evaluation-function-workflows/.github/workflows/lambda_build.yml at 203d2551314234d5acac70992c17befb36142104 · lambda-feedback/evaluation-function-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Build and Push Evaluation Function Image

on:
  workflow_call:
    inputs:
      environment:
        type: string
        description: "The environment to deploy to"
        required: true
      region:
        type: string
        description: "The AWS region to deploy to"
        default: "eu-west-2"
        required: false
      function-name:
        type: string
        description: "The name of the Lambda function to deploy"
        required: true
      build-file:
        type: string
        description: "The path to the Dockerfile to build"
        required: false
        default: "Dockerfile"
      build-context:
        type: string
        description: "The context to use for the Docker build"
        required: false
        default: "."
      build-target:
        type: string
        description: "The target stage of the image to build"
        required: false
      build-args:
        type: string
        description: "The build arguments to pass to the Docker build"
        required: false
      build-push:
        type: boolean
        description: "Whether to push the image to the registry"
        required: false
        default: true
      build-platforms:
        type: string
        description: "The platforms to build the image for"
        required: false
    secrets:
      aws-key-id:
        description: "The AWS access key ID"
        required: true
      aws-secret-key:
        description: "The AWS secret access key"
        required: true
      build-secrets:
        description: "The Docker secrets to use for the build"
        required: false
      LICENSE:
        description: "The licence file to bundle into the ECR image"
        required: false
    outputs:
      registry:
        description: "The registry where the image was pushed"
        value: ${{ jobs.build.outputs.registry }}


jobs:
  build:
    name: Build (${{ inputs.environment }})
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    outputs:
      registry: ${{ steps.login-ecr.outputs.registry }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.aws-key-id }}
          aws-secret-access-key: ${{ secrets.aws-secret-key }}
          aws-region: ${{ inputs.region }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Login to Github Packages
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          flavor: |
            latest=false
          tags: |
            type=raw,value=${{ inputs.function-name }}
          images: |
            ${{ steps.login-ecr.outputs.registry }}/lambda-feedback-${{ inputs.environment }}-functions-repository

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Write license file if secret exists
        run: |
            if [ -n "${{ secrets.LICENSE }}" ]; then
              echo "${{ secrets.LICENSE }}" > dist/LICENSE.txt
              echo "License file created at dist/LICENSE.txt"
              echo "target=with-licence" >> $GITHUB_OUTPUT
            else
              echo "LICENSE_TEXT secret not provided. Skipping license file creation."
            fi


      - name: Build and push with licence
        if: ${{ secrets.LICENSE != '' }}
        uses: docker/build-push-action@v6
        with:
          file: ${{ inputs.build-file || 'Dockerfile' }}
          context: ${{ inputs.build-context || '.'}}
          target: ${{ steps.license.outputs.target }}
          push: ${{ inputs.build-push }}
          provenance: false
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max,ignore-error=true
          platforms: ${{ inputs.build-platforms }}
          build-args: ${{ inputs.build-args }}
          secrets: ${{ secrets.build-secrets }}

      - name: Build and push without licence
        if: ${{ secrets.LICENSE != '' }}
        uses: docker/build-push-action@v6
        with:
          file: ${{ inputs.build-file || 'Dockerfile' }}
          context: ${{ inputs.build-context || '.'}}
          target: ${{ inputs.build-target }}
          push: ${{ inputs.build-push }}
          provenance: false
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max,ignore-error=true
          platforms: ${{ inputs.build-platforms }}
          build-args: ${{ inputs.build-args }}
          secrets: ${{ secrets.build-secrets }}