Skip to content
03 Maintain: Apply Package Cache

Update docker workflows #27

Sign in to view logs

Update docker workflows

Update docker workflows #27

Workflow file for this run

.github/workflows/docker_apply_cache.yaml at ac3e30b
name: "03 Maintain: Apply Package Cache"
on:
workflow_dispatch:
inputs:
name:
description: 'Who triggered this build?'
required: true
default: 'Maintainer (via GitHub)'
pull_request:
types:
- closed
branches:
- main
jobs:
preflight:
name: "Preflight: PR or Manual Trigger?"
runs-on: ubuntu-latest
outputs:
do-apply: ${{ steps.check.outputs.merged_or_manual }}
steps:
- name: "Should we run cache application?"
id: check
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ||
("${{ github.event.action }}" == "closed" && "${{ github.event.pull_request.merged }}" == "true") ]]; then
echo "merged_or_manual=true" >> $GITHUB_OUTPUT
else
echo "This was not a manual trigger and no PR was merged. No action taken."
echo "merged_or_manual=false" >> $GITHUB_OUTPUT
fi
check-renv:
name: "Check If We Need {renv}"
runs-on: ubuntu-latest
needs: preflight
if: ${{ needs.preflight.outputs.do-apply == 'true' }}
permissions:
id-token: write # OIDC permission required
outputs:
renv-needed: ${{ steps.check-for-renv.outputs.renv-needed }}
renv-cache-hashsum: ${{ steps.check-for-renv.outputs.renv-cache-hashsum }}
renv-cache-available: ${{ steps.check-for-renv.outputs.renv-cache-available }}
steps:
- name: "Check for renv"
id: check-for-renv
uses: carpentries/actions/renv-checks@frog-s3-test-1
with:
role-to-assume: ${{ secrets.AWS_GH_OIDC_ARN }}
aws-region: ${{ secrets.AWS_GH_OIDC_REGION }}
WORKBENCH_TAG: ${{ vars.WORKBENCH_TAG || 'latest' }}
no-renv-cache-used:
name: "No renv cache used"
runs-on: ubuntu-latest
needs: check-renv
if: ${{ needs.check-renv.outputs.renv-needed != 'true' }}
steps:
- name: "No renv cache needed"
run: echo "No renv cache needed for this lesson"
renv-cache-available:
name: "renv cache available"
runs-on: ubuntu-latest
needs: check-renv
if: ${{ needs.check-renv.outputs.renv-cache-available == 'true' }}
steps:
- name: "renv cache available"
run: echo "renv cache available for this lesson"
update-renv-cache:
name: "Update renv Cache"
runs-on: ubuntu-latest
needs: check-renv
if: |
needs.check-renv.outputs.renv-needed == 'true' &&
needs.check-renv.outputs.renv-cache-available != 'true' &&
(
github.event_name == 'workflow_dispatch' ||
(
github.event.pull_request.merged == true &&
contains(
join(github.event.pull_request.labels.*.name, ','),
'type: package cache'
)
)
)
permissions:
checks: write
contents: write
pages: write
id-token: write # OIDC permission required
container:
image: carpentries/workbench-docker:${{ vars.WORKBENCH_TAG || 'latest' }}
env:
WORKBENCH_PROFILE: "ci"
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
RENV_PATHS_ROOT: /home/rstudio/lesson/renv
RENV_PROFILE: "lesson-requirements"
RENV_VERSION: ${{ needs.prepare.outputs.renv-cache-hashsum }}
RENV_CONFIG_EXTERNAL_LIBRARIES: "/usr/local/lib/R/site-library"
volumes:
- ${{ github.workspace }}:/home/rstudio/lesson
options: --cpus 2
steps:
- uses: actions/checkout@v4
- name: Debugging Info
run: |
echo "Current Directory: $(pwd)"
ls -lah /home/rstudio/.workbench
ls -lah $(pwd)
Rscript -e 'sessionInfo()'
- name: Mark Repository as Safe
run: |
git config --global --add safe.directory $(pwd)
- name: "Ensure sandpaper is loadable"
run: |
.libPaths()
library(sandpaper)
shell: Rscript {0}
- name: Setup Lesson Dependencies
run: |
Rscript /home/rstudio/.workbench/setup_lesson_deps.R
- name: Fortify renv Cache
run: |
Rscript /home/rstudio/.workbench/fortify_renv_cache.R
- name: Get Container Version Used
id: wb-vers
uses: carpentries/actions/container-version@frog-s3-test-1
with:
WORKBENCH_TAG: ${{ vars.WORKBENCH_TAG }}
renv-needed: ${{ needs.check-renv.outputs.renv-needed }}
- name: "Validate Current Org and Workflow"
id: validate-org-workflow
uses: carpentries/actions/validate-org-workflow@frog-s3-test-1
with:
repo: ${{ github.repository }}
workflow: ${{ github.workflow }}
- name: Configure AWS credentials via OIDC
id: aws-creds
if: ${{ steps.validate-org-workflow.outputs.is_valid == 'true' }}
uses: aws-actions/configure-aws-credentials@v5.0.0
with:
role-to-assume: ${{ secrets.AWS_GH_OIDC_ARN }}
aws-region: ${{ secrets.AWS_GH_OIDC_REGION }}
output-credentials: true
- name: Upload cache object to S3
uses: carpentries/actions-cache@frog-matchedkey-1
with:
# insecure: false # optional, use http instead of https. default false
accessKey: ${{ steps.aws-creds.outputs.aws-access-key-id }}
secretKey: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
sessionToken: ${{ steps.aws-creds.outputs.aws-session-token }}
bucket: workbench-docker-caches
path: |
/home/rstudio/lesson/renv
/usr/local/lib/R/site-library
key: ${{ github.repository }}/${{ steps.wb-vers.outputs.container-version }}_renv-${{ needs.check-renv.outputs.renv-cache-hashsum }}
restore-keys:
${{ github.repository }}/${{ steps.wb-vers.outputs.container-version }}_renv-
# trigger the build deploy workflow if update-renv-cache was successful
trigger-build-deploy:
name: "Trigger Build and Deploy Workflow"
runs-on: ubuntu-latest
needs: [check-renv, update-renv-cache]
if: |
needs.update-renv-cache.outcome == 'success'
steps:
- name: "Trigger Build and Deploy Workflow"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh workflow run docker_build_deploy.yaml --ref main
shell: bash