Mirrors/EOS
1
0
Fork 0
mirror of https://github.com/Akkudoktor-EOS/EOS.git synced 2025-04-19 08:55:15 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

workflow: docker-build upload to DockerHub (#318)
Some checks failed
docker-build / platform-excludes (push) Has been cancelled
Details
pre-commit / pre-commit (push) Has been cancelled
Details
Run Pytest on Pull Request / test (push) Has been cancelled
Details
docker-build / build (push) Has been cancelled
Details
docker-build / merge (push) Has been cancelled
Details

Browse Source 
* workflow: docker-build upload to DockerHub
   - Upload on release, tag, push to main.
   - Build on pr to main (amd64 only).
 * docker: temporarily disable read-only container Closes #278
   - Update documentation.
   - Temporarily set akkudoktor/eos:main in compose.yml (with
     releases/tags it should be replaced by latest again)
This commit is contained in:
Dominique Lasserre 2025-01-04 01:24:37 +01:00 committed by GitHub
parent 64e62022e2
commit eabc2a795a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 125 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env
View File

@ -1,4 +1,4 @@
EOS_VERSION=latest EOS_VERSION=main
EOS_PORT=8503 EOS_PORT=8503
PYTHON_VERSION=3.12.6 PYTHON_VERSION=3.12.6

159
.github/workflows/docker-build.yml vendored
View File

@ -1,27 +1,53 @@
name: docker-build name: docker-build
on: on:
release: # pipeline runs per trigger condition, so release trigger not required as tag is sufficient
types: [published] #release:
# types: [published]
push:
branches:
- 'main'
- 'feature/config-overhaul'
tags:
- 'v*'
pull_request:
branches:
- 'main'
- 'feature/config-overhaul'
env: env:
REGISTRY: ghcr.io DOCKERHUB_REPO: akkudoktor/eos
GHCR_REPO: ghcr.io/akkudoktor-eos/eos
EOS_LICENSE: Apache-2.0
# From https://docs.docker.com/build/ci/github-actions/multi-platform/
# Changes:
# - adjusted rw permissions
# - manually set undetected license (label+annotation)
# - set description for index manifest
# - add attestation
# - conditionally don't push on pr
# - on pr just use amd64 platform
jobs: jobs:
variables: # Build platform matrix excludes. if-conditional with matrix on job level is not
# supported, see https://github.com/actions/runner/issues/1985
platform-excludes:
runs-on: ubuntu-latest
outputs: outputs:
repository: ${{ steps.var.outputs.repository}} excludes: ${{ steps.excludes.outputs.matrix }}
runs-on: "ubuntu-latest"
steps: steps:
- name: Setting global variables - id: excludes
uses: actions/github-script@v6 run: |
id: var if ${{ github.event_name == 'pull_request' }}; then
with: echo 'matrix=[
script: | {"platform": "linux/arm64"}
core.setOutput('repository', '${{ github.repository }}'.toLowerCase()); ]' | tr -d '[:space:]' >> $GITHUB_OUTPUT
else
echo 'matrix=[]' >> $GITHUB_OUTPUT
fi
build: build:
needs: needs: platform-excludes
- variables
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
@ -34,6 +60,7 @@ jobs:
platform: platform:
- linux/amd64 - linux/amd64
- linux/arm64 - linux/arm64
exclude: ${{ fromJSON(needs.platform-excludes.outputs.excludes) }}
steps: steps:
- name: Prepare - name: Prepare
run: | run: |
@ -44,7 +71,34 @@ jobs:
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: "${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }}" images: |
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
labels: |
org.opencontainers.image.licenses=${{ env.EOS_LICENSE }}
annotations: |
org.opencontainers.image.licenses=${{ env.EOS_LICENSE }}
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
# Prepare to extract description so it can be manually set for index manifest (group of platform manifests)
- name: Prepare description
id: get_description
run: |
echo "EOS_REPO_DESCRIPTION=$(jq -cr '.labels."org.opencontainers.image.description"' <<< "$DOCKER_METADATA_OUTPUT_JSON")" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
@ -52,27 +106,29 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Login to GitHub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest - name: Build and push by digest
id: build id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
platforms: ${{ matrix.platform }} platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }},push-by-digest=true,name-canonical=true,push=true annotations: ${{ steps.meta.outputs.annotations }}
outputs: type=image,"name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,"push=${{ github.event_name != 'pull_request' }}","annotation-index.org.opencontainers.image.description=${{ env.EOS_REPO_DESCRIPTION }}"
#push: ${{ github.event_name != 'pull_request' }}
- name: Generate artifact attestation - name: Generate artifact attestation DockerHub
uses: actions/attest-build-provenance@v1 uses: actions/attest-build-provenance@v2
with: with:
subject-name: "${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }}" subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
subject-digest: ${{ steps.build.outputs.digest }} subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: true push-to-registry: ${{ github.event_name != 'pull_request' }}
- name: Generate artifact attestation GitHub
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.GHCR_REPO }}
subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: ${{ github.event_name != 'pull_request' }}
- name: Export digest - name: Export digest
run: | run: |
@ -90,9 +146,14 @@ jobs:
merge: merge:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs: needs:
- build - build
- variables # skip for pull requests
if: ${{ github.event_name != 'pull_request' }}
steps: steps:
- name: Download digests - name: Download digests
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
@ -101,6 +162,19 @@ jobs:
pattern: digests-* pattern: digests-*
merge-multiple: true merge-multiple: true
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
@ -108,21 +182,30 @@ jobs:
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: "${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }}" images: |
${{ env.DOCKERHUB_REPO }}
- name: Login to GitHub ${{ env.GHCR_REPO }}
uses: docker/login-action@v3 tags: |
with: type=ref,event=branch
registry: ${{ env.REGISTRY }} type=ref,event=pr
username: ${{ github.actor }} type=semver,pattern={{version}}
password: ${{ secrets.GITHUB_TOKEN }} type=semver,pattern={{major}}.{{minor}}
labels: |
org.opencontainers.image.licenses=${{ env.EOS_LICENSE }}
annotations: |
org.opencontainers.image.licenses=${{ env.EOS_LICENSE }}
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
- name: Create manifest list and push - name: Create manifest list and push
working-directory: /tmp/digests working-directory: /tmp/digests
run: | run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }}@sha256:%s ' *) $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ needs.variables.outputs.repository }}:${{ steps.meta.outputs.version }} docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}

4
README.md
View File

@ -11,7 +11,7 @@ See [CONTRIBUTING.md](CONTRIBUTING.md).
## Installation ## Installation
The project requires Python 3.10 or newer. Currently there are no official packages or images published. The project requires Python 3.10 or newer. Official docker images can be found at [akkudoktor/eos](https://hub.docker.com/r/akkudoktor/eos).
Following sections describe how to locally start the EOS server on `http://localhost:8503`. Following sections describe how to locally start the EOS server on `http://localhost:8503`.
@ -50,7 +50,7 @@ Windows:
### Docker ### Docker
```bash ```bash
docker compose up --build docker compose up
``` ```
## Configuration ## Configuration

2
docker-compose.yaml
View File

@ -5,7 +5,7 @@ networks:
services: services:
eos: eos:
image: "akkudoktor/eos:${EOS_VERSION}" image: "akkudoktor/eos:${EOS_VERSION}"
read_only: true #read_only: true
build: build:
context: . context: .
dockerfile: "Dockerfile" dockerfile: "Dockerfile"