modularize docker workflow (#334)

* rewrite workflow * final unify --------- Co-authored-by: Josh XT <[email protected]>
Josh-XT · May 15, 2023 · 2120baa · 2120baa
1 parent 430781c
commit 2120baa
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 85 deletions.
diff --git a/.github/workflows/publish-frontend.yml → ...kflows/operation-docker-build-publish.yml b/.github/workflows/publish-frontend.yml → ...kflows/operation-docker-build-publish.yml
@@ -1,43 +1,31 @@
-# This workflow will build and publish the docker image to 
-# - Github packages
-# - Docker hub
-# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
+name: Build and publish docker containers
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# Versions of plugins are pinned to their major version as long as they use a semVer in a good manner.
-
-name: Publish Streamlit Docker image
 
 on:
-  release:
-    types: [published]
-  pull_request:
-    branches: ["main"]
+  workflow_call:
+    inputs:
+      image-name:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_PASSWORD:
+        required: true
 
-env:
-  IMAGE_NAME: ${{ github.repository }}-streamlit
-
 jobs:
-  push_to_registries:
-    name: Push Streamlit Docker image to multiple registries
-
+  build_publish_docker:
     runs-on: ubuntu-latest
-    
+
     permissions:
       packages: write
       contents: read
-
+      
     steps:
 
-# Unused for now
-#      - name: Install cosign
-#        if: github.event_name != 'pull_request'
-#        uses: sigstore/cosign-installer@v3
-
       - name: Log in to Docker Hub
         uses: docker/login-action@v2
         with:
@@ -56,8 +44,15 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: |
-            ghcr.io/${{ env.IMAGE_NAME }}
-            ${{ env.IMAGE_NAME }}
+            ghcr.io/${{ inputs.image-name }}
+            ${{ inputs.image-name }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=sha
       
       # Needed for cache layers on github registry
       - name: Set up Docker Buildx
@@ -67,7 +62,7 @@ jobs:
         id: build-and-push
         uses: docker/build-push-action@v4
         with:
-          file: Dockerfile-streamlit
+          file: 
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/.github/workflows/operation-docker-sign.yml b/.github/workflows/operation-docker-sign.yml
@@ -0,0 +1,22 @@
+name: Sign off docker containers
+
+on:
+  workflow_call:
+    inputs:
+      image-name:
+        required: true
+        type: string
+
+jobs:
+  sign_docker:
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3
diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml
@@ -10,65 +10,30 @@
 
 # Versions of plugins are pinned to their major version as long as they use a semVer in a good manner.
 
-name: Publish Docker image
+name: Publish Docker images
 
+permissions:
+  packages: write
+  contents: read
+
 on:
   release:
     types: [published]
   pull_request:
     branches: ["main"]
 
-env:
-  IMAGE_NAME: ${{ github.repository }}
-
 jobs:
-  push_to_registries:
-    name: Push Docker image to multiple registries
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
 
-# Unused for now
-#      - name: Install cosign
-#        if: github.event_name != 'pull_request'
-#        uses: sigstore/cosign-installer@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }} 
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/${{ env.IMAGE_NAME }}
-            ${{ env.IMAGE_NAME }}
-      
-      # Needed for cache layers on github registry
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Build and push Docker images
-        id: build-and-push
-        uses: docker/build-push-action@v4
-        with:
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+  call-docker-build:
+    uses: ./.github/workflows/operation-docker-build-publish.yml
+    with:
+      image-name: ${{ github.repository }}
+      dockerfile: Dockerfile
+    secrets: inherit
+
+  call-docker-build-streamlit:
+    uses: ./.github/workflows/operation-docker-build-publish.yml
+    with:
+      image-name: ${{ github.repository }}-streamlit
+      dockerfile: Dockerfile-streamlit
+    secrets: inherit