Build & publish ECS/Fargate worker image to ECR #208
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & publish ECS/Fargate worker image to ECR | |
on: | |
workflow_dispatch: | |
inputs: | |
SHOULD_BUILD_ARM64: | |
description: 'Whether to build the ARM64 image.' | |
type: boolean | |
default: false | |
workflow_call: | |
inputs: | |
COMMIT_SHA: | |
description: 'Branch ref to checkout. Needed for pull_request_target to be able to pull correct ref.' | |
type: string | |
required: true | |
USE_COMMIT_SHA_IN_VERSION: | |
description: 'Whether to use the commit sha in building the pkg version of the image.' | |
type: boolean | |
SHOULD_BUILD_ARM64: | |
description: 'Whether to build the ARM64 image.' | |
type: boolean | |
default: false | |
secrets: | |
ECR_WORKER_IMAGE_PUSH_ROLE_ARN: | |
description: 'ARN of the IAM role to assume to push the image to ECR.' | |
required: true | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
build_docker_image_amd64: | |
runs-on: ubuntu-latest | |
env: | |
# Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch) | |
WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }} | |
strategy: | |
matrix: | |
registry: [ public, private ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.WORKER_VERSION }} | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Replace package version | |
if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }} | |
run: node .github/workflows/scripts/replace-package-versions.js | |
env: | |
COMMIT_SHA: ${{ env.WORKER_VERSION }} | |
REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces | |
- name: Get Artillery version | |
# we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches | |
# NOTE: can't check for refs/head/main because of pull_request_target used in some workflows | |
if: github.event.pull_request == null && github.event_name != 'workflow_dispatch' | |
run: | | |
echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV | |
- name: Show git ref | |
run: | | |
echo GITHUB REF ${{ github.ref }} | |
echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }} | |
echo GITHUB SHA ${{ github.sha }} | |
echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }} | |
- name: Configure AWS Credentials (Public ECR) | |
if: matrix.registry == 'public' | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: us-east-1 | |
audience: sts.amazonaws.com | |
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
role-session-name: OIDCSession | |
mask-aws-account-id: true | |
- name: Login to Amazon (Public ECR) | |
if: matrix.registry == 'public' | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build the Docker image (Public ECR) | |
if: matrix.registry == 'public' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64 | |
run: | | |
docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
- name: Push Docker image (Public ECR) | |
if: matrix.registry == 'public' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64 | |
run: | | |
docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} | |
- name: Configure AWS Credentials (Private ECR) | |
if: matrix.registry == 'private' | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: eu-west-1 | |
audience: sts.amazonaws.com | |
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
role-session-name: OIDCSession | |
mask-aws-account-id: true | |
- name: Login to Amazon (Private ECR) | |
if: matrix.registry == 'private' | |
id: login-ecr-private | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build the Docker image (Private ECR) | |
if: matrix.registry == 'private' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64 | |
run: | | |
docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
- name: Push Docker image (Private ECR) | |
if: matrix.registry == 'private' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64 | |
run: | | |
docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} | |
build_docker_image_arm64: | |
runs-on: ubuntu-latest | |
if: ${{ inputs.SHOULD_BUILD_ARM64 }} | |
env: | |
# Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch) | |
WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }} | |
strategy: | |
matrix: | |
registry: [ public, private ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.WORKER_VERSION }} | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Replace package version | |
if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }} | |
run: node .github/workflows/scripts/replace-package-versions.js | |
env: | |
COMMIT_SHA: ${{ env.WORKER_VERSION }} | |
REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces | |
- name: Get Artillery version | |
# we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches | |
# NOTE: can't check for refs/head/main because of pull_request_target used in some workflows | |
if: github.event.pull_request == null && github.event_name != 'workflow_dispatch' | |
run: | | |
echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV | |
- name: Show git ref | |
run: | | |
echo GITHUB REF ${{ github.ref }} | |
echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }} | |
echo GITHUB SHA ${{ github.sha }} | |
echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }} | |
- name: Configure AWS Credentials (Public ECR) | |
if: matrix.registry == 'public' | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: us-east-1 | |
audience: sts.amazonaws.com | |
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
role-session-name: OIDCSession | |
mask-aws-account-id: true | |
- name: Login to Amazon (Public ECR) | |
if: matrix.registry == 'public' | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build the Docker image (Public ECR) | |
if: matrix.registry == 'public' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64 | |
run: | | |
docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
- name: Push Docker image (Public ECR) | |
if: matrix.registry == 'public' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64 | |
run: | | |
docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} | |
- name: Configure AWS Credentials (Private ECR) | |
if: matrix.registry == 'private' | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: eu-west-1 | |
audience: sts.amazonaws.com | |
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
role-session-name: OIDCSession | |
mask-aws-account-id: true | |
- name: Login to Amazon (Private ECR) | |
if: matrix.registry == 'private' | |
id: login-ecr-private | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build the Docker image (Private ECR) | |
if: matrix.registry == 'private' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64 | |
run: | | |
docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
- name: Push Docker image (Private ECR) | |
if: matrix.registry == 'private' | |
env: | |
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64 | |
run: | | |
docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} | |