-
-
Notifications
You must be signed in to change notification settings - Fork 11
141 lines (129 loc) · 4.98 KB
/
docker-build-push-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Build and Push Docker image
on:
workflow_call:
inputs:
aws_ecr:
description: "Push to AWS ECR"
default: true
required: false
type: boolean
docker_hub:
description: "Push to Docker Hub"
default: true
required: false
type: boolean
provenance:
description: "Generate provenance attestation for the build"
default: true
required: false
type: boolean
image_name:
description: "The name of the image to deploy (default: repo name)"
required: false
type: string
platform:
description: "The image's platform (default: linux/amd64)"
default: "linux/amd64"
required: false
type: string
secrets:
AWS_ACCOUNT_ID:
description: "The AWS account ID used to determine the ECR registry"
required: true
AWS_REGION:
description: "The AWS region used to determine the ECR registry"
required: true
AWS_ECR_ACCESS_KEY_ID:
description: "The access key ID used to log into AWS ECR"
required: true
AWS_ECR_SECRET_ACCESS_KEY:
description: "The secret access key ID used to log into AWS ECR"
required: true
DOCKERHUB_USERNAME:
description: "The username used to log into Docker Hub"
required: true
DOCKERHUB_PASSWORD:
description: "The password used to log into Docker Hub"
required: true
DOCKER_BUILD_ARGS:
description: "Docker build arguments"
required: false
permissions:
contents: write
jobs:
build-and-push:
runs-on: ubuntu-22.04
env:
ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
# Never deploy from non-main branches
ref: main
- name: Check if Dockerfile is present
id: dockerfile-exists
run: |
dockerfile_exists=$(test -f Dockerfile && echo 'true' || echo 'false')
if [ "${dockerfile_exists}" == "false" ]; then
echo "::warning:: Skip deploy due to missing Dockerfile"
fi
echo "result=${dockerfile_exists}" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
if: steps.dockerfile-exists.outputs.result == 'true'
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
- name: Login to DockerHub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to ECR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}}
with:
registry: ${{ env.ECR_REGISTRY }}
username: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
- name: Build Docker image
if: ${{steps.dockerfile-exists.outputs.result == 'true' && (inputs.docker_hub || inputs.aws_ecr)}}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
with:
context: .
file: ./Dockerfile
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
provenance: false
platforms: ${{ inputs.platform }}
- name: Push to Docker Hub
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}}
with:
context: .
file: ./Dockerfile
push: true
tags: |
exercism/${{ inputs.image_name || github.event.repository.name }}:latest
exercism/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
provenance: false
platforms: ${{ inputs.platform }}
- name: Push to AWS ECR
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}}
with:
context: .
file: ./Dockerfile
push: true
tags: |
${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:production
${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
provenance: false
platforms: ${{ inputs.platform }}