diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 7f623a2..eb9c25d 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -6,18 +6,36 @@ on: release: type: [published] +permissions: + contents: read + id-token: write + env: - TEST_TAG: dessimozlab/fastoma:test + REGISTRY_IMAGE: dessimozlab/fastoma jobs: build: - runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + - platform: linux/arm64 + runner: ubuntu-24.04-arm + + runs-on: ${{ matrix.runner }} steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6 with: submodules: recursive @@ -26,8 +44,7 @@ jobs: uses: docker/metadata-action@v5 with: # list of Docker images to use as base name for tags - images: | - dessimozlab/fastoma + images: ${{ env.REGISTRY_IMAGE }} # generate Docker tags based on the following events/attributes tags: | type=schedule @@ -47,17 +64,49 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Build and export to docker for testing + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Build and push by digest only + id: build uses: docker/build-push-action@v6 with: context: . - load: true - tags: ${{ env.TEST_TAG }} + platforms: ${{ matrix.platform }} + tags: ${{ env.REGISTRY_IMAGE }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + provenance: mode=max + sbom: true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" - #- name: Test - # run: | - # docker run --rm -i -v $PWD/tests:/input -v $PWD/tests/:/reads -v $PWD/output:/out -v $PWD/run:/run ${{ env.TEST_TAG }} --tree --standalone_path /input/marker_genes --dna_reference /input/cds-marker_genes.fasta.gz --reads /reads/sample_1.fastq --output_path /out - # if [ ! -f output/tree_sample_1.nwk ] ; then exit 1; fi + - name: Upload digest + uses: actions/upload-artifact@v7 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v8 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true - name: Login to DockerHub uses: docker/login-action@v3 @@ -65,22 +114,49 @@ jobs: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - name: Set platforms - id: set_platforms + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + labels: | + org.opencontainers.image.source=${{ github.repository }} + org.opencontainers.image.revision=${{ github.sha }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests run: | - echo "github ref: ${GITHUB_REF}" - if [[ "${GITHUB_REF##*/}" == "main" || "${GITHUB_REF##*/}" == "dev" || "${GITHUB_REF}" == "refs/tags/"* ]]; then - echo "platforms=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT - else - echo "platforms=linux/amd64" >> $GITHUB_OUTPUT - fi - - - name: Build and push - uses: docker/build-push-action@v6 + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + publish-doc: + runs-on: ubuntu-latest + needs: + - merge + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Update repo description + uses: peter-evans/dockerhub-description@v5 with: - context: . - platforms: ${{ steps.set_platforms.outputs.platforms }} - push: true - #${{ github.event_name != 'push' && github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + repository: ${{ env.REGISTRY_IMAGE }} + readme-filepath: ./README.md diff --git a/.github/workflows/nf-test.yml b/.github/workflows/nf-test.yml index 39d8d07..566f748 100644 --- a/.github/workflows/nf-test.yml +++ b/.github/workflows/nf-test.yml @@ -12,11 +12,13 @@ on: env: NFT_DIFF: "pdiff" NFT_DIFF_ARGS: "--line-numbers --width 120 --expand-tabs=2" - NFT_VER: "0.9.2" - NFT_WORKDIR: "${{ github.workspace }}/nf-test-work" + NFT_VER: "0.9.4" + NFT_WORKDIR: "/tmp/nft-test" + NXF_WORK: "/tmp/nxf-work" NXF_ANSI_LOG: false NXF_SINGULARITY_CACHEDIR: ${{ github.workspace }}/.singularity NXF_SINGULARITY_LIBRARYDIR: ${{ github.workspace }}/.singularity + NXF_CONDA_CACHEDIR: "/tmp/conda" concurrency: group: "${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}" @@ -40,15 +42,15 @@ jobs: steps: - name: Check out pipeline code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4 with: fetch-depth: 0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v5 with: python-version: "3.11" - - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v4 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v4 with: distribution: "temurin" java-version: "17" @@ -78,7 +80,7 @@ jobs: - name: Set up miniconda if: matrix.profile == 'conda' - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3 + uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 # v3 with: miniconda-version: "latest" auto-update-conda: true @@ -143,7 +145,7 @@ jobs: - name: Upload test results if: always() # run even if tests fail - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: nf-test-results-${{ matrix.filter }}-${{ matrix.profile }}-${{ matrix.NXF_VER }}-${{ matrix.shard }} path: | diff --git a/.github/workflows/publish-pypi-release.yml b/.github/workflows/publish-pypi-release.yml index dbe840e..94ac542 100644 --- a/.github/workflows/publish-pypi-release.yml +++ b/.github/workflows/publish-pypi-release.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: