.github/workflows/build.yml

name: build

on:
  push:
    branches:
      - main
  release:
    types:
      - published
      - edited

jobs:
  docker_build:
    runs-on: self-hosted
    outputs:
      tag: ${{ steps.build_tag.outputs.tag }}
    steps:
      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: hippocampusgirl
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Set up build tag
        id: build_tag
        shell: bash
        env:
          github_ref: ${{ github.ref }}
          github_repository: ${{ github.repository }}
        run: |
          version=$(echo "${github_ref}" | cut -d '/' -f 3)
          if [[ "$version" == "main" ]]; then
            version=latest
          fi
          owner=$( \
            echo "${github_repository}" | \
            cut -d'/' -f1 | \
            tr '[:upper:]' '[:lower:]' \
          )
          name=$( \
            echo "${github_repository}" | \
            cut -d'/' -f2 | \
            sed -r 's/([A-Za-z0-9])([A-Z])([a-z0-9])/\1-\L\2\3/g' | \
            tr '[:upper:]' '[:lower:]' \
          )
          echo "repo=${name}" >> ${GITHUB_OUTPUT}
          echo "tag=${name}:${version}" >> ${GITHUB_OUTPUT}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Checkout
        uses: actions/checkout@v4

      - name: Build and push to container registry
        uses: docker/build-push-action@v5
        with:
          context: "."
          file: "./Dockerfile"
          platforms: linux/amd64
          cache-from: type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache
          cache-to: type=registry,ref=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.repo }}:buildcache,compression=zstd,mode=max
          outputs: type=image,name=${{ secrets.REGISTRY }}/${{ steps.build_tag.outputs.tag }},push=true,compression=gzip,compression-level=9,force-compression=true
          labels: |
            org.opencontainers.image.title=${{ github.event.repository.name }}
            org.opencontainers.image.url=${{ github.event.repository.html_url }}
            org.opencontainers.image.source=${{ github.event.repository.html_url }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.created=${{ github.event.repository.updated_at}}

  singularity_build:
    runs-on: self-hosted
    needs:
      - docker_build
    defaults:
      run:
        shell: bash --login -x -e {0}
    steps:
      - uses: conda-incubator/setup-miniconda@v2
        with:
          miniforge-variant: Mambaforge
          miniforge-version: latest
          auto-activate-base: true
          activate-environment: ""
          use-mamba: true

      - name: Set up Singularity
        run: |
          mamba install --yes singularity

      - name: Singularity build
        id: singularity_build
        env:
          docker_build_tag: ${{ needs.docker_build.outputs.tag }}
        run: |
          # Configure Singularity to not use the host's /tmp folder 
          # because it is too small
          export SINGULARITY_TMPDIR="${PWD}"
          # Build Singularity image from Docker image
          singularity_build_name=$(echo -n ${docker_build_tag} | tr -c '[:alnum:]' '-')
          singularity build --disable-cache \
            ${singularity_build_name}.sif \
            docker://${{ secrets.REGISTRY }}/${docker_build_tag}
          echo "name=${singularity_build_name}" >> ${GITHUB_OUTPUT}

      - name: Upload to DigitalOcean
        env:
          digitalocean_access_key: ${{ secrets.DIGITALOCEAN_ACCESS_KEY }}
          digitalocean_secret_key: ${{ secrets.DIGITALOCEAN_SECRET_KEY }}
          digitalocean_region: ${{ secrets.DIGITALOCEAN_REGION }}
          digitalocean_space_name: ${{ secrets.DIGITALOCEAN_SPACE_NAME }}
          singularity_build_name: ${{ steps.singularity_build.outputs.name }}
        run: |
          pip install s3cmd
          s3cmd --stop-on-error \
            --ssl --no-encrypt \
            --access_key="${digitalocean_access_key}" \
            --secret_key="${digitalocean_secret_key}" \
            --host="${digitalocean_region}.digitaloceanspaces.com" \
            --host-bucket="%(bucket)s.${digitalocean_region}.digitaloceanspaces.com" \
            --dump-config \
            > ${HOME}/.s3cfg
          s3cmd put ${singularity_build_name}.sif s3://${digitalocean_space_name}/singularity/
          s3cmd setacl s3://${digitalocean_space_name}/singularity/${singularity_build_name}.sif --acl-public