From 932cae3040596a253213fe0614094432d762e873 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:09:04 +0000 Subject: [PATCH 1/7] introduce a unified workflow for all flows --- .github/workflows/render-samples.yml | 5 +- workflow.yml | 115 +++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 workflow.yml diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml index be31629..670fb87 100644 --- a/.github/workflows/render-samples.yml +++ b/.github/workflows/render-samples.yml @@ -45,9 +45,12 @@ jobs: # Use the fresh container to render the samples. render-samples: needs: build-container - uses: ./.github/workflows/pr.yml + uses: . with: container: ghcr.io/trustedcomputinggroup/pandoc_test container-version: latest + github: ${{ github }} + github-token: ${{ secrets.GITHUB_TOKEN }} input: guide.tcg + workflow: pr output: guide diff --git a/workflow.yml b/workflow.yml new file mode 100644 index 0000000..a6e834c --- /dev/null +++ b/workflow.yml @@ -0,0 +1,115 @@ +# Reusable workflow to render the spec for a variety of purposes. +# https://docs.github.com/en/actions/using-workflows/reusing-workflows + +name: Render Markdown + +on: + workflow_call: + inputs: + container: + description: the Docker container to use (default is trustedcomputinggroup/pandoc) + required: false + type: string + default: ghcr.io/trustedcomputinggroup/pandoc + container-version: + description: the released version of the Docker container to use + required: true + type: string + github: + description: the 'github' context object + required: true + github-token: + description: the 'secrets.GITHUB_TOKEN' token + required: true + type: string + input: + description: the Markdown file to render + required: true + type: string + workflow: + description: the workflow to run ('pr', 'push', 'release') + required: true + type: string + output: + description: the base name for output files + required: true + type: string + +jobs: + render: + runs-on: ubuntu-latest + container: + image: ${{ inputs.container }}:${{ inputs.container-version }} + name: Render + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + fetch-tags: true + + # Cache the LaTeX files. Use input file and container version in the cache + # key so that the cache is invalidated upon file change or container + # version change. + - name: Cache LaTeX files + uses: actions/cache@v3 + env: + cache-name: cache-latex-${{ inputs.input }}-files + with: + path: | + *.aux + *.fdb_latexmk + *.lof + *.lot + *.toc + *.upa + *.upb + media/*.convert.pdf + key: latex-${{ inputs.input }}-${{ inputs.container-version }}-${{ inputs.github.run_id }} + restore-keys: latex-${{ inputs.input }}-${{ inputs.container-version }} + + # Render the document with diffs in the 'pr' mode. + - name: Render + if: inputs.workflow == 'pr' + uses: ./.github/actions/render + with: + input-md: ${{ inputs.input }} + output-basename: ${{ inputs.output }} + pdf: true + diffbase: "${{ inputs.github.event.pull_request.base.sha }}" + pr-number: "${{ inputs.github.event.number }}" + pr-repo: "${{ inputs.github.repository }}" + # Render the document without diffs in other modes. + - name: Render + if: inputs.workflow != 'pr' + uses: ./.github/actions/render + with: + input-md: ${{ inputs.input }} + output-basename: ${{ inputs.output }} + pdf: true + + # Upload the PDF to the release in 'release' mode + - name: Upload to release + if: inputs.workflow == 'release' + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ inputs.github-token }} + file: ${{ inputs.output }}.*.pdf + tag: ${{ inputs.github.ref }} + overwrite: true + file_glob: true + # Always upload all PDF and log files to the workflow artifacts + - name: Upload pdfs + uses: actions/upload-artifact@master + with: + name: PDF + path: | + ${{ inputs.output }}.*.pdf + if: always() + - name: Upload logs + uses: actions/upload-artifact@master + with: + name: Logs + path: | + ${{ inputs.output }}.*.log + if: always() From da05e7c0b5ed025a59893e0a28498e2e823532b5 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:11:16 +0000 Subject: [PATCH 2/7] add uses --- .github/workflows/render-samples.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml index 670fb87..4356fc4 100644 --- a/.github/workflows/render-samples.yml +++ b/.github/workflows/render-samples.yml @@ -45,7 +45,7 @@ jobs: # Use the fresh container to render the samples. render-samples: needs: build-container - uses: . + uses: ./workflow.yml with: container: ghcr.io/trustedcomputinggroup/pandoc_test container-version: latest From 4213bdcffda71313676cc94045b2d2428978bea1 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:13:20 +0000 Subject: [PATCH 3/7] move it back to the workflows dir --- .github/workflows/render-samples.yml | 2 +- workflow.yml => .github/workflows/render.yml | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename workflow.yml => .github/workflows/render.yml (100%) diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml index 4356fc4..8245cee 100644 --- a/.github/workflows/render-samples.yml +++ b/.github/workflows/render-samples.yml @@ -45,7 +45,7 @@ jobs: # Use the fresh container to render the samples. render-samples: needs: build-container - uses: ./workflow.yml + uses: ./.github/workflows/render.yml with: container: ghcr.io/trustedcomputinggroup/pandoc_test container-version: latest diff --git a/workflow.yml b/.github/workflows/render.yml similarity index 100% rename from workflow.yml rename to .github/workflows/render.yml From 3b20dae68e110630b589dc0c6a333da3840df245 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:15:07 +0000 Subject: [PATCH 4/7] no secrets for PR workflows --- .github/workflows/render-samples.yml | 1 - .github/workflows/render.yml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml index 8245cee..654fe1b 100644 --- a/.github/workflows/render-samples.yml +++ b/.github/workflows/render-samples.yml @@ -50,7 +50,6 @@ jobs: container: ghcr.io/trustedcomputinggroup/pandoc_test container-version: latest github: ${{ github }} - github-token: ${{ secrets.GITHUB_TOKEN }} input: guide.tcg workflow: pr output: guide diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml index a6e834c..e12df40 100644 --- a/.github/workflows/render.yml +++ b/.github/workflows/render.yml @@ -19,8 +19,8 @@ on: description: the 'github' context object required: true github-token: - description: the 'secrets.GITHUB_TOKEN' token - required: true + description: the 'secrets.GITHUB_TOKEN' token (required for 'release') + required: false type: string input: description: the Markdown file to render From b80c4eb54f6c5419ec77efc1dcfbdcc85c9e18bf Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:17:20 +0000 Subject: [PATCH 5/7] use automatic github/secrets context --- .github/workflows/render-samples.yml | 1 - .github/workflows/render.yml | 20 ++++++-------------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml index 654fe1b..c7faf6b 100644 --- a/.github/workflows/render-samples.yml +++ b/.github/workflows/render-samples.yml @@ -49,7 +49,6 @@ jobs: with: container: ghcr.io/trustedcomputinggroup/pandoc_test container-version: latest - github: ${{ github }} input: guide.tcg workflow: pr output: guide diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml index e12df40..a7f5904 100644 --- a/.github/workflows/render.yml +++ b/.github/workflows/render.yml @@ -15,14 +15,6 @@ on: description: the released version of the Docker container to use required: true type: string - github: - description: the 'github' context object - required: true - github-token: - description: the 'secrets.GITHUB_TOKEN' token (required for 'release') - required: false - type: string - input: description: the Markdown file to render required: true type: string @@ -65,7 +57,7 @@ jobs: *.upa *.upb media/*.convert.pdf - key: latex-${{ inputs.input }}-${{ inputs.container-version }}-${{ inputs.github.run_id }} + key: latex-${{ inputs.input }}-${{ inputs.container-version }}-${{ github.run_id }} restore-keys: latex-${{ inputs.input }}-${{ inputs.container-version }} # Render the document with diffs in the 'pr' mode. @@ -76,9 +68,9 @@ jobs: input-md: ${{ inputs.input }} output-basename: ${{ inputs.output }} pdf: true - diffbase: "${{ inputs.github.event.pull_request.base.sha }}" - pr-number: "${{ inputs.github.event.number }}" - pr-repo: "${{ inputs.github.repository }}" + diffbase: "${{ github.event.pull_request.base.sha }}" + pr-number: "${{ github.event.number }}" + pr-repo: "${{ github.repository }}" # Render the document without diffs in other modes. - name: Render if: inputs.workflow != 'pr' @@ -93,9 +85,9 @@ jobs: if: inputs.workflow == 'release' uses: svenstaro/upload-release-action@v2 with: - repo_token: ${{ inputs.github-token }} + repo_token: ${{ secrets.GITHUB_TOKEN }} file: ${{ inputs.output }}.*.pdf - tag: ${{ inputs.github.ref }} + tag: ${{ github.ref }} overwrite: true file_glob: true # Always upload all PDF and log files to the workflow artifacts From 323a51e7bbb0c1ac1bd48a6a916ba3d9a0371c33 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:19:29 +0000 Subject: [PATCH 6/7] un-garble the input input --- .github/workflows/render.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml index a7f5904..7a797ba 100644 --- a/.github/workflows/render.yml +++ b/.github/workflows/render.yml @@ -15,6 +15,7 @@ on: description: the released version of the Docker container to use required: true type: string + input: description: the Markdown file to render required: true type: string From cf7c747e66ed6d7ca6f5e2ed18813d32bc062436 Mon Sep 17 00:00:00 2001 From: Chris Fenner Date: Tue, 10 Sep 2024 16:26:51 +0000 Subject: [PATCH 7/7] use the unified workflow for all local workflows --- .github/workflows/docker-publish.yml | 73 ---------------- .github/workflows/pr.yml | 109 ++++++++++-------------- .github/workflows/push-main.yml | 72 ---------------- .github/workflows/push.yml | 123 +++++++++++++-------------- .github/workflows/release.yml | 117 ++++++++++++------------- .github/workflows/render-samples.yml | 54 ------------ 6 files changed, 162 insertions(+), 386 deletions(-) delete mode 100644 .github/workflows/docker-publish.yml delete mode 100644 .github/workflows/push-main.yml delete mode 100644 .github/workflows/render-samples.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index e33b5f3..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: build and publish - -on: - release: - types: [published] - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-container: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - # Login against a Docker registry - # https://github.com/docker/login-action - - name: Log into registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Set up QEMU for cross-platform builds below - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - image: tonistiigi/binfmt:latest - platforms: all - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=semver,pattern={{version}} - - # Build and push Docker image with Buildx - # https://github.com/docker/build-push-action - - name: Build and publish Docker image - uses: docker/build-push-action@v5 - with: - # Cache layers from the container repo. - # Update the cache only on pushes to main. - # This minimizes the amount of times we have to rebuild pandoc. - cache-from: type=gha - cache-to: ${{ github.event_name == 'push' && 'type=gha' || '' }} - platforms: linux/amd64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # Use the fresh container to render the samples. - render-samples: - needs: build-container - uses: ./.github/workflows/release.yml - with: - container: ghcr.io/trustedcomputinggroup/pandoc - container-version: latest - input: guide.tcg - output: guide - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7568d8c..d0c909b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,77 +1,54 @@ -# Reusable workflow to render the spec for PRs. -# https://docs.github.com/en/actions/using-workflows/reusing-workflows - -name: Render +name: PR on: - workflow_call: - inputs: - container: - required: false - type: string - default: ghcr.io/trustedcomputinggroup/pandoc - container-version: - required: true - type: string - input: - required: true - type: string - output: - required: true - type: string + pull_request: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} jobs: - render: + # Build a fresh container for the PR. + build-container: runs-on: ubuntu-latest - container: - image: ${{ inputs.container }}:${{ inputs.container-version }} - name: Render - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - fetch-tags: true + permissions: + contents: read + packages: write - - name: Cache LaTeX files - uses: actions/cache@v3 - env: - cache-name: cache-latex-${{ inputs.input }}-files + steps: + # Login against a Docker registry + # https://github.com/docker/login-action + - name: Log into registry + uses: docker/login-action@v3 with: - path: | - *.aux - *.fdb_latexmk - *.lof - *.lot - *.toc - *.upa - *.upb - media/*.convert.pdf - key: latex-${{ inputs.input }}-${{ github.run_id }} - restore-keys: latex-${{ inputs.input }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Render - uses: ./.github/actions/render - with: - input-md: ${{ inputs.input }} - output-basename: ${{ inputs.output }} - pdf: true - diffbase: "${{ github.event.pull_request.base.sha }}" - pr-number: "${{ github.event.number }}" - pr-repo: "${{ github.repository }}" + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 - - name: Upload pdfs - uses: actions/upload-artifact@master + # Build and push Docker image as "pandoc_test" + # Only amd64, since we're just building a container + # to be used below in the GH action runner. + - name: Build and publish Docker image + uses: docker/build-push-action@v5 with: - name: PDF - path: | - ${{ inputs.output }}.*.pdf - if: always() + # Cache layers from the container repo. + # This minimizes the amount of times we have to rebuild pandoc. + # Read-only: Avoid cluttering up the cache on pull requests. + cache-from: type=gha + platforms: linux/amd64 + push: true + tags: ghcr.io/trustedcomputinggroup/pandoc_test - - name: Upload logs - uses: actions/upload-artifact@master - with: - name: Logs - path: | - ${{ inputs.output }}.*.log - if: always() + # Use the fresh container to render the samples. + render-samples: + needs: build-container + uses: ./.github/workflows/render.yml + with: + container: ghcr.io/trustedcomputinggroup/pandoc_test + container-version: latest + input: guide.tcg + workflow: pr + output: guide diff --git a/.github/workflows/push-main.yml b/.github/workflows/push-main.yml deleted file mode 100644 index 1fa3e4f..0000000 --- a/.github/workflows/push-main.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: build and publish - -on: - release: - types: [published] - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-container: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - # Login against a Docker registry - # https://github.com/docker/login-action - - name: Log into registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Set up QEMU for cross-platform builds below - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - image: tonistiigi/binfmt:latest - platforms: all - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=semver,pattern={{version}} - - # Build and push Docker image with Buildx - # https://github.com/docker/build-push-action - - name: Build and publish Docker image - uses: docker/build-push-action@v5 - with: - # Cache layers from the container repo. - # Update the cache only on pushes to main. - # This minimizes the amount of times we have to rebuild pandoc. - cache-from: type=gha - cache-to: ${{ github.event_name == 'push' && 'type=gha' || '' }} - platforms: linux/amd64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # Use the fresh container to render the samples. - render-samples: - needs: build-container - uses: ./.github/workflows/push.yml - with: - container: ghcr.io/trustedcomputinggroup/pandoc - container-version: latest - input: guide.tcg - output: guide diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 737f150..9c44597 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -1,78 +1,73 @@ -# Reusable workflow to render the spec for pushes. -# https://docs.github.com/en/actions/using-workflows/reusing-workflows - -# Build on pushes, because if you push to cache on builds for tags, -# the cache can't be read by builds for other tags: -# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache - -name: Render +# Build and publish the container and use it to render the PDF for pushes to main. +name: Push on: - workflow_call: - inputs: - container: - required: false - type: string - default: ghcr.io/trustedcomputinggroup/pandoc - container-version: - required: true - type: string - input: - required: true - type: string - output: - required: true - type: string + push: + branches: [main] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} jobs: - render: + build-container: runs-on: ubuntu-latest - container: - image: ${{ inputs.container }}:${{ inputs.container-version }} - name: Render + permissions: + contents: read + packages: write + steps: - - name: Checkout - uses: actions/checkout@v3 + # Login against a Docker registry + # https://github.com/docker/login-action + - name: Log into registry + uses: docker/login-action@v3 with: - fetch-depth: 0 - fetch-tags: true + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Cache LaTeX files - uses: actions/cache@v3 - env: - cache-name: cache-latex-${{ inputs.input }}-files + # Set up QEMU for cross-platform builds below + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 with: - path: | - *.aux - *.fdb_latexmk - *.lof - *.lot - *.toc - *.upa - *.upb - media/*.convert.pdf - key: latex-${{ inputs.input }}-${{ github.run_id }} - restore-keys: latex-${{ inputs.input }} + image: tonistiigi/binfmt:latest + platforms: all - - name: Render - uses: ./.github/actions/render - with: - input-md: ${{ inputs.input }} - output-basename: ${{ inputs.output }} - pdf: true + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 - - name: Upload pdfs - uses: actions/upload-artifact@master + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 with: - name: PDF - path: | - ${{ inputs.output }}.*.pdf - if: always() + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} - - name: Upload logs - uses: actions/upload-artifact@master + # Build and push Docker image with Buildx + # https://github.com/docker/build-push-action + - name: Build and publish Docker image + uses: docker/build-push-action@v5 with: - name: Logs - path: | - ${{ inputs.output }}.*.log - if: always() + # Cache layers from the container repo. + # Update the cache only on pushes to main. + # This minimizes the amount of times we have to rebuild pandoc. + cache-from: type=gha + cache-to: ${{ github.event_name == 'push' && 'type=gha' || '' }} + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Use the fresh container to render the samples. + render-samples: + needs: build-container + uses: ./.github/workflows/render.yml + with: + container-version: latest + input: guide.tcg + workflow: push + output: guide diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 46be5af..e9e0320 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,70 +1,73 @@ -# Reusable workflow to render the spec for releases. -# https://docs.github.com/en/actions/using-workflows/reusing-workflows - -name: Render +# Build, publish, and tag the container and use it to render the PDF for releases. +name: build and publish on: - workflow_call: - inputs: - container: - required: false - type: string - default: ghcr.io/trustedcomputinggroup/pandoc - container-version: - required: true - type: string - input: - required: true - type: string - output: - required: true - type: string - github-token: - required: true - type: string + release: + types: [published] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} jobs: - render: + build-container: runs-on: ubuntu-latest - container: - image: ${{ inputs.container }}:${{ inputs.container-version }} - name: Render + permissions: + contents: read + packages: write + steps: - - name: Checkout - uses: actions/checkout@v3 + # Login against a Docker registry + # https://github.com/docker/login-action + - name: Log into registry + uses: docker/login-action@v3 with: - fetch-depth: 0 - fetch-tags: true + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Cache LaTeX files - uses: actions/cache@v3 - env: - cache-name: cache-latex-${{ inputs.input }}-files + # Set up QEMU for cross-platform builds below + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 with: - path: | - *.aux - *.fdb_latexmk - *.lof - *.lot - *.toc - *.upa - *.upb - media/*.convert.pdf - key: latex-${{ inputs.input }}-${{ github.run_id }} - restore-keys: latex-${{ inputs.input }} + image: tonistiigi/binfmt:latest + platforms: all - - name: Render - uses: ./.github/actions/render + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 with: - input-md: ${{ inputs.input }} - output-basename: ${{ inputs.output }} - pdf: true + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} - - name: Upload to release - uses: svenstaro/upload-release-action@v2 + # Build and push Docker image with Buildx + # https://github.com/docker/build-push-action + - name: Build and publish Docker image + uses: docker/build-push-action@v5 with: - repo_token: ${{ inputs.github-token }} - file: ${{ inputs.output }}.*.pdf - tag: ${{ github.ref }} - overwrite: true - file_glob: true + # Cache layers from the container repo. + # Update the cache only on pushes to main. + # This minimizes the amount of times we have to rebuild pandoc. + cache-from: type=gha + cache-to: ${{ github.event_name == 'push' && 'type=gha' || '' }} + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Use the fresh container to render the samples, attaching them to the release. + render-samples: + needs: build-container + uses: ./.github/workflows/render.yml + with: + container-version: latest + input: guide.tcg + workflow: release + output: guide diff --git a/.github/workflows/render-samples.yml b/.github/workflows/render-samples.yml deleted file mode 100644 index c7faf6b..0000000 --- a/.github/workflows/render-samples.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: render samples - -on: - pull_request: - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - # Build a fresh container for the PR. - build-container: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - # Login against a Docker registry - # https://github.com/docker/login-action - - name: Log into registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - - # Build and push Docker image as "pandoc_test" - # Only amd64, since we're just building a container - # to be used below in the GH action runner. - - name: Build and publish Docker image - uses: docker/build-push-action@v5 - with: - # Cache layers from the container repo. - # This minimizes the amount of times we have to rebuild pandoc. - # Read-only: Avoid cluttering up the cache on pull requests. - cache-from: type=gha - platforms: linux/amd64 - push: true - tags: ghcr.io/trustedcomputinggroup/pandoc_test - - # Use the fresh container to render the samples. - render-samples: - needs: build-container - uses: ./.github/workflows/render.yml - with: - container: ghcr.io/trustedcomputinggroup/pandoc_test - container-version: latest - input: guide.tcg - workflow: pr - output: guide