Adding workflow to upload tagged guard image to ECR on release (#390)

* init * testing workflow for tagged images * typo * trying to fix broken script for ECR * trying to fix broken script for ECR take2 * removing beta tag for workflow * removing rogue_one from workflow * adding title to release workflow for tagged image * reverting change to install script * fixes as per comments * cleanup
aws-cloudformation · Aug 3, 2023 · 3efd516 · 3efd516
1 parent 2389367
commit 3efd516
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 41 deletions.
diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml
@@ -2,53 +2,51 @@ name: Deploy to ECR Public Gallery
 
 on:
   push:
-    branches: [ main, rogue_one ]
+    branches: [main]
 
 jobs:
-
   build:
-    name: Build Image
+    name: Build Image for Latest Commit
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
 
     steps:
-
-    - name: Check out code
-      uses: actions/checkout@v3
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-region: ${{ secrets.AWS_REGION }}
-        role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }}
-        role-session-name: PublishToElasticContainerRegistry
-
-    - name: Login to Amazon ECR Public
-      id: login-ecr-public
-      uses: aws-actions/amazon-ecr-login@v1
-      with:
-        registry-type: public
-
-    - name: Build, tag, and push docker image to Amazon ECR Public
-      env:
-        REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
-        REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }}
-        REPOSITORY: cloudformation-guard
-      run: |
-        git_hash=$(git rev-parse --short "$GITHUB_SHA")
-        git_branch=${GITHUB_REF#refs/heads/}
-        commit_hash=${git_branch}.${git_hash}
-        
-        prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY
-        latest_image_tag=$prefix:latest
-        commit_hash_image_tag=$prefix:$commit_hash
-        
-        docker build -t $latest_image_tag -t $commit_hash_image_tag .
-        docker push $commit_hash_image_tag
-        
-        if [ ${git_branch} == 'main' ]
-        then
-          docker push $latest_image_tag
-        fi
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }}
+          role-session-name: PublishToElasticContainerRegistry
+
+      - name: Login to Amazon ECR Public
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registry-type: public
+
+      - name: Build, tag, and push docker image to Amazon ECR Public
+        env:
+          REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
+          REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }}
+          REPOSITORY: cloudformation-guard
+        run: |
+          git_hash=$(git rev-parse --short "$GITHUB_SHA")
+          git_branch=${GITHUB_REF#refs/heads/}
+          commit_hash=${git_branch}.${git_hash}
+
+          prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY
+          latest_image_tag=$prefix:latest
+          commit_hash_image_tag=$prefix:$commit_hash
+
+          docker build -t $latest_image_tag -t $commit_hash_image_tag .
+          docker push $commit_hash_image_tag
+
+          if [ ${git_branch} == 'main' ]
+          then
+            docker push $latest_image_tag
+          fi
diff --git a/.github/workflows/publish_tagged_docker.yml b/.github/workflows/publish_tagged_docker.yml
@@ -0,0 +1,48 @@
+name: Deploy tagged version to ECR Public Gallery
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  build:
+    name: Build Image for Latest Release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }}
+          role-session-name: PublishToElasticContainerRegistry
+
+      - name: Login to Amazon ECR Public
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registry-type: public
+
+      - name: Build, tag, and push docker image to Amazon ECR Public
+        env:
+          REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
+          REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }}
+          REPOSITORY: cloudformation-guard
+        run: |
+          git_tag=$(git describe --tags $(git rev-list --tags --max-count=1))
+          git_hash=$(git rev-parse --short "$GITHUB_SHA")
+          git_branch=${GITHUB_REF#refs/heads/}
+          commit_hash=${git_branch}.${git_hash}
+
+          prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY
+          guard_version_image_tag=$prefix:$git_tag
+
+          docker build -t $guard_version_image_tag .
+          docker push $guard_version_image_tag