| 1 | name: Docker image (sway-gate) |
| 2 | |
| 3 | # Triggered on every ``v*`` tag push. Builds the sway-gate image |
| 4 | # (Dockerfile.gate at repo root), pushes to ghcr.io tagged with both |
| 5 | # the version and ``latest``. Consumed by the |
| 6 | # ``sway-gate-docker`` pre-commit hook variant and anyone running |
| 7 | # ``docker run ghcr.io/tenseleyflow/sway-gate`` directly. |
| 8 | # |
| 9 | # The job depends on the ``dlm-sway`` wheel already being on PyPI at |
| 10 | # the matching version — the Dockerfile's ``pip install |
| 11 | # dlm-sway[hf,semsim]==<SWAY_VERSION>`` will fail until PyPI has |
| 12 | # indexed the release. Publish to PyPI first (``twine upload``), |
| 13 | # then push the tag that triggers this job. |
| 14 | |
| 15 | on: |
| 16 | push: |
| 17 | tags: |
| 18 | - "v*" |
| 19 | workflow_dispatch: |
| 20 | inputs: |
| 21 | sway_version: |
| 22 | description: "Version to bake into the image (e.g. 0.1.0). Defaults to the tag minus leading 'v'." |
| 23 | type: string |
| 24 | required: false |
| 25 | |
| 26 | concurrency: |
| 27 | group: docker-${{ github.workflow }}-${{ github.ref }} |
| 28 | cancel-in-progress: false |
| 29 | |
| 30 | env: |
| 31 | FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" |
| 32 | |
| 33 | jobs: |
| 34 | build-and-push: |
| 35 | name: Build + push ghcr.io/tenseleyflow/sway-gate |
| 36 | runs-on: ubuntu-latest |
| 37 | timeout-minutes: 45 |
| 38 | permissions: |
| 39 | contents: read |
| 40 | packages: write |
| 41 | |
| 42 | steps: |
| 43 | - uses: actions/checkout@v4 |
| 44 | |
| 45 | - name: Resolve SWAY_VERSION |
| 46 | id: version |
| 47 | run: | |
| 48 | if [ -n "${{ inputs.sway_version }}" ]; then |
| 49 | v="${{ inputs.sway_version }}" |
| 50 | else |
| 51 | v="${GITHUB_REF_NAME#v}" |
| 52 | fi |
| 53 | echo "version=${v}" >> "$GITHUB_OUTPUT" |
| 54 | echo "Resolved SWAY_VERSION=${v}" |
| 55 | |
| 56 | - name: Set up Docker Buildx |
| 57 | uses: docker/setup-buildx-action@v3 |
| 58 | |
| 59 | - name: Log in to GHCR |
| 60 | uses: docker/login-action@v3 |
| 61 | with: |
| 62 | registry: ghcr.io |
| 63 | username: ${{ github.actor }} |
| 64 | password: ${{ secrets.GITHUB_TOKEN }} |
| 65 | |
| 66 | # ``tenseleyflow`` is the GitHub org name; GHCR repo is always |
| 67 | # ``ghcr.io/<org>/<image>`` in lowercase. Hard-code the lowercase |
| 68 | # form so a pushed tag from a cased-branch context still targets |
| 69 | # the right registry path. |
| 70 | - name: Build + push |
| 71 | uses: docker/build-push-action@v6 |
| 72 | with: |
| 73 | context: . |
| 74 | file: ./Dockerfile.gate |
| 75 | build-args: | |
| 76 | SWAY_VERSION=${{ steps.version.outputs.version }} |
| 77 | push: true |
| 78 | tags: | |
| 79 | ghcr.io/tenseleyflow/sway-gate:v${{ steps.version.outputs.version }} |
| 80 | ghcr.io/tenseleyflow/sway-gate:latest |
| 81 | cache-from: type=gha |
| 82 | cache-to: type=gha,mode=max |
| 83 | |
| 84 | - name: Smoke-test pulled image |
| 85 | run: | |
| 86 | docker run --rm \ |
| 87 | ghcr.io/tenseleyflow/sway-gate:v${{ steps.version.outputs.version }} \ |
| 88 | --version |
| 89 |