-
Notifications
You must be signed in to change notification settings - Fork 0
123 lines (106 loc) · 4.24 KB
/
ecr_image_push.yaml
File metadata and controls
123 lines (106 loc) · 4.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: ECR Image Push
# This Action builds a Docker image and pushes it to an ECR repo.
on:
workflow_call:
inputs:
tags:
description: |
A space-separated list of tags to apply to the Docker image. Aside
from the tags explicitly provided, this workflow will also attempt to
add the tags listed below, each of which can be disabled by a setting
its corresponding input to "false".
- version tag (e.g. "v1.2.3")
- git ref tag (e.g. "main", "next", "v1.2.3", etc.)
type: string
required: false
default: "latest"
should-add-version-tag:
description: |
Whether or not to add a version tag to the Docker image. If a version
tag is not provided in the "tags" input, this workflow will attempt to
read the "version" value from the package.json file in the root of the
repo unless this input is set to "false".
type: boolean
required: false
default: true
should-add-git-ref-tag:
description: |
Whether or not to add the git ref as a tag to the Docker image. The
ref-tag value will be the variable component of the GITHUB_REF env
var, the value of which depends on the type of event which caused the
Action to run.
EVENT REF IMAGE_TAG
branch push refs/heads/<branch_name> <branch_name>
pr refs/pull/<pr_number>/merge <pr_number>
release refs/tags/<release_tag> <release_tag>
type: boolean
required: false
default: true
dockerfile-path:
description: |
The path to the Dockerfile to use for the build. If this value is not
provided, the Dockerfile in the root of the repo will be used.
type: string
required: false
default: "./Dockerfile"
secrets:
OIDC_GITHUB_ROLE_ARN:
description: "The ARN of the AWS IAM Role for the GitHub OpenID Connect provider"
required: true
AWS_ECR_PRIVATE_REPO:
description: "The name of the target AWS ECR repo"
required: true
AWS_ECR_REGION:
description: "The AWS region in which the target ECR repo is located"
required: true
defaults:
run:
shell: bash
jobs:
push_to_ecr:
name: Push to ECR
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.OIDC_GITHUB_ROLE_ARN }}
aws-region: ${{ secrets.AWS_ECR_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, Tag, and Push Image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.AWS_ECR_PRIVATE_REPO }}
run: |
IMAGE_TAGS=(${{ inputs.tags }})
# CHECK IF GIT-REF TAG SHOULD BE ADDED
if [ "${{ inputs.should-add-git-ref-tag }}" != "false" ]; then
REF="${GITHUB_REF#refs/*/}" && REF_TAG="${REF%/merge}"
IMAGE_TAGS+=("$REF_TAG")
fi
# CHECK IF VERSION-TAG IS PRESENT / SHOULD BE ADDED
if [[ ! "${IMAGE_TAGS[@]}" =~ v?[0-9]+\.[0-9]+\.[0-9]+ &&
-f ./package.json &&
"${{ inputs.should-add-version-tag }}" != "false" ]]
then
VERSION="$( jq '.version' < ./package.json | tr -d '"' )"
[ -n "$VERSION" ] && IMAGE_TAGS+=("v$VERSION")
fi
# PREFIX TAGS WITH ECR REPO NAME
IMAGE_REPO="$ECR_REGISTRY/$ECR_REPOSITORY"
IMAGE_TAGS=("${IMAGE_TAGS[@]/#/$IMAGE_REPO:}")
docker build \
--file ${{ inputs.dockerfile-path }} \
${IMAGE_TAGS[@]/#/--tag } \
.
for tag in "${IMAGE_TAGS[@]}"; do docker push "$tag"; done