Skip to content

Add script to import custom certificate to Java #123

Add script to import custom certificate to Java

Add script to import custom certificate to Java #123

Workflow file for this run

name: build
on:
push:
branches:
- main
release:
types:
- published
- edited
jobs:
docker_build:
runs-on: self-hosted
outputs:
tag: ${{ steps.build_tag.outputs.tag }}
steps:
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: hippocampusgirl
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to container registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Set up build tag
id: build_tag
shell: bash
env:
github_ref: ${{ github.ref }}
github_repository: ${{ github.repository }}
run: |
version=$(echo "${github_ref}" | cut -d '/' -f 3)
if [[ "$version" == "main" ]]; then
version=latest
fi
owner=$( \
echo "${github_repository}" | \
cut -d'/' -f1 | \
tr '[:upper:]' '[:lower:]' \
)
name=$( \
echo "${github_repository}" | \
cut -d'/' -f2 | \
sed -r 's/([A-Za-z0-9])([A-Z])([a-z0-9])/\1-\L\2\3/g' | \
tr '[:upper:]' '[:lower:]' \
)
echo "repo=${name}" >> ${GITHUB_OUTPUT}
echo "tag=${name}:${version}" >> ${GITHUB_OUTPUT}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
uses: actions/checkout@v4
- name: Build and push to container registry
uses: docker/build-push-action@v5
with:
context: "."
file: "./Dockerfile"
platforms: linux/amd64
cache-from: type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache
cache-to: type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache,compression=zstd,mode=max
outputs: type=image,name=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.tag }},push=true,compression=gzip,compression-level=9,force-compression=true
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ github.event.repository.updated_at}}
singularity_build:
runs-on: self-hosted
needs:
- docker_build
defaults:
run:
shell: bash --login -x -e {0}
steps:
- uses: conda-incubator/setup-miniconda@v2
with:
miniforge-variant: Mambaforge
miniforge-version: latest
auto-activate-base: true
activate-environment: ""
use-mamba: true
- name: Set up Singularity
run: |
mamba install --yes singularity
- name: Singularity build
id: singularity_build
env:
docker_build_tag: ${{ needs.docker_build.outputs.tag }}
run: |
# Configure Singularity to not use the host's /tmp folder
# because it is too small
export SINGULARITY_TMPDIR="${PWD}"
# Build Singularity image from Docker image
singularity_build_name=$(echo -n ${docker_build_tag} | tr -c '[:alnum:]' '-')
singularity build --disable-cache \
${singularity_build_name}.sif \
docker://${{ secrets.REGISTRY }}/${docker_build_tag}
echo "name=${singularity_build_name}" >> ${GITHUB_OUTPUT}
- name: Upload to DigitalOcean
env:
digitalocean_access_key: ${{ secrets.DIGITALOCEAN_ACCESS_KEY }}
digitalocean_secret_key: ${{ secrets.DIGITALOCEAN_SECRET_KEY }}
digitalocean_region: ${{ secrets.DIGITALOCEAN_REGION }}
digitalocean_space_name: ${{ secrets.DIGITALOCEAN_SPACE_NAME }}
singularity_build_name: ${{ steps.singularity_build.outputs.name }}
run: |
pip install s3cmd
s3cmd --stop-on-error \
--ssl --no-encrypt \
--access_key="${digitalocean_access_key}" \
--secret_key="${digitalocean_secret_key}" \
--host="${digitalocean_region}.digitaloceanspaces.com" \
--host-bucket="%(bucket)s.${digitalocean_region}.digitaloceanspaces.com" \
--dump-config \
> ${HOME}/.s3cfg
s3cmd put ${singularity_build_name}.sif s3://${digitalocean_space_name}/singularity/
s3cmd setacl s3://${digitalocean_space_name}/singularity/${singularity_build_name}.sif --acl-public