Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 85 additions & 27 deletions build-push-ecr/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,39 @@ inputs:
required: true
aws-region:
description: AWS region to use
required: true
required: false
default: us-east-1
docker-repo:
description: ECR Docker repo to push to
required: true
dockerfile-path:
description: Path to the repo's Dockerfile
description: Path to the build context, i.e. the folder containing the Dockerfile
required: false
default: '.'
default: "."
docker-additional-args:
description: Additional arguments to pass to call to docker
description: |
Deprecated. Build arguments in command-line form (`--build-arg FOO=bar`), separated by spaces.
Replace with docker-build-args when possible.
required: false
default: ''
default: ""
docker-additional-tags:
description: Additional tags for the image, separated by spaces
description: |
Additional tags for the image, separated by spaces.

Can also be formatted for docker/metadata-action (e.g. type=ref,event=tag) and
separated by newlines.
The primary tag is `type=sha,priority=1000,prefix=git`.
To override the docker-tag output, pass in something with priority above 1000.
required: false
default: ""
docker-build-args:
description: Build args for the Docker container (`FOO=bar`), separated by newlines.
required: false
default: ''
default: ""
outputs:
docker-tag:
description: Docker Tag
value: ${{ steps.docker.outputs.tag }}
value: ${{ inputs.docker-repo }}:${{ steps.meta.outputs.version }}
runs:
using: composite
steps:
Expand All @@ -35,25 +47,71 @@ runs:
with:
role-to-assume: ${{ inputs.role-to-assume }}
aws-region: ${{ inputs.aws-region }}
- run: echo "tag=${{ inputs.docker-repo }}:git-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
id: docker
shell: bash
- run: >
docker build
${{ inputs.docker-additional-args }}
--pull -t ${{ steps.docker.outputs.tag }} ${{ inputs.dockerfile-path }}
shell: bash
- run: >
aws ecr get-login-password --region ${{ inputs.aws-region }}
| docker login --username AWS --password-stdin ${{ inputs.docker-repo }}
- name: Calculate tags
id: additional-tags
shell: bash
- run: docker push ${{ steps.docker.outputs.tag }}
run: |
{
echo 'tags<<EOF'
if ${{ contains(inputs.docker-additional-tags, '=') }}; then
# already in the right format for docker/metadata-action
echo "${{ inputs.docker-additional-tags }}"
else
# pass tags in as raw
docker_additional_tags=(${{ inputs.docker-additional-tags }})
for tag in ${docker_additional_tags[@]}; do
echo "type=raw,priority=900,value=${tag}"
done
fi
echo 'EOF'
} | tee -a "$GITHUB_OUTPUT"
if: ${{ inputs.docker-additional-tags != '' }}
- name: Calculate build args
id: build-args
shell: bash
- run: >
docker_additional_tags=(${{ inputs.docker-additional-tags }});
for tag in ${docker_additional_tags[@]}; do
docker tag ${{ steps.docker.outputs.tag }} ${{ inputs.docker-repo }}:$tag
docker push ${{ inputs.docker-repo }}:$tag
done
run: |
{
echo 'build-args<<EOF'
if ${{ inputs.docker-additional-args != '' }}; then
docker_additional_args=(${{ inputs.docker-additional-args }})
EXPECTED_FLAG="the --build-arg flag"
EXPECTED_ARG="an argument like FOO=bar"
arg_expected="$EXPECTED_FLAG"
for arg in ${docker_additional_args[@]}; do
if [[ "$arg_expected" = "$EXPECTED_FLAG" && "$arg" = "--build-arg" ]]; then
arg_expected="$EXPECTED_ARG"
elif [[ "$arg_expected" = "$EXPECTED_ARG" && "$arg" =~ "=" ]]; then
echo "$arg"
arg_expected="$EXPECTED_FLAG"
else
echo "Expected $arg_expected, got '$arg'" >&2
exit 1
fi
done
fi
echo "${{ inputs.docker-build-args }}"
echo 'EOF'
} | tee -a "$GITHUB_OUTPUT"
if: ${{ inputs.docker-additional-args != '' || inputs.docker-build-args != '' }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ inputs.docker-repo }}
tags: |
type=sha,priority=1000,prefix=git-

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: does this generate the SHA tag in the same way the old script did?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As it stands, it fetches the git SHA from the GitHub Actions context, which should still be the same thing since we aren't doing anything wacky like checking out a different commit than the workflow is actually running on. If we want to handle weird edge cases like that just in case, we can pass context: git, but I don't think there's any point in that.

${{ steps.additional-tags.outputs.tags }}
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
with:
pull: true
load: true

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: you could add pull: true to ensure that even with the cache, Docker tries to pull down updated images. I think with that, we could enable caching by default.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should work, yeah.

context: ${{ inputs.dockerfile-path }}
build-args: ${{ steps.build-args.outputs.build-args }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- uses: aws-actions/amazon-ecr-login@v2
- name: docker push
run: docker push --all-tags ${{ inputs.docker-repo }}
shell: bash
if: ${{ inputs.docker-additional-tags != '' }}