Skip to content

ci(action): add manual workflow #29

ci(action): add manual workflow

ci(action): add manual workflow #29

name: Docker (latest)
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
schedule:
# Runs at 00:00, on day 1 of the month
- cron: '0 0 1 * *'
push:
branches: [ "main" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
paths:
- '.github/workflows/docker-publish-latest.yml'
- 'Dockerfile'
pull_request:
branches: [ "main" ]
paths:
- '.github/workflows/docker-publish-latest.yml'
- 'Dockerfile'
workflow_dispatch:
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository_owner }}/latex # ${{ github.repository }}
# Default value of matrix
SCHEME_DEFAUTL: full
VARIANT_DEFAUTL: jammy
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
strategy:
matrix:
scheme: # https://tug.org/texlive/doc/texlive-en/texlive-en.html#x1-26025r8
- full # a [ ] full scheme (everything)
- medium # b [ ] medium scheme (small + more packages and languages)
- small # c [ ] small scheme (basic + xetex, metapost, a few languages)
- basic # d [ ] basic scheme (plain and latex)
- minimal # e [ ] minimal scheme (plain only)
- infraonly # f [ ] infrastructure-only scheme (no TeX at all)
# - # g [ ] book publishing scheme (core LaTeX and add-ons)
# - # h [ ] ConTeXt scheme
# - # i [ ] GUST TeX Live scheme
# - # j [ ] teTeX scheme (more than medium, but nowhere near full)
# - # k [ ] custom selection of collections
variant:
# - focal # 20.04 LTS
- jammy # 22.04 LTS
- noble # 24.04 LTS
name: Build TeXLive [${{ matrix.scheme }}-${{ matrix.variant }}]
steps:
- name: Checkout repository
uses: actions/checkout@v4
# # Install the cosign tool except on PR
# # https://github.com/sigstore/cosign-installer
# - name: Install cosign
# if: github.event_name != 'pull_request'
# uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
# with:
# cosign-release: 'v2.1.1'
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Obtain TeXLive year version
- name: Obtain TeXLive year version
id: year
run: |
wget --no-check-certificate https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
zcat < install-tl-unx.tar.gz | tar -xf -
echo "TEXLIVE_YEAR=$(ls -d install-tl-2* | cut -c 12-15)" >> $GITHUB_ENV
echo "TEXLIVE_YEAR=$(ls -d install-tl-2* | cut -c 12-15)"
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=LaTeX
tags: |
type=schedule,pattern={{date 'YYYYMM'}},enable=${{ matrix.variant==env.VARIANT_DEFAUTL && matrix.scheme==env.SCHEME_DEFAUTL }}
type=ref,event=branch,enable=${{ matrix.variant==env.VARIANT_DEFAUTL && matrix.scheme==env.SCHEME_DEFAUTL }}
type=ref,event=tag,enable=${{ matrix.variant==env.VARIANT_DEFAUTL && matrix.scheme==env.SCHEME_DEFAUTL }}
type=ref,event=pr
type=raw,enable=true,value=${{ matrix.scheme }}-${{ matrix.variant }}
type=raw,enable=true,value=latest-${{ matrix.scheme }}-${{ matrix.variant }}
type=raw,enable=true,value=${{ env.TEXLIVE_YEAR }}-${{ matrix.scheme }}-${{ matrix.variant }}
type=raw,enable=${{ matrix.variant==env.VARIANT_DEFAUTL }},value=${{ matrix.scheme }}
type=raw,enable=${{ matrix.variant==env.VARIANT_DEFAUTL }},value=latest-${{ matrix.scheme }}
type=raw,enable=${{ matrix.variant==env.VARIANT_DEFAUTL }},value=${{ env.TEXLIVE_YEAR }}-${{ matrix.scheme }}
type=raw,enable=${{ matrix.scheme==env.SCHEME_DEFAUTL }},value=${{ matrix.variant }}
type=raw,enable=${{ matrix.scheme==env.SCHEME_DEFAUTL }},value=latest-${{ matrix.variant }}
type=raw,enable=${{ matrix.scheme==env.SCHEME_DEFAUTL }},value=${{ env.TEXLIVE_YEAR }}-${{ matrix.variant }}
type=raw,enable=${{ matrix.variant==env.VARIANT_DEFAUTL && matrix.scheme==env.SCHEME_DEFAUTL }},value=latest
type=raw,enable=${{ matrix.variant==env.VARIANT_DEFAUTL && matrix.scheme==env.SCHEME_DEFAUTL }},value=${{ env.TEXLIVE_YEAR }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push-latest
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
if: ${{ !(matrix.scheme == 'full' && github.event_name == 'pull_request') }}
with:
context: .
file: Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
build-args: |
TEXLIVE_YEAR=latest
SCHEME=${{ matrix.scheme }}
VARIANT=${{ matrix.variant }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# # Sign the resulting Docker image digest except on PRs.
# # This will only write to the public Rekor transparency log when the Docker
# # repository is public to avoid leaking data. If you would like to publish
# # transparency data even for private images, pass --force to cosign below.
# # https://github.com/sigstore/cosign
# - name: Sign the published Docker image
# if: ${{ github.event_name == 'workflow_dispatch' }}
# env:
# # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
# TAGS: ${{ steps.meta.outputs.tags }}
# DIGEST: ${{ steps.build-and-push.outputs.digest }}
# # This step uses the identity token to provision an ephemeral certificate
# # against the sigstore community Fulcio instance.
# run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
workflow-keepalive:
name: Keepalive workflow
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- uses: actions/checkout@v4
- uses: gautamkrishnar/keepalive-workflow@v2