-
Notifications
You must be signed in to change notification settings - Fork 0
143 lines (125 loc) · 4.94 KB
/
template-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
on:
workflow_call:
inputs:
service:
required: true
type: string
outputs:
image-tag:
description: Short sha used for Docker image versioning
value: ${{ jobs.build.outputs.image-tag }}
branch:
description: Current branch name
value: ${{ jobs.build.outputs.branch }}
branch-current:
description: Boolean indicating if branch is up to date with main
value: ${{ jobs.build.outputs.current }}
jobs:
build:
runs-on: ubuntu-22.04
outputs:
image-tag: ${{ steps.sha.outputs.sha_short }}
branch: ${{ steps.branch.outputs.branch }}
branch-current: ${{ steps.checkCurrent.outputs.current }}
permissions:
id-token: write
contents: read
steps:
- name: Slack status
if: always()
uses: act10ns/[email protected]
with:
status: starting
channel: '#github-actions'
message: Starting Docker Build and Push...
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Checkout
id: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Git SSH config
id: ssh
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'
- name: Configure AWS credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::631720813209:role/GitHubRole
aws-region: us-east-1
role-session-name: actions-${{ inputs.env }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/[email protected]
- name: Set short SHA
id: sha
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Get branch name
id: branch
run: echo "branch=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Check if Build Cache exists
id: build-cache
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: hb-${{ inputs.service }}
run: |
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:buildcache
if [ $? -eq 0 ]; then
echo "Cache found"
else
echo "Cache not found, building and pushing now"
docker buildx build --ssh default=${{ env.SSH_AUTH_SOCK }} -t $ECR_REGISTRY/$ECR_REPOSITORY:buildcache --build-arg githubUsername=hbh-github --build-arg githubToken=${{ secrets.GH_TOKEN }} .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:buildcache
fi
- name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:${{ steps.sha.outputs.sha_short }}
ssh: [default=${{ env.SSH_AUTH_SOCK }}]
build-args: [githubUsername=hbh-github, githubToken=${{ secrets.GH_TOKEN }}]
cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:buildcache
cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/hb-${{ inputs.service }}:buildcache,mode=max
# - name: Build, tag, and push image to Amazon ECR
# id: build
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# ECR_REPOSITORY: hb-${{ inputs.service }}
# IMAGE_TAG: ${{ steps.sha.outputs.sha_short }}
# run: |
# echo "building and pushing to: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
# docker buildx build --ssh default=${{ env.SSH_AUTH_SOCK }} -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg githubUsername=hbh-github --build-arg githubToken=${{ secrets.GH_TOKEN }} .
# docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Check if branch is up to date
id: checkCurrent
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
set -x
DEFAULT_BRANCH=${{ github.event.repository.default_branch }}
git fetch
git checkout $DEFAULT_BRANCH
git checkout -
if ! git merge-base --is-ancestor $DEFAULT_BRANCH HEAD; then
echo "current=false" >> $GITHUB_OUTPUT
else
echo "current=true" >> $GITHUB_OUTPUT
fi
- name: Post final status
if: always()
uses: act10ns/[email protected]
with:
status: ${{ job.status }}
channel: '#github-actions'
message: Build ${{ job.status }}, logs at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}.
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}