-
Notifications
You must be signed in to change notification settings - Fork 33
130 lines (118 loc) · 4.41 KB
/
build-docker-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
name: "Build Docker Images"
on:
# GHA does not support "shared_inputs" or some other form of workflow_call and workflow_dispatch
# input consolidation; instead, we must duplicate the input definitions for each event
# FUTURE: Consolidate the input definitions whenever possible
workflow_call:
inputs:
branch:
description: "The branch from which images will be built from"
type: string
required: false
default: master
versionTag:
description: "Version to be used as tag for built images"
type: string
required: true
default: X.Y.Z
awsRegion:
description: "AWS Region to push images to"
type: string
required: true
default: us-east-1
workflow_dispatch:
inputs:
branch:
description: "The branch from which images will be built from"
required: false
default: master
versionTag:
description: "Version to be used as tag for built images"
required: true
default: X.Y.Z
awsRegion:
description: "AWS Region to push images to"
required: true
default: us-east-1
permissions:
id-token: write # This is required for requesting the AWS IAM OIDC JWT
contents: read # This is required for actions/checkout
env:
AWS_REGION: ${{ inputs.awsRegion }}
defaults:
run:
shell: bash
jobs:
build-images:
strategy:
matrix:
image:
[
{
name: "bfd-mgmt-eft-sftp-outbound-transfer-lambda",
dockerfile: "ops/jenkins/bfd-build-eft-sftp-outbound-transfer-lambda/Dockerfile",
contextDir: "ops/terraform/services/eft/lambda_src/sftp_outbound_transfer",
},
]
runs-on: ubuntu-latest
steps:
- name: Validate Inputs
run: |
echo "Validating inputs to ensure they conform to expected formats..."
echo "${{ inputs.versionTag }}" | grep -P '^\d+\.\d+\.\d+$|^\d+\.\d+\.\d+-[a-zA-Z0-9-]+$'
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.branch }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GHA_AWS_IAM_ROLE_ARN }}
role-session-name: build-images
aws-region: ${{ env.AWS_REGION }}
- name: Login to ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Get ECR Registry Namespace
run: |
ECR_REPOSITORY_NAMESPACE="$(aws ecr describe-registry --region "$AWS_REGION" | jq -r '.registryId').dkr.ecr.${AWS_REGION}.amazonaws.com"
echo "::add-mask::$ECR_REPOSITORY_NAMESPACE"
echo ECR_REPOSITORY_NAMESPACE=$ECR_REPOSITORY_NAMESPACE >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Setup tags
id: setup_tags
run: |
# Naively, if version tag does not contain a "-" we assume the version is not a release
# and the "latest" tag should not be pushed.
image_tags=""
if [[ "${{ inputs.versionTag }}" == *"-"* ]]; then
image_tags="$IMAGE_VERSIONED_TAG"
else
image_tags="$IMAGE_VERSIONED_TAG,$IMAGE_LATEST_TAG"
fi
echo image_tags=$image_tags >> $GITHUB_OUTPUT
env:
IMAGE_VERSIONED_TAG: ${{ env.ECR_REPOSITORY_NAMESPACE }}/${{ matrix.image.name }}:${{ inputs.versionTag }}
IMAGE_LATEST_TAG: ${{ env.ECR_REPOSITORY_NAMESPACE }}/${{ matrix.image.name }}:latest
- name: Build and Push
uses: docker/build-push-action@v5
with:
file: ${{ matrix.image.dockerfile }}
context: ${{ matrix.image.contextDir }}
push: true
tags: ${{ steps.setup_tags.outputs.image_tags }}
# AWS Lambda does not support multi-platform images, something that is enabled by default
# by this Action via the "provenance" flag. Until AWS Lambda supports this feature
# properly, we must explicitly disable provenance and specify the amd64 platform.
# See https://github.com/docker/buildx/issues/1533
provenance: false
platforms: "linux/amd64"
env:
DOCKER_BUILDKIT: 1