...
1# yamllint --format github .github/workflows/internal-images.yml
2---
3name: internal-images
4
5# Refresh the tags once a day. This limits impact of rate-limited images. See RATIONALE.md
6on:
7 schedule:
8 - cron: "23 3 * * *"
9 workflow_dispatch: # Allows manual refresh
10
11# This builds images and pushes them to ghcr.io/tetratelabs/wazero/internal-$tag
12# Using these avoid docker.io rate-limits particularly on pull requests.
13jobs:
14 copy-images:
15 runs-on: ubuntu-22.04 # Hard-coding an LTS means maintenance, but only once each 2 years!
16 strategy:
17 matrix:
18 # Be precise in tag versions to improve reproducibility
19 include:
20 - source: tonistiigi/binfmt:qemu-v6.2.0 # for docker/setup-qemu-action
21 target_tag: binfmt
22
23 steps:
24 # Same as doing this locally: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_TOKEN}" --password-stdin
25 - name: "Login into GitHub Container Registry"
26 uses: docker/login-action@v2
27 with:
28 registry: ghcr.io
29 username: ${{ github.repository_owner }}
30 # GITHUB_TOKEN=<hex token value>
31 # - pushes Docker images to ghcr.io
32 # - create via https://github.com/settings/tokens
33 # - needs repo:status, public_repo, write:packages, delete:packages
34 password: ${{ secrets.GITHUB_TOKEN }}
35
36 - name: Pull and push
37 run: | # This will only push a single architecture, which is fine as we currently only support amd64
38 docker pull ${{ matrix.source }}
39 docker tag ${{ matrix.source }} ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}
40 docker push ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}
View as plain text