.github/workflows/build-metrics-container.yml - llvm-project - Git at Google

 name: Build Metrics Container

 permissions:
   contents: read

 on:
   push:
     branches:
       - main
     paths:
       - .github/workflows/build-metrics-container.yml
       - '.ci/metrics/**'
   pull_request:
     branches:
       - main
     paths:
       - .github/workflows/build-metrics-container.yml
       - '.ci/metrics/**'

 jobs:
   build-metrics-container:
     if: github.repository_owner == 'llvm'
     runs-on: ubuntu-24.04
     outputs:
       container-name: ${{ steps.vars.outputs.container-name }}
       container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
       container-filename: ${{ steps.vars.outputs.container-filename }}
     steps:
       - name: Checkout LLVM
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           sparse-checkout: .ci/metrics/
       - name: Write Variables
         id: vars
         run: |
           tag=`date +%s`
           container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/metrics"
           echo "container-name=$container_name" >> $GITHUB_OUTPUT
           echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
           echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
       - name: Build Container
         working-directory: ./.ci/metrics
         run: |
           podman build -t ${{ steps.vars.outputs.container-name-tag }} -f Dockerfile .
       # Save the container so we have it in case the push fails.  This also
       # allows us to separate the push step into a different job so we can
       # maintain minimal permissions while building the container.
       - name: Save Container Image
         run: |
           podman save  ${{ steps.vars.outputs.container-name-tag }} >  ${{ steps.vars.outputs.container-filename }}
       - name: Upload Container Image
         uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: container
           path: ${{ steps.vars.outputs.container-filename }}
           retention-days: 14

   push-metrics-container:
     if: github.event_name == 'push'
     needs:
       - build-metrics-container
     permissions:
       packages: write
     runs-on: ubuntu-24.04
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Download Container
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: container
       - name: Push Container
         run: |
           podman load -i ${{ needs.build-metrics-container.outputs.container-filename }}
           podman tag ${{ needs.build-metrics-container.outputs.container-name-tag }} ${{ needs.build-metrics-container.outputs.container-name }}:latest
           podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
           podman push ${{ needs.build-metrics-container.outputs.container-name-tag }}
           podman push ${{ needs.build-metrics-container.outputs.container-name }}:latest
	name: Build Metrics Container

	permissions:
	contents: read

	on:
	push:
	branches:
	- main
	paths:
	- .github/workflows/build-metrics-container.yml
	- '.ci/metrics/**'
	pull_request:
	branches:
	- main
	paths:
	- .github/workflows/build-metrics-container.yml
	- '.ci/metrics/**'

	jobs:
	build-metrics-container:
	if: github.repository_owner == 'llvm'
	runs-on: ubuntu-24.04
	outputs:
	container-name: ${{ steps.vars.outputs.container-name }}
	container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
	container-filename: ${{ steps.vars.outputs.container-filename }}
	steps:
	- name: Checkout LLVM
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	sparse-checkout: .ci/metrics/
	- name: Write Variables
	id: vars
	run: \|
	tag=`date +%s`
	container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/metrics"
	echo "container-name=$container_name" >> $GITHUB_OUTPUT
	echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
	echo "container-filename=$(echo $container_name:$tag \| sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
	- name: Build Container
	working-directory: ./.ci/metrics
	run: \|
	podman build -t ${{ steps.vars.outputs.container-name-tag }} -f Dockerfile .
	# Save the container so we have it in case the push fails. This also
	# allows us to separate the push step into a different job so we can
	# maintain minimal permissions while building the container.
	- name: Save Container Image
	run: \|
	podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }}
	- name: Upload Container Image
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: container
	path: ${{ steps.vars.outputs.container-filename }}
	retention-days: 14

	push-metrics-container:
	if: github.event_name == 'push'
	needs:
	- build-metrics-container
	permissions:
	packages: write
	runs-on: ubuntu-24.04
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- name: Download Container
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	name: container
	- name: Push Container
	run: \|
	podman load -i ${{ needs.build-metrics-container.outputs.container-filename }}
	podman tag ${{ needs.build-metrics-container.outputs.container-name-tag }} ${{ needs.build-metrics-container.outputs.container-name }}:latest
	podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
	podman push ${{ needs.build-metrics-container.outputs.container-name-tag }}
	podman push ${{ needs.build-metrics-container.outputs.container-name }}:latest