backend/enh/docker-push-for-ci #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["main"] # Only trigger on pushes to the main branch | |
| pull_request: | |
| branches: ["*"] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: x86_64-linux | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: nammayatri | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| skipPush: true | |
| - name: Build all flake outputs | |
| run: om ci | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| run: | | |
| set -euo pipefail | |
| ARG1="${1:-dockerImage}" # Default argument set to 'dockerImage' | |
| shift 1 || true | |
| set -x | |
| # Show git status as Docker tag is based on the working copy status | |
| git status | |
| # Build the flake output and load the Docker image | |
| docker load -i "$(nix build .#"$ARG1" --print-out-paths --no-update-lock-file)" | |
| # Fetch the image name and tag | |
| IMAGE_NAME="$(nix eval --json .#packages.x86_64-linux."$ARG1".buildArgs | jq -r '"\(.name):\(.tag)"')" | |
| echo "Built and loaded: ${IMAGE_NAME}" | |
| # Use a temporary directory for HOME to avoid insecure password storage | |
| HOME="$(mktemp -d)" | |
| export HOME | |
| # Ensure the Docker image is removed after pushing | |
| trap 'docker rmi "${IMAGE_NAME}"; rm -rf "$HOME"' EXIT | |
| # Push the Docker image | |
| docker push "${IMAGE_NAME}" | |
| echo "Pushed image: ${IMAGE_NAME}" | |
| # Log out from Docker registry | |
| docker logout ghcr.io |