Build base image
uses: docker/build-push-action@v2
with:
context: Dockerfile-assets
file: Dockerfile-base
pull: true
load: true
push: false
tags: |
ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}}
labels: |
org.opencontainers.image.revision=${{github.sha}}
org.opencontainers.image.created=${{steps.get-timestamp.outputs.timestamp}}"
cache-from: type=registry,ref=ghcr.io/biosimulators/biosimulators-base:buildcache
cache-to: type=registry,ref=ghcr.io/biosimulators/biosimulators-base:buildcache,mode=max
- name: Push base Docker image
run: docker image push ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}}
- name: Label base Docker image
run: docker image tag ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators-base:latest
- name: Maximize build space
run: |
docker system prune -f
- name: Build image
uses: docker/build-push-action@v2
with:
context: Dockerfile-assets
file: Dockerfile
pull: false
load: true
push: false
tags: |
ghcr.io/biosimulators/biosimulators:sha-${{github.sha}}
labels: |
org.opencontainers.image.revision=${{github.sha}}
org.opencontainers.image.created=${{steps.get-timestamp.outputs.timestamp}}"
cache-from: type=registry,ref=ghcr.io/biosimulators/biosimulators:buildcache
cache-to: type=registry,ref=ghcr.io/biosimulators/biosimulators:buildcache,mode=max
- name: Push Docker image
run: docker image push ghcr.io/biosimulators/biosimulators:sha-${{github.sha}}
- name: Label Docker image
run: docker image tag ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators:latest
- name: Maximize build space
run: |
docker system prune -f
# Test Docker image
- name: Test Docker image
run: |
cwd=$(pwd)
docker run \
--rm \
--entrypoint bash \
--mount type=bind,source=${cwd},target=/app/Biosimulators \
ghcr.io/biosimulators/biosimulators:latest \
-c "
pipenv install --dev --system --deploy
/bin/bash /xvfb-startup.sh python -m pytest --forked --verbose Biosimulators/tests/
"
# Get version number
- id: get-version-number
name: Get version number
if: startsWith(github.ref, 'refs/tags/')
env:
TAG: ${{ github.ref }}
run: |
version="${TAG/refs\/tags\//}"
echo "version=$version" >> $GITHUB_OUTPUT
# Create GitHub release
- name: Create GitHub release
if: startsWith(github.ref, 'refs/tags/')
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.get-version-number.outputs.version }}
release_name: Release ${{ steps.get-version-number.outputs.version }}
# Push Docker image
- name: Push Docker image
if: startsWith(github.ref, 'refs/tags/')
env:
VERSION: ${{ steps.get-version-number.outputs.version }}
run: |
docker image tag ghcr.io/biosimulators/biosimulators-base:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators-base:${VERSION}
docker image tag ghcr.io/biosimulators/biosimulators:sha-${{github.sha}} ghcr.io/biosimulators/biosimulators:${VERSION}
docker push ghcr.io/biosimulators/biosimulators-base:${VERSION}
docker push ghcr.io/biosimulators/biosimulators-base:latest
docker push ghcr.io/biosimulators/biosimulators:${VERSION}
docker push ghcr.io/biosimulators/biosimulators:latest