PT-502 Experimental: SSH to github actions #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Docker container, including running any tests which | |
# are part of the build process. | |
# | |
# If the workflow is triggered as part of an explicit dispatch, pull request, or | |
# push to master/main then the image will also be pushed to ECR. | |
name: Container build | |
on: | |
workflow_call: | |
inputs: | |
ecrRepo: | |
required: true | |
type: string | |
description: The path of the ECR repository to use | |
dockerfile: | |
required: false | |
type: string | |
default: Dockerfile | |
description: The path of the Dockerfile to use, relative to the root | |
runner: | |
required: false | |
type: string | |
default: '["ubuntu-latest"]' | |
description: A JSON payload describing the runner to use | |
ssh-debug: | |
required: false | |
type: boolean | |
default: false | |
description: Enable SSH debugging using Tailscale | |
ssh-timeout: | |
required: false | |
type: number | |
description: Number of minutes to wait for SSH connection at end of workflow before timing out | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: { python-version: "3.10" } | |
- uses: andstor/file-existence-action@v2 | |
id: pre_commit_config | |
with: | |
files: "./.pre-commit-config.yaml" | |
- if: steps.pre_commit_config.outputs.files_exists == 'true' | |
uses: pre-commit/[email protected] | |
build: | |
needs: pre-commit | |
runs-on: ${{ fromJSON(inputs.runner) }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} | |
steps: | |
- name: Expose GitHub Runtime | |
uses: crazy-max/ghaction-github-runtime@v1 | |
- name: Checkout with submodules | |
uses: actions/checkout@v2 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
token: ${{ secrets.GIT_CHECKOUT_PAT }} | |
- name: Tailscale SSH debug (${{ inputs.ssh-debug && 'enabled' || 'disabled' }}) | |
uses: botsandus/github-actions/.github/workflows/tailscale-ssh@TECH-149-Add-SSH-debug | |
with: | |
ssh-timeout: ${{ inputs.ssh-timeout }} | |
ts-authkey: ${{ secrets.TAILSCALE_CI_BUILDER_KEY }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-2 | |
mask-aws-account-id: false | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Calculate tags | |
id: tag-calculator | |
run: | | |
REPO=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecrRepo }} | |
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} | |
BRANCH=${BRANCH//[^a-zA-Z0-9\-]/\-} # Strip any invalid characters | |
BUILD_TAG=$REPO:build-${{ github.run_number }} | |
BUILD_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${BRANCH} | |
BUILD_COMMIT_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA} | |
BUILD_COMMIT_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA}-${BRANCH} | |
echo "tags=$BUILD_TAG,$BUILD_BRANCH_TAG,$BUILD_COMMIT_TAG,$BUILD_COMMIT_BRANCH_TAG" >> $GITHUB_OUTPUT | |
- name: Get git tag for build | |
id: git-tag | |
run: | | |
echo "git-tag=$(git describe --tags || echo '')" >> $GITHUB_OUTPUT | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push the container | |
id: build | |
uses: docker/build-push-action@v3 | |
env: | |
DOCKER_BUILDKIT: 1 | |
with: | |
context: . | |
file: ${{ inputs.dockerfile }} | |
push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main')) }} | |
build-args: | | |
GIT_CHECKOUT_PAT=${{ secrets.GIT_CHECKOUT_PAT }} | |
BUILD_NUMBER=${{ github.run_number }} | |
GIT_TAG=${{ steps.git-tag.outputs.git-tag }} | |
tags: ${{ steps.tag-calculator.outputs.tags }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- uses: act10ns/slack@v1 | |
if: always() | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
status: ${{ job.status }} | |
channel: '#notifications' |