From 3efd516e498294d49085155d3c63520a7b175f6c Mon Sep 17 00:00:00 2001 From: Josh Fried <112121129+joshfried-aws@users.noreply.github.com> Date: Wed, 2 Aug 2023 15:22:35 -0400 Subject: [PATCH] Adding workflow to upload tagged guard image to ECR on release (#390) * init * testing workflow for tagged images * typo * trying to fix broken script for ECR * trying to fix broken script for ECR take2 * removing beta tag for workflow * removing rogue_one from workflow * adding title to release workflow for tagged image * reverting change to install script * fixes as per comments * cleanup --- .github/workflows/publish_docker.yml | 80 ++++++++++----------- .github/workflows/publish_tagged_docker.yml | 48 +++++++++++++ 2 files changed, 87 insertions(+), 41 deletions(-) create mode 100644 .github/workflows/publish_tagged_docker.yml diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml index d01aee3cb..989927577 100644 --- a/.github/workflows/publish_docker.yml +++ b/.github/workflows/publish_docker.yml @@ -2,53 +2,51 @@ name: Deploy to ECR Public Gallery on: push: - branches: [ main, rogue_one ] + branches: [main] jobs: - build: - name: Build Image + name: Build Image for Latest Commit runs-on: ubuntu-latest permissions: id-token: write contents: read steps: - - - name: Check out code - uses: actions/checkout@v3 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: ${{ secrets.AWS_REGION }} - role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }} - role-session-name: PublishToElasticContainerRegistry - - - name: Login to Amazon ECR Public - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@v1 - with: - registry-type: public - - - name: Build, tag, and push docker image to Amazon ECR Public - env: - REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} - REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }} - REPOSITORY: cloudformation-guard - run: | - git_hash=$(git rev-parse --short "$GITHUB_SHA") - git_branch=${GITHUB_REF#refs/heads/} - commit_hash=${git_branch}.${git_hash} - - prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY - latest_image_tag=$prefix:latest - commit_hash_image_tag=$prefix:$commit_hash - - docker build -t $latest_image_tag -t $commit_hash_image_tag . - docker push $commit_hash_image_tag - - if [ ${git_branch} == 'main' ] - then - docker push $latest_image_tag - fi \ No newline at end of file + - name: Check out code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }} + role-session-name: PublishToElasticContainerRegistry + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@v1 + with: + registry-type: public + + - name: Build, tag, and push docker image to Amazon ECR Public + env: + REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} + REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }} + REPOSITORY: cloudformation-guard + run: | + git_hash=$(git rev-parse --short "$GITHUB_SHA") + git_branch=${GITHUB_REF#refs/heads/} + commit_hash=${git_branch}.${git_hash} + + prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY + latest_image_tag=$prefix:latest + commit_hash_image_tag=$prefix:$commit_hash + + docker build -t $latest_image_tag -t $commit_hash_image_tag . + docker push $commit_hash_image_tag + + if [ ${git_branch} == 'main' ] + then + docker push $latest_image_tag + fi diff --git a/.github/workflows/publish_tagged_docker.yml b/.github/workflows/publish_tagged_docker.yml new file mode 100644 index 000000000..2b51ce0e0 --- /dev/null +++ b/.github/workflows/publish_tagged_docker.yml @@ -0,0 +1,48 @@ +name: Deploy tagged version to ECR Public Gallery + +on: + push: + tags: + - "*" + +jobs: + build: + name: Build Image for Latest Release + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + + steps: + - name: Check out code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.PUBLISHER_ROLE_NAME }} + role-session-name: PublishToElasticContainerRegistry + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@v1 + with: + registry-type: public + + - name: Build, tag, and push docker image to Amazon ECR Public + env: + REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} + REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }} + REPOSITORY: cloudformation-guard + run: | + git_tag=$(git describe --tags $(git rev-list --tags --max-count=1)) + git_hash=$(git rev-parse --short "$GITHUB_SHA") + git_branch=${GITHUB_REF#refs/heads/} + commit_hash=${git_branch}.${git_hash} + + prefix=$REGISTRY/$REGISTRY_ALIAS/$REPOSITORY + guard_version_image_tag=$prefix:$git_tag + + docker build -t $guard_version_image_tag . + docker push $guard_version_image_tag