-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (122 loc) · 4.77 KB
/
container-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# This workflow will build a Docker container, including running any tests which
# are part of the build process.
#
# If the workflow is triggered as part of an explicit dispatch, pull request, or
# push to master/main then the image will also be pushed to ECR.
name: Container build
on:
workflow_call:
inputs:
ecrRepo:
required: true
type: string
description: The path of the ECR repository to use
dockerfile:
required: false
type: string
default: Dockerfile
description: The path of the Dockerfile to use, relative to the root
runner:
required: false
type: string
default: '["ubuntu-latest"]'
description: A JSON payload describing the runner to use
ssh-debug:
required: false
type: boolean
default: true
description: Enable SSH debugging using Tailscale when debug logging is enabled
ssh-wait-minutes:
required: false
type: number
description: Number of minutes to wait for SSH connection at end of workflow before timing out
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with: { python-version: "3.10" }
- uses: andstor/file-existence-action@v2
id: pre_commit_config
with:
files: "./.pre-commit-config.yaml"
- if: steps.pre_commit_config.outputs.files_exists == 'true'
uses: pre-commit/[email protected]
build:
needs: pre-commit
runs-on: ${{ fromJSON(inputs.runner) }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
steps:
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v1
- name: Checkout with submodules
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
token: ${{ secrets.GIT_CHECKOUT_PAT }}
lfs: true
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Calculate tags
id: tag-calculator
run: |
REPO=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecrRepo }}
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
BRANCH=${BRANCH//[^a-zA-Z0-9\-]/\-} # Strip any invalid characters
BUILD_TAG=$REPO:build-${{ github.run_number }}
BUILD_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${BRANCH}
BUILD_COMMIT_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA}
BUILD_COMMIT_BRANCH_TAG=$REPO:build-${{ github.run_number }}-${GITHUB_SHA}-${BRANCH}
echo "tags=$BUILD_TAG,$BUILD_BRANCH_TAG,$BUILD_COMMIT_TAG,$BUILD_COMMIT_BRANCH_TAG" >> $GITHUB_OUTPUT
- name: Get git tag for build
id: git-tag
run: |
echo "git-tag=$(git describe --tags || echo '')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Tailscale SSH debug (${{
inputs.ssh-debug
&& (runner.debug && 'enabled' || 're-run with debug logging to enable')
|| 'disabled'
}})
if: ${{ inputs.ssh-debug && runner.debug }}
uses: botsandus/github-actions/tailscale-ssh@master
with:
ssh-wait-minutes: ${{ inputs.ssh-wait-minutes }}
ts-oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
ts-oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
- name: Build and push the container
id: build
uses: docker/build-push-action@v3
env:
DOCKER_BUILDKIT: 1
with:
context: .
file: ${{ inputs.dockerfile }}
push: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main')) }}
build-args: |
GIT_CHECKOUT_PAT=${{ secrets.GIT_CHECKOUT_PAT }}
BUILD_NUMBER=${{ github.run_number }}
GIT_TAG=${{ steps.git-tag.outputs.git-tag }}
tags: ${{ steps.tag-calculator.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
- uses: act10ns/slack@v1
if: always()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
channel: '#notifications'