-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (115 loc) · 4.39 KB
/
template-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
on:
workflow_call:
inputs:
service:
required: true
type: string
outputs:
image-tag:
description: Short sha used for Docker image versioning
value: ${{ jobs.build.outputs.image-tag }}
branch:
description: Current branch name
value: ${{ jobs.build.outputs.branch }}
branch-current:
description: Boolean indicating if branch is up to date with main
value: ${{ jobs.build.outputs.current }}
jobs:
build:
runs-on: ubuntu-22.04
outputs:
image-tag: ${{ steps.sha.outputs.sha_short }}
branch: ${{ steps.branch.outputs.branch }}
branch-current: ${{ steps.checkCurrent.outputs.current }}
permissions:
id-token: write
contents: read
steps:
- name: Slack status
if: ${{ github.actor != 'renovate[bot]' }}
uses: act10ns/[email protected]
with:
status: starting
channel: '#github-actions'
message: Starting Docker Build and Push...
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Checkout
id: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Git SSH config
id: ssh
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'
- name: Configure AWS credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::631720813209:role/GitHubRole
aws-region: us-east-1
role-session-name: actions-${{ inputs.env }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/[email protected]
- name: Set short SHA
id: sha
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Get branch name
id: branch
run: echo "branch=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
- name: Build, tag, and push image to Amazon ECR
id: build
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: hb-${{ inputs.service }}
IMAGE_TAG: ${{ steps.sha.outputs.sha_short }}
run: |
echo "building and pushing to: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
docker buildx build . -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --ssh default=${{ env.SSH_AUTH_SOCK }} \
--cache-from type=registry,ref=$ECR_REGISTRY/$ECR_REPOSITORY:buildcache \
--cache-to mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=$ECR_REGISTRY/$ECR_REPOSITORY:buildcache \
--build-arg githubUsername=hbh-github --build-arg githubToken=${{ secrets.GH_TOKEN }} --push
- name: Check if branch is up to date
id: checkCurrent
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
set -x
DEFAULT_BRANCH=${{ github.event.repository.default_branch }}
git fetch
git checkout $DEFAULT_BRANCH
git checkout -
if ! git merge-base --is-ancestor $DEFAULT_BRANCH HEAD; then
echo "current=false" >> $GITHUB_OUTPUT
else
echo "current=true" >> $GITHUB_OUTPUT
fi
- name: Post failed status
if: ${{ always() && steps.build.outcome != 'success' && github.actor != 'renovate[bot]'}}
uses: act10ns/[email protected]
with:
status: ${{ steps.build.outcome }}
channel: '#alerts-warning'
message: Build ${{ steps.build.outcome }}, logs at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_WARNING }}
- name: Post status
if: always() && github.actor != 'renovate[bot]'
uses: act10ns/[email protected]
with:
status: ${{ job.status }}
channel: '#github-actions'
message: Build ${{ job.status }}, logs at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}