-
Notifications
You must be signed in to change notification settings - Fork 267
40 lines (36 loc) · 1.69 KB
/
internal-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# yamllint --format github .github/workflows/internal-images.yml
---
name: internal-images
# Refresh the tags once a day. This limits impact of rate-limited images. See RATIONALE.md
on:
schedule:
- cron: "23 3 * * *"
workflow_dispatch: # Allows manual refresh
# This builds images and pushes them to ghcr.io/tetratelabs/wazero/internal-$tag
# Using these avoid docker.io rate-limits particularly on pull requests.
jobs:
copy-images:
runs-on: ubuntu-22.04 # Hard-coding an LTS means maintenance, but only once each 2 years!
strategy:
matrix:
# Be precise in tag versions to improve reproducibility
include:
- source: tonistiigi/binfmt:qemu-v6.2.0 # for docker/setup-qemu-action
target_tag: binfmt
steps:
# Same as doing this locally: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_TOKEN}" --password-stdin
- name: "Login into GitHub Container Registry"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
# GITHUB_TOKEN=<hex token value>
# - pushes Docker images to ghcr.io
# - create via https://github.com/settings/tokens
# - needs repo:status, public_repo, write:packages, delete:packages
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull and push
run: | # This will only push a single architecture, which is fine as we currently only support amd64
docker pull ${{ matrix.source }}
docker tag ${{ matrix.source }} ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}
docker push ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}