-
Notifications
You must be signed in to change notification settings - Fork 3.8k
170 lines (157 loc) · 6.54 KB
/
reusable-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Build, tag and push docker image to ghcr.io
# Controls when the action will run. Triggers the workflow on push or pull request
on:
workflow_call:
inputs:
# The environment with the GH secrets environment.
environment:
required: true
type: string
# The name of the package under which the docker image will be published on GH Packages.
package_name:
required: true
type: string
# The path to the project in the monorepo.
project_path:
required: true
type: string
# The port used for testing. This is not a required input, and it defaults to '1341'.
# This value is added, so you can test the image after it's built in test mode and by doing a health-check.
test_port:
required: false
default: '1341'
type: string
# The boolean that helps to determine whether to perform a health check. This is not a required input and defaults to false.
health_check:
required: false
default: false
type: boolean
# The tag under which the image is built, it should align with the name in the project command docker:build
local_tag:
required: true
type: string
# The environment tag. Possible values are dev, stg, and prod. This is not a required input of type string.
env_tag:
required: false
type: string
aws-region:
description: 'Region for AWS'
required: true
type: string
outputs:
docker_image:
description: 'The image that was built'
value: ${{ jobs.reusable_docker.outputs.docker_image }}
docker_image_ee:
description: 'The enterprise image that was built'
value: ${{ jobs.reusable_docker.outputs.docker_image_ee }}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
reusable_docker:
runs-on: ubuntu-latest
timeout-minutes: 80
environment: ${{ inputs.environment }}
outputs:
docker_image: ${{ steps.save-image-to-output.outputs.IMAGE }}
docker_image_ee: ${{ steps.save-image-to-output.outputs.IMAGE_EE }}
permissions:
contents: read
packages: write
deployments: write
id-token: write
strategy:
matrix:
name: [ '${{ inputs.package_name }}-ee']
steps:
- uses: actions/checkout@v4
with:
submodules: ${{ contains (matrix.name,'-ee') }}
token: ${{ secrets.SUBMODULES_TOKEN }}
- name: Prepare
shell: bash
run: |
service=${{ matrix.name }}
echo "SERVICE_NAME=$(basename "${service//-/-}")" >> $GITHUB_ENV
- uses: ./.github/actions/setup-project
with:
slim: 'true'
submodules: ${{ contains (matrix.name,'-ee') }}
- name: Set Up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: 'image=moby/buildkit:v0.13.1'
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ inputs.aws-region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to ECR
id: build-image
if: ${{ inputs.env_tag == 'dev' || inputs.env_tag == 'stg' }}
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.package_name }}
DOCKER_NAME: ${{ matrix.name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
ENV_TAG: ${{ inputs.env_tag }}
PROJECT_PATH: ${{ inputs.project_path }}
DOCKER_BUILD_ARGUMENTS: >
--platform=linux/amd64 --provenance=false
--output=type=image,name=$REGISTRY/$REPOSITORY,push-by-digest=true,name-canonical=true
run: |
cd $PROJECT_PATH && npm run docker:build
docker tag $LOCAL_TAG $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker tag $LOCAL_TAG $REGISTRY/$REPOSITORY:$ENV_TAG
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/$REPOSITORY:$ENV_TAG
- name: Production build, tag, and push image to ECR
id: build-prod-image
if: ${{ inputs.env_tag == 'prod' }}
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.package_name }}
DOCKER_NAME: ${{ matrix.name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
ENV_TAG: ${{ inputs.env_tag }}
PROJECT_PATH: ${{ inputs.project_path }}
DOCKER_BUILD_ARGUMENTS: >
--platform=linux/amd64
--output=type=image,name=$REGISTRY/$REPOSITORY,push-by-digest=true,name-canonical=true
run: |
cd $PROJECT_PATH && npm run docker:build
docker tag $LOCAL_TAG $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker tag $LOCAL_TAG $REGISTRY/$REPOSITORY:$ENV_TAG
docker tag $LOCAL_TAG $REGISTRY/$REPOSITORY:latest
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/$REPOSITORY:$ENV_TAG
docker push $REGISTRY/$REPOSITORY:latest
- name: Save image to output
id: save-image-to-output
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.package_name }}
DOCKER_NAME: ${{ matrix.name }}
IMAGE_TAG: ${{ github.sha }}
OUTPUT_NAME: ${{ contains(matrix.name,'-ee') && 'IMAGE_EE' || 'IMAGE' }}
run: |
echo "$OUTPUT_NAME=$REGISTRY/$REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Health check test
id: health-check
if: ${{ inputs.health_check == 'true' && (steps.build-image.outcome == 'success' || steps.build-prod-image.outcome == 'success') }}
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.package_name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
TEST_PORT: ${{ inputs.test_port }}
GH_ACTOR: ${{ github.actor }}
GH_PASSWORD: ${{ secrets.GH_PACKAGES }}
run: |
docker run --network=host --name $LOCAL_TAG -dit --env NODE_ENV=test $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:$TEST_PORT/v1/health-check | grep 'ok'