diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml new file mode 100644 index 0000000..f130e59 --- /dev/null +++ b/.github/actions/push_on_ecr/action.yml @@ -0,0 +1,56 @@ +name: Composite action push on ecr +description: Composite action push on ecr +inputs: + repository: + description: Repository name + required: true + dockerfile: + description: Path for dockerfile from working directory + required: true + working_directory: + description: Docker build context + required: true + + aws_account_id: + description: Aws User code + required: true + aws_access_key: + description: Aws access key + required: true + aws_secret_access_key: + description: Aws secret access key + required: true + image_tag: + description: Directory that must be run against the linters + required: true + + aws_region: + description: Aws region + required: true + +runs: + using: "composite" + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ inputs.aws_region}} + aws-access-key-id: ${{ inputs.aws_access_key }} + aws-secret-access-key: ${{ inputs.aws_secret_access_key }} + + - name: Login to Amazon ECR Private + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.working_directory }} + push: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }} + file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} diff --git a/.github/workflows/_python.yml b/.github/workflows/_python.yml index f8ae359..8e67133 100644 --- a/.github/workflows/_python.yml +++ b/.github/workflows/_python.yml @@ -412,12 +412,6 @@ jobs: shell: bash working-directory: ${{ inputs.check_docs_directory }} - - name: Build DockerFile - if: inputs.check_dockerfile - run: | - docker build -f ${{ inputs.check_dockerfile }} . - working-directory: ${{ inputs.working_directory }} - - name: Start services uses: ./.github/actions/services if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index acc8181..aaa5124 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -31,11 +31,40 @@ on: required: false default: #CyberSecurity + publish_on_ecr: + description: Publish on ecr + type: boolean + required: false + default: false + repository: + description: Repository name + type: string + required: false + default: ${{ github.event.repository.name }} + + dockerfiles: + description: Path for dockerfiles from working directory + type: string + required: false + working_directory: + description: Docker build context + type: string + required: false + default: . + aws_region: + description: Aws region + type: string + required: false + default: eu-central-1 + + jobs: release_and_tag: name: Create release and tag runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' ) + if: github.event.pull_request.merged == true + outputs: + match: ${{ steps.check-tag.outputs.match }} steps: - uses: actions/checkout@v4 with: @@ -43,6 +72,7 @@ jobs: - name: Check Tag id: check-tag + if: github.base_ref == 'master' || github.base_ref == 'main' run: | if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "match=true" >> $GITHUB_OUTPUT @@ -115,4 +145,42 @@ jobs: api_key: ${{ secrets.TWITTER_API_KEY }} api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} - access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} \ No newline at end of file + access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + + + push_on_ecr: + runs-on: ubuntu-latest + needs: release_and_tag + if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true + strategy: + matrix: + dockerfile: ${{ fromJson(inputs.dockerfiles) }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # otherwise, you do not retrieve the tags + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' || github.base_ref == 'test' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || ( github.base_ref == 'develop' || github.base_ref == 'dev' ) && 'stag' || 'test' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} + + - name: Push on ecr new release + if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) + uses: ./.github/actions/push_on_ecr + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: ${{ github.event.pull_request.title }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} \ No newline at end of file diff --git a/.github/workflows/pull_request_automation.yml b/.github/workflows/pull_request_automation.yml index 5ec92ee..7c3ffb4 100644 --- a/.github/workflows/pull_request_automation.yml +++ b/.github/workflows/pull_request_automation.yml @@ -72,7 +72,6 @@ jobs: check_migrations: true check_requirements_licenses: true check_docs_directory: - check_dockerfile: Dockerfile use_postgres: false postgres_db: db diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4987b88..7288a8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,3 +20,9 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false + publish_on_ecr: false + repository: certego-test + working_directory: .github/test/python_test + dockerfiles: >- + ["Dockerfile"] + aws_region: eu-central-1 diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml new file mode 100644 index 0000000..f130e59 --- /dev/null +++ b/actions/push_on_ecr/action.yml @@ -0,0 +1,56 @@ +name: Composite action push on ecr +description: Composite action push on ecr +inputs: + repository: + description: Repository name + required: true + dockerfile: + description: Path for dockerfile from working directory + required: true + working_directory: + description: Docker build context + required: true + + aws_account_id: + description: Aws User code + required: true + aws_access_key: + description: Aws access key + required: true + aws_secret_access_key: + description: Aws secret access key + required: true + image_tag: + description: Directory that must be run against the linters + required: true + + aws_region: + description: Aws region + required: true + +runs: + using: "composite" + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ inputs.aws_region}} + aws-access-key-id: ${{ inputs.aws_access_key }} + aws-secret-access-key: ${{ inputs.aws_secret_access_key }} + + - name: Login to Amazon ECR Private + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.working_directory }} + push: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }} + file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} diff --git a/workflows/_python.yml b/workflows/_python.yml index f8ae359..8e67133 100644 --- a/workflows/_python.yml +++ b/workflows/_python.yml @@ -412,12 +412,6 @@ jobs: shell: bash working-directory: ${{ inputs.check_docs_directory }} - - name: Build DockerFile - if: inputs.check_dockerfile - run: | - docker build -f ${{ inputs.check_dockerfile }} . - working-directory: ${{ inputs.working_directory }} - - name: Start services uses: ./.github/actions/services if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index acc8181..e899456 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -31,11 +31,40 @@ on: required: false default: #CyberSecurity + publish_on_ecr: + description: Publish on ecr + type: boolean + required: false + default: false + repository: + description: Repository name + type: string + required: false + default: ${{ github.event.repository.name }} + + dockerfiles: + description: Path for dockerfiles from working directory + type: string + required: false + working_directory: + description: Docker build context + type: string + required: false + default: . + aws_region: + description: Aws region + type: string + required: false + default: eu-central-1 + + jobs: release_and_tag: name: Create release and tag runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' ) + if: github.event.pull_request.merged == true + outputs: + match: ${{ steps.check-tag.outputs.match }} steps: - uses: actions/checkout@v4 with: @@ -43,6 +72,7 @@ jobs: - name: Check Tag id: check-tag + if: github.base_ref == 'master' || github.base_ref == 'main' run: | if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "match=true" >> $GITHUB_OUTPUT @@ -115,4 +145,42 @@ jobs: api_key: ${{ secrets.TWITTER_API_KEY }} api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} - access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} \ No newline at end of file + access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + + + push_on_ecr: + runs-on: ubuntu-latest + needs: release_and_tag + if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true + strategy: + matrix: + dockerfile: ${{ fromJson(inputs.dockerfiles) }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # otherwise, you do not retrieve the tags + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} + + - name: Push on ecr new release + if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) + uses: ./.github/actions/push_on_ecr + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: ${{ github.event.pull_request.title }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} \ No newline at end of file diff --git a/workflows/pull_request_automation.yml b/workflows/pull_request_automation.yml index 5ec92ee..7c3ffb4 100644 --- a/workflows/pull_request_automation.yml +++ b/workflows/pull_request_automation.yml @@ -72,7 +72,6 @@ jobs: check_migrations: true check_requirements_licenses: true check_docs_directory: - check_dockerfile: Dockerfile use_postgres: false postgres_db: db diff --git a/workflows/release.yml b/workflows/release.yml index 4987b88..7288a8c 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -20,3 +20,9 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false + publish_on_ecr: false + repository: certego-test + working_directory: .github/test/python_test + dockerfiles: >- + ["Dockerfile"] + aws_region: eu-central-1