run-gemma-4/docker/publish-ghcr.sh at main · wilsonwu/run-gemma-4 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env bash
set -euo pipefail

log() {
  echo "[publish-ghcr] $*"
}

die() {
  log "$*"
  exit 1
}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"

extract_repo_path() {
  local remote_url="$1"

  case "$remote_url" in
    git@github.com:*.git)
      echo "${remote_url#git@github.com:}" | sed 's/\.git$//'
      ;;
    https://github.com/*.git)
      echo "${remote_url#https://github.com/}" | sed 's/\.git$//'
      ;;
    https://github.com/*)
      echo "${remote_url#https://github.com/}"
      ;;
    *)
      return 1
      ;;
  esac
}

if ! command -v docker >/dev/null 2>&1; then
  die "docker is required"
fi

if ! docker buildx version >/dev/null 2>&1; then
  die "docker buildx is required"
fi

REMOTE_URL="$(git -C "${REPO_ROOT}" remote get-url origin 2>/dev/null || true)"
if [[ -z "${REMOTE_URL}" ]]; then
  die "git remote 'origin' is not configured"
fi

REPO_PATH="$(extract_repo_path "${REMOTE_URL}")" || die "unsupported GitHub remote: ${REMOTE_URL}"
IMAGE_REPO="${IMAGE_REPO:-ghcr.io/${REPO_PATH}}"
IMAGE_TAG="${IMAGE_TAG:-$(git -C "${REPO_ROOT}" rev-parse --short HEAD)}"
IMAGE_VERSION="${IMAGE_VERSION:-${IMAGE_TAG}}"
PLATFORMS="${PLATFORMS:-linux/amd64,linux/arm64}"
PUSH="${PUSH:-1}"
PUBLISH_LATEST="${PUBLISH_LATEST:-0}"
BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
VCS_REF="$(git -C "${REPO_ROOT}" rev-parse HEAD)"
GHCR_USERNAME="${GHCR_USERNAME:-${REPO_PATH%%/*}}"
BUILDER_NAME="${BUILDX_BUILDER:-}"

if [[ -n "${GHCR_TOKEN:-}" ]]; then
  log "logging in to ghcr.io as ${GHCR_USERNAME}"
  printf '%s' "${GHCR_TOKEN}" | docker login ghcr.io -u "${GHCR_USERNAME}" --password-stdin
else
  log "GHCR_TOKEN is not set, assuming docker is already logged in to ghcr.io"
fi

BUILD_ARGS=(
  --platform "${PLATFORMS}"
  --build-arg "REPO_URL=https://github.com/${REPO_PATH}"
  --build-arg "VCS_REF=${VCS_REF}"
  --build-arg "BUILD_DATE=${BUILD_DATE}"
  --build-arg "IMAGE_VERSION=${IMAGE_VERSION}"
  -t "${IMAGE_REPO}:${IMAGE_TAG}"
)

if [[ -n "${HTTP_PROXY:-}" ]]; then
  BUILD_ARGS+=( --build-arg "HTTP_PROXY=${HTTP_PROXY}" --build-arg "http_proxy=${HTTP_PROXY}" )
fi

if [[ -n "${HTTPS_PROXY:-}" ]]; then
  BUILD_ARGS+=( --build-arg "HTTPS_PROXY=${HTTPS_PROXY}" --build-arg "https_proxy=${HTTPS_PROXY}" )
fi

if [[ -n "${NO_PROXY:-}" ]]; then
  BUILD_ARGS+=( --build-arg "NO_PROXY=${NO_PROXY}" --build-arg "no_proxy=${NO_PROXY}" )
fi

if [[ -n "${BUILDER_NAME}" ]]; then
  BUILD_ARGS=( --builder "${BUILDER_NAME}" "${BUILD_ARGS[@]}" )
fi

if [[ "${PUBLISH_LATEST}" == "1" ]]; then
  BUILD_ARGS+=( -t "${IMAGE_REPO}:latest" )
fi

log "building ${IMAGE_REPO}:${IMAGE_TAG} for ${PLATFORMS}"

if [[ "${PUSH}" == "1" ]]; then
  docker buildx build "${BUILD_ARGS[@]}" --push "${REPO_ROOT}"
  log "published ${IMAGE_REPO}:${IMAGE_TAG}"
  if [[ "${PUBLISH_LATEST}" == "1" ]]; then
    log "published ${IMAGE_REPO}:latest"
  fi
else
  if [[ "${PLATFORMS}" == *","* ]]; then
    die "PUSH=0 only supports a single platform because docker buildx --load cannot load multi-platform images"
  fi

  docker buildx build "${BUILD_ARGS[@]}" --load "${REPO_ROOT}"
  log "loaded ${IMAGE_REPO}:${IMAGE_TAG} into the local docker daemon"
fi