try setting registry cache #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | ||
| workflow_call: | ||
| inputs: | ||
| service: | ||
| required: true | ||
| type: string | ||
| outputs: | ||
| image-tag: | ||
| description: Short sha used for Docker image versioning | ||
| value: ${{ jobs.build.outputs.image-tag }} | ||
| branch: | ||
| description: Current branch name | ||
| value: ${{ jobs.build.outputs.branch }} | ||
| branch-current: | ||
| description: Boolean indicating if branch is up to date with main | ||
| value: ${{ jobs.build.outputs.current }} | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-22.04 | ||
| outputs: | ||
| image-tag: ${{ steps.sha.outputs.sha_short }} | ||
| branch: ${{ steps.branch.outputs.branch }} | ||
| branch-current: ${{ steps.checkCurrent.outputs.current }} | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| steps: | ||
| - name: Slack status | ||
| if: always() | ||
| uses: act10ns/[email protected] | ||
| with: | ||
| status: starting | ||
| channel: '#github-actions' | ||
| message: Starting Docker Build and Push... | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| - name: Checkout | ||
| id: checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Git SSH config | ||
| id: ssh | ||
| uses: webfactory/[email protected] | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
| - name: Run GitHub Action for ORT | ||
| uses: oss-review-toolkit/ort-ci-github-action@v1 | ||
| with: | ||
| allow-dynamic-versions: 'true' | ||
| - name: Configure AWS credentials | ||
| id: creds | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: arn:aws:iam::631720813209:role/GitHubRole | ||
| aws-region: us-east-1 | ||
| role-session-name: actions-${{ inputs.env }} | ||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/[email protected] | ||
| - name: Set short SHA | ||
| id: sha | ||
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | ||
| - name: Get branch name | ||
| id: branch | ||
| run: echo "branch=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Check if Build Cache exists | ||
| id: build-cache | ||
| env: | ||
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | ||
| ECR_REPOSITORY: hb-${{ inputs.service }} | ||
| run: | | ||
| docker pull $ECR_REGISTRY/$ECR_REPOSITORY:buildcache | ||
| if [ $? -eq 0 ]; then | ||
| echo "Cache found" | ||
| else | ||
| echo "Cache not found, building and pushing now" | ||
| docker buildx build --ssh default=${{ env.SSH_AUTH_SOCK }} -t $ECR_REGISTRY/$ECR_REPOSITORY:buildcache --build-arg githubUsername=hbh-github --build-arg githubToken=${{ secrets.GH_TOKEN }} . | ||
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:buildcache | ||
| fi | ||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| push: true | ||
| tags: ${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:${{ steps.sha.outputs.sha_short }} | ||
| ssh: [default=${{ env.SSH_AUTH_SOCK }}] | ||
| build-args: [githubUsername=hbh-github, githubToken=${{ secrets.GH_TOKEN }}] | ||
| cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:buildcache | ||
| cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:buildcache,mode=max | ||
| # - name: Build, tag, and push image to Amazon ECR | ||
| # id: build | ||
| # env: | ||
| # ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | ||
| # ECR_REPOSITORY: hb-${{ inputs.service }} | ||
| # IMAGE_TAG: ${{ steps.sha.outputs.sha_short }} | ||
| # run: | | ||
| # echo "building and pushing to: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | ||
| # docker buildx build --ssh default=${{ env.SSH_AUTH_SOCK }} -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg githubUsername=hbh-github --build-arg githubToken=${{ secrets.GH_TOKEN }} . | ||
| # docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | ||
| - name: Check if branch is up to date | ||
| id: checkCurrent | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| run: | | ||
| set -x | ||
| DEFAULT_BRANCH=${{ github.event.repository.default_branch }} | ||
| git fetch | ||
| git checkout $DEFAULT_BRANCH | ||
| git checkout - | ||
| if ! git merge-base --is-ancestor $DEFAULT_BRANCH HEAD; then | ||
| echo "current=false" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "current=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Post final status | ||
| if: always() | ||
| uses: act10ns/[email protected] | ||
| with: | ||
| status: ${{ job.status }} | ||
| channel: '#github-actions' | ||
| message: Build ${{ job.status }}, logs at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}. | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
