Skip to content

PT-502 Experimental: SSH to github actions #5

PT-502 Experimental: SSH to github actions

PT-502 Experimental: SSH to github actions #5

Workflow file for this run

# This workflow will build a Docker container, including running any tests which
# are part of the build process.
#
# If the workflow is triggered as part of an explicit dispatch, pull request, or
# push to master/main then the image will also be pushed to ECR.
name: Container build
on:
workflow_call:
inputs:
ecrRepo:
required: true
type: string
description: The path of the ECR repository to use
dockerfile:
required: false
type: string
default: Dockerfile
description: The path of the Dockerfile to use, relative to the root
runner:
required: false
type: string
default: '["ubuntu-latest"]'
description: A JSON payload describing the runner to use
ssh-debug:
required: false
type: boolean
default: false
description: Enable SSH debugging using Tailscale
ssh-timeout:
required: false
type: number
description: Number of minutes to wait for SSH connection at end of workflow before timing out
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with: { python-version: "3.10" }
- uses: andstor/file-existence-action@v2
id: pre_commit_config
with:
files: "./.pre-commit-config.yaml"
- if: steps.pre_commit_config.outputs.files_exists == 'true'
uses: pre-commit/[email protected]
build:
needs: pre-commit
runs-on: ${{ fromJSON(inputs.runner) }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
steps:
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v1
- name: Checkout with submodules
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
token: ${{ secrets.GIT_CHECKOUT_PAT }}
- name: Tailscale SSH debug (${{ inputs.ssh-debug && 'enabled' || 'disabled' }})
uses: botsandus/github-actions/.github/workflows/tailscale-ssh@TECH-149-Add-SSH-debug
with:
ssh-timeout: ${{ inputs.ssh-timeout }}
ts-authkey: ${{ secrets.TAILSCALE_CI_BUILDER_KEY }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Calculate tags
id: tag-calculator
run: |
REPO=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecrRepo }}
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
BRANCH=${BRANCH//[^a-zA-Z0-9\-]/\-} # Strip any invalid characters
BUILD_TAG=$REPO:build-${{ github.run_number }}
BUILD_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${BRANCH}
BUILD_COMMIT_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA}
BUILD_COMMIT_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA}-${BRANCH}
echo "tags=$BUILD_TAG,$BUILD_BRANCH_TAG,$BUILD_COMMIT_TAG,$BUILD_COMMIT_BRANCH_TAG" >> $GITHUB_OUTPUT
- name: Get git tag for build
id: git-tag
run: |
echo "git-tag=$(git describe --tags || echo '')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push the container
id: build
uses: docker/build-push-action@v3
env:
DOCKER_BUILDKIT: 1
with:
context: .
file: ${{ inputs.dockerfile }}
push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main')) }}
build-args: |
GIT_CHECKOUT_PAT=${{ secrets.GIT_CHECKOUT_PAT }}
BUILD_NUMBER=${{ github.run_number }}
GIT_TAG=${{ steps.git-tag.outputs.git-tag }}
tags: ${{ steps.tag-calculator.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
- uses: act10ns/slack@v1
if: always()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
channel: '#notifications'