-
Notifications
You must be signed in to change notification settings - Fork 9
122 lines (105 loc) · 3.69 KB
/
build-dev.yaml
File metadata and controls
122 lines (105 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: build-dev
on:
push:
tags:
# Matches tags that contain a dash after YY.major.minor
# Example: 25.0.0-beta.1
# Keep in mind github does not support all regex features:
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
- 'v[0-9]+.[0-9]+.[0-9]+-*'
jobs:
push-to-ghcr:
name: Build docker image and push to GHCR and GAR
runs-on: ubuntu-22.04
permissions:
packages: write
contents: read
attestations: write
id-token: write
env:
TAG: ${{ github.ref_name }}
REPO: ${{ github.event.repository.name }}
steps:
- id: prepare
name: Prepare the action and log details
shell: bash
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
TAG=$(echo $TAG | sed 's/^v//')
echo "TAG=$TAG" >> $GITHUB_ENV
echo "The tag for this build is $TAG"
echo "The repo name is: $REPO"
echo "Github context:\n$GITHUB_CONTEXT"
- id: checkout
name: Check out repo
uses: actions/checkout@v4
# =========== BUILD STEPS (TODO: Extract to another workflow) ===========
- id: scala-setup
name: Install Scala
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 21
cache: sbt
- id: cache
name: Cache dependencies
uses: actions/cache@v4
with:
path: |
~/.cache/coursier
~/.ivy2/cache
~/.sbt
key: ${{ runner.os }}-sbt-${{ hashFiles('**/build.sbt') }}
- id: linter
name: Lint code
run: sbt scalafmtCheckAll
- id: compile
name: Compile code
run: sbt clean compile
- id: test
name: Run tests
run: sbt coverage "testOnly * -- -l test_configuration.IntegrationTestTag" coverageReport
- id: dist
name: Create distribution
run: sbt dist
# ========================================================================
- id: auth-ghcr
name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: auth-google
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
project_id: 'open-targets-eu-dev'
workload_identity_provider: projects/426265110888/locations/global/workloadIdentityPools/github-actions/providers/opentargets
service_account: github-actions@open-targets-eu-dev.iam.gserviceaccount.com
access_token_lifetime: 300s
- id: auth-gar
name: Login to Google Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-west1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth-google.outputs.access_token }}
- id: push
name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
ghcr.io/${{ github.repository }}:${{ env.TAG }}
europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}:${{ env.TAG }}
- id: generate-attestations
name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: europe-west1-docker.pkg.dev/open-targets-eu-dev/${{ env.REPO }}/${{ env.REPO }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true