25d9901568
* Use repo-scoped image for internal build image Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
41 lines
1.7 KiB
YAML
41 lines
1.7 KiB
YAML
# yamllint --format github .github/workflows/internal-images.yml
|
|
---
|
|
name: internal-images
|
|
|
|
# Refresh the tags once a day. This limits impact of rate-limited images. See RATIONALE.md
|
|
on:
|
|
schedule:
|
|
- cron: "23 3 * * *"
|
|
workflow_dispatch: # Allows manual refresh
|
|
|
|
# This builds images and pushes them to ghcr.io/tetratelabs/wazero/internal-$tag
|
|
# Using these avoid docker.io rate-limits particularly on pull requests.
|
|
jobs:
|
|
copy-images:
|
|
runs-on: ubuntu-22.04 # Hard-coding an LTS means maintenance, but only once each 2 years!
|
|
strategy:
|
|
matrix:
|
|
# Be precise in tag versions to improve reproducibility
|
|
include:
|
|
- source: tonistiigi/binfmt:qemu-v6.2.0 # for docker/setup-qemu-action
|
|
target_tag: binfmt
|
|
|
|
steps:
|
|
# Same as doing this locally: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_TOKEN}" --password-stdin
|
|
- name: "Login into GitHub Container Registry"
|
|
uses: docker/login-action@v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
# GITHUB_TOKEN=<hex token value>
|
|
# - pushes Docker images to ghcr.io
|
|
# - create via https://github.com/settings/tokens
|
|
# - needs repo:status, public_repo, write:packages, delete:packages
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Pull and push
|
|
run: | # This will only push a single architecture, which is fine as we currently only support amd64
|
|
docker pull ${{ matrix.source }}
|
|
docker tag ${{ matrix.source }} ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}
|
|
docker push ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}
|