[Build] Weekly Build Images #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: "[Build] Weekly Build Images" | |
| run-name: "[Build] Weekly Build Images" | |
| on: | |
| schedule: | |
| - cron: "59 6 * * 3" # Each Wednesday at 06:59 UTC (Tuesday 11:59pm PST) | |
| workflow_dispatch: {} | |
| permissions: {} | |
| jobs: | |
| build: | |
| name: "Build, Tag, Scan and Push Images" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_tag: ${{ steps.determine-tag.outputs.image_tag }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| images: | |
| [ | |
| scenescape-autocalibration, | |
| scenescape-controller, | |
| scenescape-manager, | |
| ] | |
| steps: | |
| - name: "Set up Docker Buildx" | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: "Checkout code" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: ${{ github.ref }} | |
| persist-credentials: false | |
| - name: "Build image scene_common" | |
| run: | | |
| echo "Building scene_common" | |
| make -C scene_common | |
| - name: "Build image ${{ matrix.images }}" | |
| run: | | |
| if [[ "${{ matrix.images }}" == "scenescape-autocalibration" ]]; then | |
| echo "Building ${{ matrix.images }}" | |
| make -C autocalibration | |
| elif [[ "${{ matrix.images }}" == "scenescape-controller" ]]; then | |
| echo "Building ${{ matrix.images }}" | |
| make -C controller | |
| elif [[ "${{ matrix.images }}" == "scenescape-manager" ]]; then | |
| echo "Building ${{ matrix.images }}" | |
| make -C manager | |
| fi | |
| - name: "Determine Image Tag" | |
| id: determine-tag | |
| run: | | |
| version="" | |
| if [ -f version.txt ]; then | |
| version=v$(tr -d ' \n' < version.txt) | |
| else | |
| echo "version.txt not found." | |
| exit 1 | |
| fi | |
| # If version.txt contains "rc", use its content as image tag | |
| if grep -q "rc" version.txt; then | |
| tag="$version" | |
| echo "image_tag=$tag" >> $GITHUB_OUTPUT | |
| else | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| # If version.txt contains "dev", add sha to image tag | |
| if grep -q "dev" version.txt; then | |
| commit_hash=$(git rev-parse --short HEAD) | |
| tag="${version:+$version-}$commit_hash" | |
| echo "image_tag=$tag" >> $GITHUB_OUTPUT | |
| else | |
| echo "No 'dev' found in version.txt. Using version from version.txt as image tag." | |
| tag="$version" | |
| echo "image_tag=$tag" >> $GITHUB_OUTPUT | |
| fi | |
| else | |
| date_tag=$(date -u +'%Y%m%d') | |
| tag="${version:+$version-}$date_tag" | |
| echo "image_tag=$tag" >> $GITHUB_OUTPUT | |
| fi | |
| fi | |
| - name: "Tag images" | |
| run: | | |
| docker tag ${{ matrix.images }}:latest ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }} | |
| echo "Tagged ${{ matrix.images }}:latest as ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }}" | |
| - name: "Log in to GHCR" | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Push images" | |
| run: | | |
| docker push ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }} | |
| - name: Install skopeo | |
| run: sudo apt update && sudo apt install -y skopeo jq | |
| - name: "Get image digest" | |
| id: digest | |
| env: | |
| IMAGE: ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }} | |
| run: | | |
| DIGEST=$(skopeo inspect docker://$IMAGE | jq -r '.Digest') | |
| echo "digest=${DIGEST}" >> $GITHUB_OUTPUT | |
| - name: "Install Cosign" | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - name: "Sign Docker images using Cosign (keyless)" | |
| run: | | |
| cosign sign --yes ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}@${{ steps.digest.outputs.digest }} | |
| echo "Signed ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}@${{ steps.digest.outputs.digest }}" | |
| - name: "Save ${{ matrix.images }} image info" | |
| id: save-image-info | |
| run: | | |
| echo "image_name=ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }}" >> "$GITHUB_OUTPUT" | |
| echo "image_name=ghcr.io/open-edge-platform/edge-ai-libraries/intel/${{ matrix.images }}:${{ steps.determine-tag.outputs.image_tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "image_digest=${{ steps.digest.outputs.digest }}" >> "$GITHUB_OUTPUT" | |
| echo "image_digest=${{ steps.digest.outputs.digest }}" >> $GITHUB_STEP_SUMMARY | |
| - name: Clean up | |
| if: always() | |
| run: | | |
| docker system prune -a --volumes -f || true |