xref: /llvm-project/.github/workflows/build-metrics-container.yml (revision 2de2e7aa6f82ac283bc17945ca9750c01016a331)

name: Build Metrics Container

permissions:
  contents: read

on:
  push:
    branches:
      - main
    paths:
      - .github/workflows/build-metrics-container.yml
      - '.ci/metrics/**'
  pull_request:
    branches:
      - main
    paths:
      - .github/workflows/build-metrics-container.yml
      - '.ci/metrics/**'

jobs:
  build-metrics-container:
    if: github.repository_owner == 'llvm'
    runs-on: ubuntu-latest
    outputs:
      container-name: ${{ steps.vars.outputs.container-name }}
      container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
      container-filename: ${{ steps.vars.outputs.container-filename }}
    steps:
      - name: Checkout LLVM
        uses: actions/checkout@v4
        with:
          sparse-checkout: .ci/metrics/
      - name: Write Variables
        id: vars
        run: |
          tag=`date +%s`
          container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/metrics"
          echo "container-name=$container_name" >> $GITHUB_OUTPUT
          echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
          echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
      - name: Build Container
        working-directory: ./.ci/metrics
        run: |
          podman build -t ${{ steps.vars.outputs.container-name-tag }} -f Dockerfile .
      # Save the container so we have it in case the push fails.  This also
      # allows us to separate the push step into a different job so we can
      # maintain minimal permissions while building the container.
      - name: Save Container Image
        run: |
          podman save  ${{ steps.vars.outputs.container-name-tag }} >  ${{ steps.vars.outputs.container-filename }}
      - name: Upload Container Image
        uses: actions/upload-artifact@v4
        with:
          name: container
          path: ${{ steps.vars.outputs.container-filename }}
          retention-days: 14

  push-metrics-container:
    if: github.event_name == 'push'
    needs:
      - build-metrics-container
    permissions:
      packages: write
    runs-on: ubuntu-24.04
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Download Container
        uses: actions/download-artifact@v4
        with:
          name: container
      - name: Push Container
        run: |
          podman load -i ${{ needs.build-metrics-container.outputs.container-filename }}
          podman tag ${{ needs.build-metrics-container.outputs.container-name-tag }} ${{ needs.build-metrics-container.outputs.container-name }}:latest
          podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
          podman push ${{ needs.build-metrics-container.outputs.container-name-tag }}
          podman push ${{ needs.build-metrics-container.outputs.container-name }}:latest