github.com/wasilibs/wazerox@v0.0.0-20240124024944-4923be63ab5f/.github/workflows/internal-images.yml (about) 1 # yamllint --format github .github/workflows/internal-images.yml 2 --- 3 name: internal-images 4 5 # Refresh the tags once a day. This limits impact of rate-limited images. See RATIONALE.md 6 on: 7 schedule: 8 - cron: "23 3 * * *" 9 workflow_dispatch: # Allows manual refresh 10 11 # This builds images and pushes them to ghcr.io/tetratelabs/wazero/internal-$tag 12 # Using these avoid docker.io rate-limits particularly on pull requests. 13 jobs: 14 copy-images: 15 runs-on: ubuntu-22.04 # Hard-coding an LTS means maintenance, but only once each 2 years! 16 strategy: 17 matrix: 18 # Be precise in tag versions to improve reproducibility 19 include: 20 - source: tonistiigi/binfmt:qemu-v6.2.0 # for docker/setup-qemu-action 21 target_tag: binfmt 22 23 steps: 24 # Same as doing this locally: echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_TOKEN}" --password-stdin 25 - name: "Login into GitHub Container Registry" 26 uses: docker/login-action@v2 27 with: 28 registry: ghcr.io 29 username: ${{ github.repository_owner }} 30 # GITHUB_TOKEN=<hex token value> 31 # - pushes Docker images to ghcr.io 32 # - create via https://github.com/settings/tokens 33 # - needs repo:status, public_repo, write:packages, delete:packages 34 password: ${{ secrets.GITHUB_TOKEN }} 35 36 - name: Pull and push 37 run: | # This will only push a single architecture, which is fine as we currently only support amd64 38 docker pull ${{ matrix.source }} 39 docker tag ${{ matrix.source }} ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }} 40 docker push ghcr.io/${{ github.repository }}/internal-${{ matrix.target_tag }}