-
Notifications
You must be signed in to change notification settings - Fork 2
feat: move build-push-ecr to Docker actions #41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,27 +6,39 @@ inputs: | |
| required: true | ||
| aws-region: | ||
| description: AWS region to use | ||
| required: true | ||
| required: false | ||
| default: us-east-1 | ||
| docker-repo: | ||
| description: ECR Docker repo to push to | ||
| required: true | ||
| dockerfile-path: | ||
| description: Path to the repo's Dockerfile | ||
| description: Path to the build context, i.e. the folder containing the Dockerfile | ||
| required: false | ||
| default: '.' | ||
| default: "." | ||
| docker-additional-args: | ||
| description: Additional arguments to pass to call to docker | ||
| description: | | ||
| Deprecated. Build arguments in command-line form (`--build-arg FOO=bar`), separated by spaces. | ||
| Replace with docker-build-args when possible. | ||
| required: false | ||
| default: '' | ||
| default: "" | ||
| docker-additional-tags: | ||
| description: Additional tags for the image, separated by spaces | ||
| description: | | ||
| Additional tags for the image, separated by spaces. | ||
|
|
||
| Can also be formatted for docker/metadata-action (e.g. type=ref,event=tag) and | ||
| separated by newlines. | ||
| The primary tag is `type=sha,priority=1000,prefix=git`. | ||
| To override the docker-tag output, pass in something with priority above 1000. | ||
| required: false | ||
| default: "" | ||
| docker-build-args: | ||
| description: Build args for the Docker container (`FOO=bar`), separated by newlines. | ||
| required: false | ||
| default: '' | ||
| default: "" | ||
| outputs: | ||
| docker-tag: | ||
| description: Docker Tag | ||
| value: ${{ steps.docker.outputs.tag }} | ||
| value: ${{ inputs.docker-repo }}:${{ steps.meta.outputs.version }} | ||
| runs: | ||
| using: composite | ||
| steps: | ||
|
|
@@ -35,25 +47,71 @@ runs: | |
| with: | ||
| role-to-assume: ${{ inputs.role-to-assume }} | ||
| aws-region: ${{ inputs.aws-region }} | ||
| - run: echo "tag=${{ inputs.docker-repo }}:git-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | ||
| id: docker | ||
| shell: bash | ||
| - run: > | ||
| docker build | ||
| ${{ inputs.docker-additional-args }} | ||
| --pull -t ${{ steps.docker.outputs.tag }} ${{ inputs.dockerfile-path }} | ||
| shell: bash | ||
| - run: > | ||
| aws ecr get-login-password --region ${{ inputs.aws-region }} | ||
| | docker login --username AWS --password-stdin ${{ inputs.docker-repo }} | ||
| - name: Calculate tags | ||
| id: additional-tags | ||
| shell: bash | ||
| - run: docker push ${{ steps.docker.outputs.tag }} | ||
| run: | | ||
| { | ||
| echo 'tags<<EOF' | ||
| if ${{ contains(inputs.docker-additional-tags, '=') }}; then | ||
| # already in the right format for docker/metadata-action | ||
| echo "${{ inputs.docker-additional-tags }}" | ||
| else | ||
| # pass tags in as raw | ||
| docker_additional_tags=(${{ inputs.docker-additional-tags }}) | ||
| for tag in ${docker_additional_tags[@]}; do | ||
| echo "type=raw,priority=900,value=${tag}" | ||
| done | ||
| fi | ||
| echo 'EOF' | ||
| } | tee -a "$GITHUB_OUTPUT" | ||
| if: ${{ inputs.docker-additional-tags != '' }} | ||
| - name: Calculate build args | ||
| id: build-args | ||
| shell: bash | ||
| - run: > | ||
| docker_additional_tags=(${{ inputs.docker-additional-tags }}); | ||
| for tag in ${docker_additional_tags[@]}; do | ||
| docker tag ${{ steps.docker.outputs.tag }} ${{ inputs.docker-repo }}:$tag | ||
| docker push ${{ inputs.docker-repo }}:$tag | ||
| done | ||
| run: | | ||
| { | ||
| echo 'build-args<<EOF' | ||
| if ${{ inputs.docker-additional-args != '' }}; then | ||
| docker_additional_args=(${{ inputs.docker-additional-args }}) | ||
| EXPECTED_FLAG="the --build-arg flag" | ||
| EXPECTED_ARG="an argument like FOO=bar" | ||
| arg_expected="$EXPECTED_FLAG" | ||
| for arg in ${docker_additional_args[@]}; do | ||
| if [[ "$arg_expected" = "$EXPECTED_FLAG" && "$arg" = "--build-arg" ]]; then | ||
| arg_expected="$EXPECTED_ARG" | ||
| elif [[ "$arg_expected" = "$EXPECTED_ARG" && "$arg" =~ "=" ]]; then | ||
| echo "$arg" | ||
| arg_expected="$EXPECTED_FLAG" | ||
| else | ||
| echo "Expected $arg_expected, got '$arg'" >&2 | ||
| exit 1 | ||
| fi | ||
| done | ||
| fi | ||
| echo "${{ inputs.docker-build-args }}" | ||
| echo 'EOF' | ||
| } | tee -a "$GITHUB_OUTPUT" | ||
| if: ${{ inputs.docker-additional-args != '' || inputs.docker-build-args != '' }} | ||
| - uses: docker/metadata-action@v5 | ||
| id: meta | ||
| with: | ||
| images: ${{ inputs.docker-repo }} | ||
| tags: | | ||
| type=sha,priority=1000,prefix=git- | ||
| ${{ steps.additional-tags.outputs.tags }} | ||
| - uses: docker/setup-buildx-action@v3 | ||
| - uses: docker/build-push-action@v5 | ||
| with: | ||
| pull: true | ||
| load: true | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. suggestion: you could add
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That should work, yeah. |
||
| context: ${{ inputs.dockerfile-path }} | ||
| build-args: ${{ steps.build-args.outputs.build-args }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| - uses: aws-actions/amazon-ecr-login@v2 | ||
| - name: docker push | ||
| run: docker push --all-tags ${{ inputs.docker-repo }} | ||
| shell: bash | ||
| if: ${{ inputs.docker-additional-tags != '' }} | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: does this generate the SHA tag in the same way the old script did?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As it stands, it fetches the git SHA from the GitHub Actions context, which should still be the same thing since we aren't doing anything wacky like checking out a different commit than the workflow is actually running on. If we want to handle weird edge cases like that just in case, we can pass context: git, but I don't think there's any point in that.