Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ecr #190

Merged
merged 4 commits into from
Oct 4, 2023
Merged

Ecr #190

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c024f84
Ecr
0ssigeno Oct 2, 2023
8bd85ee
Ecr
0ssigeno Oct 2, 2023
ab1162d
Fix
0ssigeno Oct 3, 2023
c6da2fc
Fix
0ssigeno Oct 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/actions/push_on_ecr/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Composite action push on ecr
description: Composite action push on ecr
inputs:
repository:
description: Repository name
required: true
aws_account_id:
description: Aws User code
required: true
aws_access_key:
description: Aws access key
required: true
aws_secret_access_key:
description: Aws secret access key
required: true
dockerfile:
description: Path for dockerfile
required: true
image_tag:
description: Directory that must be run against the linters
required: true

aws_region:
description: Aws region
required: true

runs:
using: "composite"
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ inputs.aws_region}}
aws-access-key-id: ${{ inputs.aws_access_key }}
aws-secret-access-key: ${{ inputs.secrets_aws_access_key }}
role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}}

- name: Login to Amazon ECR Private
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2


- name: Build, tag, and push docker image to Amazon ECR
env:
REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com
REPOSITORY: ${{ inputs.repository }}
IMAGE_TAG: ${{ inputs.image_tag }}
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}}
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
shell: bash
12 changes: 1 addition & 11 deletions .github/workflows/_python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,11 +95,7 @@ on:
type: string
required: false
default: ''
check_dockerfile:
description: Check dockerfile build. WARNING action total time may increase significantly
type: string
required: false
default: ''


use_postgres:
description: Use postgres service
Expand Down Expand Up @@ -419,12 +415,6 @@ jobs:
shell: bash
working-directory: ${{ inputs.check_docs_directory }}

- name: Build DockerFile
if: inputs.check_dockerfile
run: |
docker build -f ${{ inputs.check_dockerfile }} .
working-directory: ${{ inputs.working_directory }}

- name: Start services
uses: ./.github/actions/services
if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo
Expand Down
51 changes: 49 additions & 2 deletions .github/workflows/_release_and_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,53 @@ on:
required: false
default: #CyberSecurity

publish_on_ecr:
description: Publish on ecr
type: boolean
required: false
default: false
repository:
description: todo
type: string
required: false
dockerfile:
description: todo
type: string
required: false
aws_region:
description: todo
type: string
required: false
default: eu-central-1


jobs:
release_and_tag:
name: Create release and tag
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
if: github.event.pull_request.merged == true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags

- name: Push on ecr branch
uses: ./.github/actions/push_on_ecr
if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev'
env:
TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'prod' }}
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: $TAG
aws_region: ${{ inputs.aws_region }}

- name: Check Tag
id: check-tag
if: github.base_ref == 'master' || github.base_ref == 'main'
run: |
if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -115,4 +150,16 @@ jobs:
api_key: ${{ secrets.TWITTER_API_KEY }}
api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}

- name: Push on ecr tag
if: steps.check-tag.outputs.match == 'true'
uses: ./.github/actions/push_on_ecr
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: ${{ github.event.pull_request.title }}
aws_region: ${{ inputs.aws_region }}
1 change: 0 additions & 1 deletion .github/workflows/pull_request_automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ jobs:
check_migrations: true
check_requirements_licenses: true
check_docs_directory:
check_dockerfile: Dockerfile

use_postgres: false
use_memcached: false
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ jobs:
publish_on_test_pypi: false
publish_on_npm: false
publish_on_twitter: false
publish_on_ecr: false
repository: certego-test
dockerfile: Dockerfile
aws_region: eu-central-1
51 changes: 51 additions & 0 deletions actions/push_on_ecr/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Composite action push on ecr
description: Composite action push on ecr
inputs:
repository:
description: Repository name
required: true
aws_account_id:
description: Aws User code
required: true
aws_access_key:
description: Aws access key
required: true
aws_secret_access_key:
description: Aws secret access key
required: true
dockerfile:
description: Path for dockerfile
required: true
image_tag:
description: Directory that must be run against the linters
required: true

aws_region:
description: Aws region
required: true

runs:
using: "composite"
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ inputs.aws_region}}
aws-access-key-id: ${{ inputs.aws_access_key }}
aws-secret-access-key: ${{ inputs.secrets_aws_access_key }}
role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}}

- name: Login to Amazon ECR Private
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2


- name: Build, tag, and push docker image to Amazon ECR
env:
REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com
REPOSITORY: ${{ inputs.repository }}
IMAGE_TAG: ${{ inputs.image_tag }}
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}}
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
shell: bash
12 changes: 1 addition & 11 deletions workflows/_python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,11 +95,7 @@ on:
type: string
required: false
default: ''
check_dockerfile:
description: Check dockerfile build. WARNING action total time may increase significantly
type: string
required: false
default: ''


use_postgres:
description: Use postgres service
Expand Down Expand Up @@ -419,12 +415,6 @@ jobs:
shell: bash
working-directory: ${{ inputs.check_docs_directory }}

- name: Build DockerFile
if: inputs.check_dockerfile
run: |
docker build -f ${{ inputs.check_dockerfile }} .
working-directory: ${{ inputs.working_directory }}

- name: Start services
uses: ./.github/actions/services
if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo
Expand Down
50 changes: 48 additions & 2 deletions workflows/_release_and_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,52 @@ on:
required: false
default: #CyberSecurity

publish_on_ecr:
description: Publish on ecr
type: boolean
required: false
default: false
repository:
description: todo
type: string
required: false
dockerfile:
description: todo
type: string
required: false
aws_region:
description: todo
type: string
required: false
default: eu-central-1


jobs:
release_and_tag:
name: Create release and tag
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
if: github.event.pull_request.merged == true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags

- name: Push on ecr branch
uses: ./.github/actions/push_on_ecr
env:
TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }}
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: $TAG
aws_region: ${{ inputs.aws_region }}

- name: Check Tag
id: check-tag
if: github.base_ref == 'master' || github.base_ref == 'main'
run: |
if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -115,4 +149,16 @@ jobs:
api_key: ${{ secrets.TWITTER_API_KEY }}
api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}

- name: Push on ecr tag
if: steps.check-tag.outputs.match == 'true'
uses: ./.github/actions/push_on_ecr
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: ${{ github.event.pull_request.title }}
aws_region: ${{ inputs.aws_region }}
1 change: 0 additions & 1 deletion workflows/pull_request_automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ jobs:
check_migrations: true
check_requirements_licenses: true
check_docs_directory:
check_dockerfile: Dockerfile

use_postgres: false
use_memcached: false
Expand Down
4 changes: 4 additions & 0 deletions workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ jobs:
publish_on_test_pypi: false
publish_on_npm: false
publish_on_twitter: false
publish_on_ecr: false
repository: certego-test
dockerfile: Dockerfile
aws_region: eu-central-1
Loading