shithub Public

Watch 1 Fork 0 Star 0

YAML · 2062 bytes Raw Blame History

  
        1
        name: runner image
      
        2
        
        3
        on:
      
        4
          workflow_dispatch:
      
        5
            inputs:
      
        6
              image:
      
        7
                description: "Destination image name; blank publishes under this repo's GHCR namespace"
      
        8
                required: false
      
        9
                default: ""
      
        10
              tag:
      
        11
                description: "Destination image tag"
      
        12
                required: true
      
        13
                default: "1.0"
      
        14
        
        15
        permissions:
      
        16
          contents: read
      
        17
          id-token: write
      
        18
          packages: write
      
        19
        
        20
        env:
      
        21
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
      
        22
        
        23
        jobs:
      
        24
          build:
      
        25
            runs-on: ubuntu-latest
      
        26
            steps:
      
        27
              - uses: actions/checkout@v4
      
        28
        
        29
              - uses: DeterminateSystems/determinate-nix-action@v3
      
        30
        
        31
              - name: Resolve destination image
      
        32
                id: image
      
        33
                env:
      
        34
                  INPUT_IMAGE: ${{ inputs.image }}
      
        35
                  INPUT_TAG: ${{ inputs.tag }}
      
        36
                  REPOSITORY: ${{ github.repository }}
      
        37
                run: |
      
        38
                  set -euo pipefail
      
        39
                  image="$INPUT_IMAGE"
      
        40
                  if [ -z "$image" ]; then
      
        41
                    image="ghcr.io/${REPOSITORY,,}/runner-nix"
      
        42
                  fi
      
        43
                  case "$image" in
      
        44
                    *[!a-z0-9/:._-]* | "")
      
        45
                      echo "invalid image name: $image" >&2
      
        46
                      exit 2
      
        47
                      ;;
      
        48
                  esac
      
        49
                  case "$INPUT_TAG" in
      
        50
                    *[!A-Za-z0-9_.-]* | "")
      
        51
                      echo "invalid image tag: $INPUT_TAG" >&2
      
        52
                      exit 2
      
        53
                      ;;
      
        54
                  esac
      
        55
                  printf 'image=%s\n' "$image" >> "$GITHUB_OUTPUT"
      
        56
                  printf 'tag=%s\n' "$INPUT_TAG" >> "$GITHUB_OUTPUT"
      
        57
        
        58
              - name: Build image tarball
      
        59
                run: nix build ./deploy/runner-images#runnerImage --print-build-logs
      
        60
        
        61
              - name: Load image
      
        62
                run: docker load < result
      
        63
        
        64
              - name: Tag image
      
        65
                run: docker tag ghcr.io/tenseleyflow/shithub/runner-nix:1.0 "${{ steps.image.outputs.image }}:${{ steps.image.outputs.tag }}"
      
        66
        
        67
              - name: Login to GHCR
      
        68
                uses: docker/login-action@v3
      
        69
                with:
      
        70
                  registry: ghcr.io
      
        71
                  username: ${{ github.actor }}
      
        72
                  password: ${{ secrets.GITHUB_TOKEN }}
      
        73
        
        74
              - name: Push image
      
        75
                run: docker push "${{ steps.image.outputs.image }}:${{ steps.image.outputs.tag }}"
      
        76

1	name: runner image
2
3	on:
4	workflow_dispatch:
5	inputs:
6	image:
7	description: "Destination image name; blank publishes under this repo's GHCR namespace"
8	required: false
9	default: ""
10	tag:
11	description: "Destination image tag"
12	required: true
13	default: "1.0"
14
15	permissions:
16	contents: read
17	id-token: write
18	packages: write
19
20	env:
21	FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
22
23	jobs:
24	build:
25	runs-on: ubuntu-latest
26	steps:
27	- uses: actions/checkout@v4
28
29	- uses: DeterminateSystems/determinate-nix-action@v3
30
31	- name: Resolve destination image
32	id: image
33	env:
34	INPUT_IMAGE: ${{ inputs.image }}
35	INPUT_TAG: ${{ inputs.tag }}
36	REPOSITORY: ${{ github.repository }}
37	run: \|
38	set -euo pipefail
39	image="$INPUT_IMAGE"
40	if [ -z "$image" ]; then
41	image="ghcr.io/${REPOSITORY,,}/runner-nix"
42	fi
43	case "$image" in
44	[!a-z0-9/:._-] \| "")
45	echo "invalid image name: $image" >&2
46	exit 2
47	;;
48	esac
49	case "$INPUT_TAG" in
50	[!A-Za-z0-9_.-] \| "")
51	echo "invalid image tag: $INPUT_TAG" >&2
52	exit 2
53	;;
54	esac
55	printf 'image=%s\n' "$image" >> "$GITHUB_OUTPUT"
56	printf 'tag=%s\n' "$INPUT_TAG" >> "$GITHUB_OUTPUT"
57
58	- name: Build image tarball
59	run: nix build ./deploy/runner-images#runnerImage --print-build-logs
60
61	- name: Load image
62	run: docker load < result
63
64	- name: Tag image
65	run: docker tag ghcr.io/tenseleyflow/shithub/runner-nix:1.0 "${{ steps.image.outputs.image }}:${{ steps.image.outputs.tag }}"
66
67	- name: Login to GHCR
68	uses: docker/login-action@v3
69	with:
70	registry: ghcr.io
71	username: ${{ github.actor }}
72	password: ${{ secrets.GITHUB_TOKEN }}
73
74	- name: Push image
75	run: docker push "${{ steps.image.outputs.image }}:${{ steps.image.outputs.tag }}"
76