Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 37eb4be

Browse files
ci: add docker build & push to GHCR (#397)
1 parent f5b20de commit 37eb4be

File tree

2 files changed

+94
-34
lines changed

2 files changed

+94
-34
lines changed

‎.github/workflows/docker_image.yml

Lines changed: 68 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,81 @@
1-
name: Build Docker Image
2-
1+
name: Build & Push Container
32
on:
3+
push:
4+
branches:
5+
- 'main'
6+
tags:
7+
- '*'
8+
merge_group:
49
pull_request:
5-
branches: [ main ]
6-
workflow_dispatch:
10+
types: [assigned, opened, synchronize, reopened]
11+
12+
concurrency:
13+
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
14+
cancel-in-progress: true
15+
16+
env:
17+
REGISTRY: ghcr.io
18+
IMAGE_NAME: ${{ github.repository }}
719

820
jobs:
9-
docker:
21+
docker-build:
1022
runs-on: ubuntu-latest
23+
permissions:
24+
contents: read
25+
packages: write
26+
attestations: write
27+
id-token: write
1128
steps:
12-
- name: Checkout code
13-
uses: actions/checkout@v4
29+
- uses: actions/checkout@v4
30+
31+
- name: Set current timestamp
32+
id: vars
33+
run: |
34+
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
35+
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
36+
37+
- name: Log in to the Container registry
38+
uses: docker/login-action@v3
39+
with:
40+
registry: ${{ env.REGISTRY }}
41+
username: ${{ github.actor }}
42+
password: ${{ secrets.GITHUB_TOKEN }}
43+
44+
- name: Docker Meta
45+
id: meta
46+
uses: docker/metadata-action@v5
47+
with:
48+
images: |
49+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
50+
flavor: |
51+
latest=false
52+
tags: |
53+
type=ref,event=branch,branch=main,suffix=-${{ steps.vars.outputs.sha_short }}-${{ steps.vars.outputs.timestamp }}
54+
type=pep440,pattern={{raw}}
55+
type=ref,event=pr
56+
57+
- name: Set up QEMU
58+
uses: docker/setup-qemu-action@v3
1459

1560
- name: Set up Docker Buildx
1661
uses: docker/setup-buildx-action@v3
1762

18-
- name: Build
63+
- name: Build and push
1964
uses: docker/build-push-action@v6
65+
id: push
2066
with:
21-
push: false
2267
context: .
23-
file: Dockerfile
24-
tags: "${{ github.sha }}"
68+
platforms: linux/amd64, linux/arm64
69+
push: ${{ github.event_name != 'pull_request' }}
70+
tags: ${{ steps.meta.outputs.tags }}
71+
labels: ${{ steps.meta.outputs.labels }}
72+
cache-from: type=gha
73+
cache-to: type=gha,mode=max
74+
75+
- name: Generate artifact attestation
76+
if: github.event_name != 'pull_request'
77+
uses: actions/attest-build-provenance@v2
78+
with:
79+
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
80+
subject-digest: ${{ steps.push.outputs.digest }}
81+
push-to-registry: true

‎Dockerfile

Lines changed: 26 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,42 +1,45 @@
11
# Stage 1: Install Python dependencies
22
FROM python:3.13-slim AS python-builder
3+
34
WORKDIR /build
45

5-
# System build tools
6-
RUNapt-get update \
7-
&& apt-get install -y --no-install-recommends gcc python3-dev \
8-
&& rm -rf /var/lib/apt/lists/*
6+
RUN set -eux; \
7+
apt-get update; \
8+
apt-get install -y --no-install-recommends gcc python3-dev; \
9+
rm -rf /var/lib/apt/lists/*
910

10-
# Metadata and code that setuptools needs
1111
COPY pyproject.toml .
1212
COPY src/ ./src/
1313

14-
# Install runtime dependencies defined in pyproject.toml
15-
RUN pip install --no-cache-dir --upgrade pip \
16-
&& pip install --no-cache-dir --timeout 1000 .
17-
14+
RUN set -eux; \
15+
pip install --no-cache-dir --upgrade pip; \
16+
pip install --no-cache-dir --timeout 1000 .
1817

1918
# Stage 2: Runtime image
2019
FROM python:3.13-slim
21-
LABEL org.opencontainers.image.source="https://github.com/coderamp-labs/gitingest"
2220

23-
# Minimal runtime utilities
24-
RUN apt-get update \
25-
&& apt-get install -y --no-install-recommends git curl \
26-
&& apt-get clean \
27-
&& rm -rf /var/lib/apt/lists/*
21+
ARG UID=1000
22+
ARG GID=1000
23+
24+
ENV PYTHONUNBUFFERED=1 \
25+
PYTHONDONTWRITEBYTECODE=1
26+
27+
RUN set -eux; \
28+
apt-get update; \
29+
apt-get install -y --no-install-recommends git curl; \
30+
apt-get clean; \
31+
rm -rf /var/lib/apt/lists/*
2832

29-
ENV PYTHONUNBUFFERED=1 PYTHONDONTWRITEBYTECODE=1
3033
WORKDIR /app
31-
RUN useradd -m -u 1000 appuser
34+
RUN set -eux; \
35+
groupadd -g "$GID" appuser; \
36+
useradd -m -u "$UID" -g "$GID" appuser
3237

33-
# Copy Python site-packages and code
34-
COPY --from=python-builder /usr/local/lib/python3.13/site-packages/ \
35-
/usr/local/lib/python3.13/site-packages/
36-
COPY src/ ./
38+
COPY --from=python-builder --chown=$UID:$GID /usr/local/lib/python3.13/site-packages/ /usr/local/lib/python3.13/site-packages/
39+
COPY --chown=$UID:$GID src/ ./
3740

38-
# Set permissions
39-
RUN chown -R appuser:appuser /app
41+
RUN set -eux; \
42+
chown -R appuser:appuser /app
4043
USER appuser
4144

4245
EXPOSE 8000

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /