From c024f84d3d2c6df6f24bc076a9acba12cd5d8a25 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Mon, 2 Oct 2023 16:50:42 +0200 Subject: [PATCH 01/21] Ecr Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 51 +++++++++++++++++++ .github/workflows/_python.yml | 12 +---- .github/workflows/_release_and_tag.yml | 49 +++++++++++++++++- .github/workflows/pull_request_automation.yml | 1 - .github/workflows/release.yml | 4 ++ actions/push_on_ecr/action.yml | 51 +++++++++++++++++++ workflows/_python.yml | 12 +---- workflows/_release_and_tag.yml | 49 +++++++++++++++++- workflows/pull_request_automation.yml | 1 - workflows/release.yml | 4 ++ 10 files changed, 206 insertions(+), 28 deletions(-) create mode 100644 .github/actions/push_on_ecr/action.yml create mode 100644 actions/push_on_ecr/action.yml diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml new file mode 100644 index 0000000..907caa4 --- /dev/null +++ b/.github/actions/push_on_ecr/action.yml @@ -0,0 +1,51 @@ +name: Composite action push on ecr +description: Composite action push on ecr +inputs: + repository: + description: Repository name + required: true + aws_account_id: + description: Aws User code + required: true + aws_access_key: + description: Aws access key + required: true + aws_secret_access_key: + description: Aws secret access key + required: true + dockerfile: + description: Path for dockerfile + required: true + image_tag: + description: Directory that must be run against the linters + required: true + + aws_region: + description: Aws region + required: true + +runs: + using: "composite" + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ inputs.aws_region}} + aws-access-key-id: ${{ inputs.aws_access_key }} + aws-secret-access-key: ${{ inputs.secrets_aws_access_key }} + role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} + + - name: Login to Amazon ECR Private + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + + - name: Build, tag, and push docker image to Amazon ECR + env: + REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com + REPOSITORY: ${{ inputs.repository }} + IMAGE_TAG: ${{ inputs.image_tag }} + run: | + docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}} + docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG + shell: bash \ No newline at end of file diff --git a/.github/workflows/_python.yml b/.github/workflows/_python.yml index 57b4c58..ca57c3a 100644 --- a/.github/workflows/_python.yml +++ b/.github/workflows/_python.yml @@ -95,11 +95,7 @@ on: type: string required: false default: '' - check_dockerfile: - description: Check dockerfile build. WARNING action total time may increase significantly - type: string - required: false - default: '' + use_postgres: description: Use postgres service @@ -419,12 +415,6 @@ jobs: shell: bash working-directory: ${{ inputs.check_docs_directory }} - - name: Build DockerFile - if: inputs.check_dockerfile - run: | - docker build -f ${{ inputs.check_dockerfile }} . - working-directory: ${{ inputs.working_directory }} - - name: Start services uses: ./.github/actions/services if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 901d207..9759c57 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -31,18 +31,52 @@ on: required: false default: #CyberSecurity + publish_on_ecr: + description: Publish on ecr + type: boolean + required: false + default: false + repository: + description: todo + type: string + required: false + dockerfile: + description: todo + type: string + required: false + aws_region: + description: todo + type: string + required: false + default: eu-central-1 + + jobs: release_and_tag: name: Create release and tag runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' ) + if: github.event.pull_request.merged == true steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # otherwise, you do not retrieve the tags + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + env: + TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: $TAG + aws_region: ${{ inputs.aws_region }} + - name: Check Tag id: check-tag + if: github.base_ref == 'master' || github.base_ref == 'main' run: | if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "match=true" >> $GITHUB_OUTPUT @@ -115,4 +149,15 @@ jobs: api_key: ${{ secrets.TWITTER_API_KEY }} api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} - access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} \ No newline at end of file + access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + + - name: Push on ecr tag + if: steps.check-tag.outputs.match == 'true' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: ${{ github.event.pull_request.title }} + aws_region: ${{ inputs.aws_region }} \ No newline at end of file diff --git a/.github/workflows/pull_request_automation.yml b/.github/workflows/pull_request_automation.yml index 80f23fe..c039368 100644 --- a/.github/workflows/pull_request_automation.yml +++ b/.github/workflows/pull_request_automation.yml @@ -73,7 +73,6 @@ jobs: check_migrations: true check_requirements_licenses: true check_docs_directory: - check_dockerfile: Dockerfile use_postgres: false use_memcached: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4987b88..5004031 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,3 +20,7 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false + publish_on_ecr: false + repository: .github + dockerfile: Dockerfile + aws_region: eu-central-1 \ No newline at end of file diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml new file mode 100644 index 0000000..907caa4 --- /dev/null +++ b/actions/push_on_ecr/action.yml @@ -0,0 +1,51 @@ +name: Composite action push on ecr +description: Composite action push on ecr +inputs: + repository: + description: Repository name + required: true + aws_account_id: + description: Aws User code + required: true + aws_access_key: + description: Aws access key + required: true + aws_secret_access_key: + description: Aws secret access key + required: true + dockerfile: + description: Path for dockerfile + required: true + image_tag: + description: Directory that must be run against the linters + required: true + + aws_region: + description: Aws region + required: true + +runs: + using: "composite" + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ inputs.aws_region}} + aws-access-key-id: ${{ inputs.aws_access_key }} + aws-secret-access-key: ${{ inputs.secrets_aws_access_key }} + role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} + + - name: Login to Amazon ECR Private + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + + - name: Build, tag, and push docker image to Amazon ECR + env: + REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com + REPOSITORY: ${{ inputs.repository }} + IMAGE_TAG: ${{ inputs.image_tag }} + run: | + docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}} + docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG + shell: bash \ No newline at end of file diff --git a/workflows/_python.yml b/workflows/_python.yml index 57b4c58..ca57c3a 100644 --- a/workflows/_python.yml +++ b/workflows/_python.yml @@ -95,11 +95,7 @@ on: type: string required: false default: '' - check_dockerfile: - description: Check dockerfile build. WARNING action total time may increase significantly - type: string - required: false - default: '' + use_postgres: description: Use postgres service @@ -419,12 +415,6 @@ jobs: shell: bash working-directory: ${{ inputs.check_docs_directory }} - - name: Build DockerFile - if: inputs.check_dockerfile - run: | - docker build -f ${{ inputs.check_dockerfile }} . - working-directory: ${{ inputs.working_directory }} - - name: Start services uses: ./.github/actions/services if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 901d207..a7f74eb 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -31,18 +31,52 @@ on: required: false default: #CyberSecurity + publish_on_ecr: + description: Publish on ecr + type: boolean + required: false + default: false + repository: + description: todo + type: string + required: false + dockerfile: + description: todo + type: string + required: false + aws_region: + description: todo + type: string + required: false + default: eu-central-1 + + jobs: release_and_tag: name: Create release and tag runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' ) + if: github.event.pull_request.merged == true steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # otherwise, you do not retrieve the tags + + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + env: + TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: $TAG + aws_region: ${{ inputs.aws_region }} - name: Check Tag id: check-tag + if: github.base_ref == 'master' || github.base_ref == 'main' run: | if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "match=true" >> $GITHUB_OUTPUT @@ -115,4 +149,15 @@ jobs: api_key: ${{ secrets.TWITTER_API_KEY }} api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} - access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} \ No newline at end of file + access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + + - name: Push on ecr tag + if: steps.check-tag.outputs.match == 'true' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ inputs.dockerfile }} + image_tag: ${{ github.event.pull_request.title }} + aws_region: ${{ inputs.aws_region }} \ No newline at end of file diff --git a/workflows/pull_request_automation.yml b/workflows/pull_request_automation.yml index 80f23fe..c039368 100644 --- a/workflows/pull_request_automation.yml +++ b/workflows/pull_request_automation.yml @@ -73,7 +73,6 @@ jobs: check_migrations: true check_requirements_licenses: true check_docs_directory: - check_dockerfile: Dockerfile use_postgres: false use_memcached: false diff --git a/workflows/release.yml b/workflows/release.yml index 4987b88..5004031 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -20,3 +20,7 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false + publish_on_ecr: false + repository: .github + dockerfile: Dockerfile + aws_region: eu-central-1 \ No newline at end of file From 8bd85ee4c9f1f62b965bcb2544b7484f2467abe7 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Mon, 2 Oct 2023 16:55:15 +0200 Subject: [PATCH 02/21] Ecr Signed-off-by: 0ssigeno --- .github/workflows/release.yml | 2 +- workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5004031..02270d6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,6 @@ jobs: publish_on_npm: false publish_on_twitter: false publish_on_ecr: false - repository: .github + repository: certego-test dockerfile: Dockerfile aws_region: eu-central-1 \ No newline at end of file diff --git a/workflows/release.yml b/workflows/release.yml index 5004031..02270d6 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -21,6 +21,6 @@ jobs: publish_on_npm: false publish_on_twitter: false publish_on_ecr: false - repository: .github + repository: certego-test dockerfile: Dockerfile aws_region: eu-central-1 \ No newline at end of file From ab1162d7f921ca9fd18b9a382212a05039ede513 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Tue, 3 Oct 2023 09:35:29 +0200 Subject: [PATCH 03/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 1 + workflows/_release_and_tag.yml | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 9759c57..502098e 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -153,6 +153,7 @@ jobs: - name: Push on ecr tag if: steps.check-tag.outputs.match == 'true' + uses: ./.github/actions/push_on_ecr with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index a7f74eb..502098e 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -60,7 +60,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 # otherwise, you do not retrieve the tags - + - name: Push on ecr branch uses: ./.github/actions/push_on_ecr env: @@ -150,9 +150,10 @@ jobs: api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }} access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} - + - name: Push on ecr tag if: steps.check-tag.outputs.match == 'true' + uses: ./.github/actions/push_on_ecr with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} From c6da2fc4f8b0073b5c2f1de659d25d637bb494b4 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:17:43 +0200 Subject: [PATCH 04/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 502098e..0c36225 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -63,8 +63,9 @@ jobs: - name: Push on ecr branch uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' env: - TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'prod' }} with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} From 597f616330beaf8a2d0d43400ecf7d504b81fcb7 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:20:59 +0200 Subject: [PATCH 05/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 2 +- workflows/_release_and_tag.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 0c36225..8743b4d 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -65,7 +65,7 @@ jobs: uses: ./.github/actions/push_on_ecr if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' env: - TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'prod' }} + TAG: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 502098e..8743b4d 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -63,8 +63,9 @@ jobs: - name: Push on ecr branch uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' env: - TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + TAG: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} From 6c455a07784a9a3da30f595d4a45d19a781cebae Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:23:44 +0200 Subject: [PATCH 06/21] Typo Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 2 +- actions/push_on_ecr/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index 907caa4..e3880eb 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -32,7 +32,7 @@ runs: with: aws-region: ${{ inputs.aws_region}} aws-access-key-id: ${{ inputs.aws_access_key }} - aws-secret-access-key: ${{ inputs.secrets_aws_access_key }} + aws-secret-access-key: ${{ inputs.aws_secret_access_key }} role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} - name: Login to Amazon ECR Private diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index 907caa4..e3880eb 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -32,7 +32,7 @@ runs: with: aws-region: ${{ inputs.aws_region}} aws-access-key-id: ${{ inputs.aws_access_key }} - aws-secret-access-key: ${{ inputs.secrets_aws_access_key }} + aws-secret-access-key: ${{ inputs.aws_secret_access_key }} role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} - name: Login to Amazon ECR Private From 19c99f42bfe45cdab8632b9494d14c010687b072 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:26:23 +0200 Subject: [PATCH 07/21] Fix role Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 1 - actions/push_on_ecr/action.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index e3880eb..197314d 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -33,7 +33,6 @@ runs: aws-region: ${{ inputs.aws_region}} aws-access-key-id: ${{ inputs.aws_access_key }} aws-secret-access-key: ${{ inputs.aws_secret_access_key }} - role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} - name: Login to Amazon ECR Private id: login-ecr diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index e3880eb..197314d 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -33,7 +33,6 @@ runs: aws-region: ${{ inputs.aws_region}} aws-access-key-id: ${{ inputs.aws_access_key }} aws-secret-access-key: ${{ inputs.aws_secret_access_key }} - role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}} - name: Login to Amazon ECR Private id: login-ecr From 8e22c121b5e07fef515c24ca7898a77fc102d59e Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:31:11 +0200 Subject: [PATCH 08/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 4 +--- workflows/_release_and_tag.yml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 8743b4d..9f80fac 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -64,15 +64,13 @@ jobs: - name: Push on ecr branch uses: ./.github/actions/push_on_ecr if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' - env: - TAG: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} dockerfile: ${{ inputs.dockerfile }} - image_tag: $TAG + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} aws_region: ${{ inputs.aws_region }} - name: Check Tag diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 8743b4d..9f80fac 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -64,15 +64,13 @@ jobs: - name: Push on ecr branch uses: ./.github/actions/push_on_ecr if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' - env: - TAG: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} dockerfile: ${{ inputs.dockerfile }} - image_tag: $TAG + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} aws_region: ${{ inputs.aws_region }} - name: Check Tag From 5bc58a53005c2a42c3e1f891b64955cf23b18e9f Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:34:57 +0200 Subject: [PATCH 09/21] Fix dockerfile Signed-off-by: 0ssigeno --- .github/workflows/release.yml | 2 +- workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 02270d6..18519f4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,5 +22,5 @@ jobs: publish_on_twitter: false publish_on_ecr: false repository: certego-test - dockerfile: Dockerfile + dockerfile: .github/test/python_test/Dockerfile aws_region: eu-central-1 \ No newline at end of file diff --git a/workflows/release.yml b/workflows/release.yml index 02270d6..18519f4 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -22,5 +22,5 @@ jobs: publish_on_twitter: false publish_on_ecr: false repository: certego-test - dockerfile: Dockerfile + dockerfile: .github/test/python_test/Dockerfile aws_region: eu-central-1 \ No newline at end of file From f8c08528b7d9bc30c773e42b17d4d6de8d5487ff Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 15:47:17 +0200 Subject: [PATCH 10/21] Fixes Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 15 ++++++++++----- .github/workflows/_release_and_tag.yml | 17 +++++++++++++---- .github/workflows/release.yml | 3 ++- actions/push_on_ecr/action.yml | 15 ++++++++++----- workflows/_release_and_tag.yml | 17 +++++++++++++---- workflows/release.yml | 3 ++- 6 files changed, 50 insertions(+), 20 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index 197314d..33e65e3 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -4,6 +4,13 @@ inputs: repository: description: Repository name required: true + dockerfile: + description: Path for dockerfile from working directory + required: true + working_directory: + description: Docker build context + required: true + aws_account_id: description: Aws User code required: true @@ -13,9 +20,6 @@ inputs: aws_secret_access_key: description: Aws secret access key required: true - dockerfile: - description: Path for dockerfile - required: true image_tag: description: Directory that must be run against the linters required: true @@ -45,6 +49,7 @@ runs: REPOSITORY: ${{ inputs.repository }} IMAGE_TAG: ${{ inputs.image_tag }} run: | - docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}} + docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ${{inputs.dockerfile}} . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - shell: bash \ No newline at end of file + shell: bash + working-directory: ${{ inputs.working_directory }} \ No newline at end of file diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 9f80fac..6cde7d0 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -37,15 +37,22 @@ on: required: false default: false repository: - description: todo + description: Repository name type: string required: false + default: ${{ github.event.repository.name }} + dockerfile: - description: todo + description: Path for dockerfile from working directory + type: string + required: false + working_directory: + description: Docker build context type: string required: false + default: . aws_region: - description: todo + description: Aws region type: string required: false default: eu-central-1 @@ -72,6 +79,7 @@ jobs: dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} - name: Check Tag id: check-tag @@ -160,4 +168,5 @@ jobs: aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ github.event.pull_request.title }} - aws_region: ${{ inputs.aws_region }} \ No newline at end of file + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18519f4..4373d60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,5 +22,6 @@ jobs: publish_on_twitter: false publish_on_ecr: false repository: certego-test - dockerfile: .github/test/python_test/Dockerfile + working_directory: .github/test/python_test + dockerfile: Dockerfile aws_region: eu-central-1 \ No newline at end of file diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index 197314d..2cb4d9f 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -4,6 +4,13 @@ inputs: repository: description: Repository name required: true + dockerfile: + description: Path for dockerfile from working directory + required: true + working_directory: + description: Docker build context + required: true + aws_account_id: description: Aws User code required: true @@ -13,9 +20,6 @@ inputs: aws_secret_access_key: description: Aws secret access key required: true - dockerfile: - description: Path for dockerfile - required: true image_tag: description: Directory that must be run against the linters required: true @@ -45,6 +49,7 @@ runs: REPOSITORY: ${{ inputs.repository }} IMAGE_TAG: ${{ inputs.image_tag }} run: | - docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}} + docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ${{inputs.dockerfile}} . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - shell: bash \ No newline at end of file + shell: bash + working-directory: inputs.dockerfile.parent \ No newline at end of file diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 9f80fac..6cde7d0 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -37,15 +37,22 @@ on: required: false default: false repository: - description: todo + description: Repository name type: string required: false + default: ${{ github.event.repository.name }} + dockerfile: - description: todo + description: Path for dockerfile from working directory + type: string + required: false + working_directory: + description: Docker build context type: string required: false + default: . aws_region: - description: todo + description: Aws region type: string required: false default: eu-central-1 @@ -72,6 +79,7 @@ jobs: dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} - name: Check Tag id: check-tag @@ -160,4 +168,5 @@ jobs: aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ github.event.pull_request.title }} - aws_region: ${{ inputs.aws_region }} \ No newline at end of file + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} diff --git a/workflows/release.yml b/workflows/release.yml index 18519f4..4373d60 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -22,5 +22,6 @@ jobs: publish_on_twitter: false publish_on_ecr: false repository: certego-test - dockerfile: .github/test/python_test/Dockerfile + working_directory: .github/test/python_test + dockerfile: Dockerfile aws_region: eu-central-1 \ No newline at end of file From 7476d837c803a67de0ceba2b3677432ef64d2915 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 16:32:05 +0200 Subject: [PATCH 11/21] Fixes Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 46 ++++++++++++++++---------- .github/workflows/release.yml | 4 +-- workflows/_release_and_tag.yml | 46 ++++++++++++++++---------- workflows/release.yml | 4 +-- 4 files changed, 60 insertions(+), 40 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 6cde7d0..69a95ee 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -42,8 +42,8 @@ on: required: false default: ${{ github.event.repository.name }} - dockerfile: - description: Path for dockerfile from working directory + dockerfiles: + description: Path for dockerfiles from working directory type: string required: false working_directory: @@ -63,24 +63,13 @@ jobs: name: Create release and tag runs-on: ubuntu-latest if: github.event.pull_request.merged == true + outputs: + match: ${{ steps.check-tag.outputs.match }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # otherwise, you do not retrieve the tags - - name: Push on ecr branch - uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' - with: - repository: ${{ inputs.repository }} - aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} - aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - dockerfile: ${{ inputs.dockerfile }} - image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} - aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} - - name: Check Tag id: check-tag if: github.base_ref == 'master' || github.base_ref == 'main' @@ -158,8 +147,29 @@ jobs: access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} - - name: Push on ecr tag - if: steps.check-tag.outputs.match == 'true' + + push_on_ecr: + needs: release_and_tag + if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true + strategy: + matrix: + dockerfile: ${{ fromJson(inputs.dockerfiles) }} + steps: + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} + + - name: Push on ecr new release + if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) uses: ./.github/actions/push_on_ecr with: repository: ${{ inputs.repository }} @@ -169,4 +179,4 @@ jobs: dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ github.event.pull_request.title }} aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} + working_directory: ${{ inputs.working_directory }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4373d60..8ada6d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,8 +20,8 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false - publish_on_ecr: false + publish_on_ecr: true repository: certego-test working_directory: .github/test/python_test - dockerfile: Dockerfile + dockerfiles: [Dockerfile] aws_region: eu-central-1 \ No newline at end of file diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 6cde7d0..69a95ee 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -42,8 +42,8 @@ on: required: false default: ${{ github.event.repository.name }} - dockerfile: - description: Path for dockerfile from working directory + dockerfiles: + description: Path for dockerfiles from working directory type: string required: false working_directory: @@ -63,24 +63,13 @@ jobs: name: Create release and tag runs-on: ubuntu-latest if: github.event.pull_request.merged == true + outputs: + match: ${{ steps.check-tag.outputs.match }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # otherwise, you do not retrieve the tags - - name: Push on ecr branch - uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' - with: - repository: ${{ inputs.repository }} - aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} - aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - dockerfile: ${{ inputs.dockerfile }} - image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} - aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} - - name: Check Tag id: check-tag if: github.base_ref == 'master' || github.base_ref == 'main' @@ -158,8 +147,29 @@ jobs: access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }} access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} - - name: Push on ecr tag - if: steps.check-tag.outputs.match == 'true' + + push_on_ecr: + needs: release_and_tag + if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true + strategy: + matrix: + dockerfile: ${{ fromJson(inputs.dockerfiles) }} + steps: + - name: Push on ecr branch + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} + + - name: Push on ecr new release + if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) uses: ./.github/actions/push_on_ecr with: repository: ${{ inputs.repository }} @@ -169,4 +179,4 @@ jobs: dockerfile: ${{ inputs.dockerfile }} image_tag: ${{ github.event.pull_request.title }} aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} + working_directory: ${{ inputs.working_directory }} \ No newline at end of file diff --git a/workflows/release.yml b/workflows/release.yml index 4373d60..8ada6d3 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -20,8 +20,8 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false - publish_on_ecr: false + publish_on_ecr: true repository: certego-test working_directory: .github/test/python_test - dockerfile: Dockerfile + dockerfiles: [Dockerfile] aws_region: eu-central-1 \ No newline at end of file From bd39ab4b4698d021895c2ef2de0fcd01eea0a62a Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 16:35:47 +0200 Subject: [PATCH 12/21] Tab Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 22 +++++++++++----------- workflows/_release_and_tag.yml | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 69a95ee..bdb7c4e 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -156,17 +156,17 @@ jobs: dockerfile: ${{ fromJson(inputs.dockerfiles) }} steps: - name: Push on ecr branch - uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' - with: - repository: ${{ inputs.repository }} - aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} - aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - dockerfile: ${{ matrix.dockerfile }} - image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} - aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} - name: Push on ecr new release if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 69a95ee..bdb7c4e 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -156,17 +156,17 @@ jobs: dockerfile: ${{ fromJson(inputs.dockerfiles) }} steps: - name: Push on ecr branch - uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' - with: - repository: ${{ inputs.repository }} - aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} - aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - dockerfile: ${{ matrix.dockerfile }} - image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} - aws_region: ${{ inputs.aws_region }} - working_directory: ${{ inputs.working_directory }} + uses: ./.github/actions/push_on_ecr + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + with: + repository: ${{ inputs.repository }} + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + dockerfile: ${{ matrix.dockerfile }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + aws_region: ${{ inputs.aws_region }} + working_directory: ${{ inputs.working_directory }} - name: Push on ecr new release if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' ) From a331e2ebcf9ee0916f42338acd6e54a5eeaa2622 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 16:38:07 +0200 Subject: [PATCH 13/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/release.yml | 4 +++- workflows/release.yml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8ada6d3..43d6b27 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,5 +23,7 @@ jobs: publish_on_ecr: true repository: certego-test working_directory: .github/test/python_test - dockerfiles: [Dockerfile] + dockerfiles: >- + ["Dockerfile"] + aws_region: eu-central-1 \ No newline at end of file diff --git a/workflows/release.yml b/workflows/release.yml index 8ada6d3..fd6a9ad 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -23,5 +23,6 @@ jobs: publish_on_ecr: true repository: certego-test working_directory: .github/test/python_test - dockerfiles: [Dockerfile] + dockerfiles: >- + ["Dockerfile"] aws_region: eu-central-1 \ No newline at end of file From df3b9d48b9977ef0fef4c686eb835804e2d1950a Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 16:39:20 +0200 Subject: [PATCH 14/21] Fix Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 4 ++++ workflows/_release_and_tag.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index bdb7c4e..8bb5e1d 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -149,12 +149,16 @@ jobs: push_on_ecr: + runs-on: ubuntu-latest needs: release_and_tag if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true strategy: matrix: dockerfile: ${{ fromJson(inputs.dockerfiles) }} steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index bdb7c4e..8bb5e1d 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -149,12 +149,16 @@ jobs: push_on_ecr: + runs-on: ubuntu-latest needs: release_and_tag if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true strategy: matrix: dockerfile: ${{ fromJson(inputs.dockerfiles) }} steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' From 06e82d6471989e45236af97e8a0b33b48fe623b2 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Wed, 4 Oct 2023 16:44:04 +0200 Subject: [PATCH 15/21] Test Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 2 +- workflows/_release_and_tag.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 8bb5e1d..0b538eb 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 8bb5e1d..0b538eb 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} From 8cf57fe23d95d5a5c9c260cb479c8fb32a837556 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Thu, 5 Oct 2023 12:06:14 +0200 Subject: [PATCH 16/21] Cache system Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 19 +++++++++++++------ actions/push_on_ecr/action.yml | 19 +++++++++++++------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index 33e65e3..100c914 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -42,14 +42,21 @@ runs: id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + if: inputs.check_dockerfile + uses: docker/setup-buildx-action@v3 - - name: Build, tag, and push docker image to Amazon ECR + - name: Build and push + uses: docker/build-push-action@v5 + if: inputs.check_dockerfile env: REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com REPOSITORY: ${{ inputs.repository }} IMAGE_TAG: ${{ inputs.image_tag }} - run: | - docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ${{inputs.dockerfile}} . - docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - shell: bash - working-directory: ${{ inputs.working_directory }} \ No newline at end of file + with: + context: ${{ inputs.working_directory }} + push: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: $REGISTRY/$REPOSITORY:$IMAGE_TAG + file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index 2cb4d9f..100c914 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -42,14 +42,21 @@ runs: id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + - name: Set up Docker Buildx + if: inputs.check_dockerfile + uses: docker/setup-buildx-action@v3 - - name: Build, tag, and push docker image to Amazon ECR + - name: Build and push + uses: docker/build-push-action@v5 + if: inputs.check_dockerfile env: REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com REPOSITORY: ${{ inputs.repository }} IMAGE_TAG: ${{ inputs.image_tag }} - run: | - docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ${{inputs.dockerfile}} . - docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - shell: bash - working-directory: inputs.dockerfile.parent \ No newline at end of file + with: + context: ${{ inputs.working_directory }} + push: true + cache-from: type=gha + cache-to: type=gha,mode=max + tags: $REGISTRY/$REPOSITORY:$IMAGE_TAG + file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} From 2aa0117457953b7c29c35636ca55f8be5a03ba5d Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Thu, 5 Oct 2023 12:17:37 +0200 Subject: [PATCH 17/21] Fix Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 2 -- actions/push_on_ecr/action.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index 100c914..6e45ac6 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -43,12 +43,10 @@ runs: uses: aws-actions/amazon-ecr-login@v2 - name: Set up Docker Buildx - if: inputs.check_dockerfile uses: docker/setup-buildx-action@v3 - name: Build and push uses: docker/build-push-action@v5 - if: inputs.check_dockerfile env: REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com REPOSITORY: ${{ inputs.repository }} diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index 100c914..6e45ac6 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -43,12 +43,10 @@ runs: uses: aws-actions/amazon-ecr-login@v2 - name: Set up Docker Buildx - if: inputs.check_dockerfile uses: docker/setup-buildx-action@v3 - name: Build and push uses: docker/build-push-action@v5 - if: inputs.check_dockerfile env: REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com REPOSITORY: ${{ inputs.repository }} From 9700733c9413bd3e5504e7b8b87c963534eee2c6 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Thu, 5 Oct 2023 12:32:06 +0200 Subject: [PATCH 18/21] Removed env Signed-off-by: 0ssigeno --- .github/actions/push_on_ecr/action.yml | 6 +----- actions/push_on_ecr/action.yml | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml index 6e45ac6..f130e59 100644 --- a/.github/actions/push_on_ecr/action.yml +++ b/.github/actions/push_on_ecr/action.yml @@ -47,14 +47,10 @@ runs: - name: Build and push uses: docker/build-push-action@v5 - env: - REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com - REPOSITORY: ${{ inputs.repository }} - IMAGE_TAG: ${{ inputs.image_tag }} with: context: ${{ inputs.working_directory }} push: true cache-from: type=gha cache-to: type=gha,mode=max - tags: $REGISTRY/$REPOSITORY:$IMAGE_TAG + tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }} file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml index 6e45ac6..f130e59 100644 --- a/actions/push_on_ecr/action.yml +++ b/actions/push_on_ecr/action.yml @@ -47,14 +47,10 @@ runs: - name: Build and push uses: docker/build-push-action@v5 - env: - REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com - REPOSITORY: ${{ inputs.repository }} - IMAGE_TAG: ${{ inputs.image_tag }} with: context: ${{ inputs.working_directory }} push: true cache-from: type=gha cache-to: type=gha,mode=max - tags: $REGISTRY/$REPOSITORY:$IMAGE_TAG + tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }} file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }} From ae98b3ecccebfb26807d4423d2ff619dc48bc930 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Thu, 5 Oct 2023 12:45:47 +0200 Subject: [PATCH 19/21] Real branch Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 2 +- workflows/_release_and_tag.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 0b538eb..8bb5e1d 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml index 0b538eb..8bb5e1d 100644 --- a/workflows/_release_and_tag.yml +++ b/workflows/_release_and_tag.yml @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop2' || github.base_ref == 'dev' + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} From f959f1e1bdeac5da7d9e850990bf47e1245149b6 Mon Sep 17 00:00:00 2001 From: 0ssigeno Date: Mon, 16 Oct 2023 13:00:46 +0200 Subject: [PATCH 20/21] Added test tag Signed-off-by: 0ssigeno --- .github/workflows/_release_and_tag.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml index 8bb5e1d..e7df207 100644 --- a/.github/workflows/_release_and_tag.yml +++ b/.github/workflows/_release_and_tag.yml @@ -161,14 +161,14 @@ jobs: fetch-depth: 0 # otherwise, you do not retrieve the tags - name: Push on ecr branch uses: ./.github/actions/push_on_ecr - if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' + if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' || github.base_ref == 'test' with: repository: ${{ inputs.repository }} aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} aws_access_key: ${{ secrets.AWS_ACCESS_KEY}} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} dockerfile: ${{ matrix.dockerfile }} - image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }} + image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || ( github.base_ref == 'develop' || github.base_ref == 'dev' ) && 'stag' || 'test' }} aws_region: ${{ inputs.aws_region }} working_directory: ${{ inputs.working_directory }} From ba510dc609ac20c2bc66e62d86dba9922b1c3297 Mon Sep 17 00:00:00 2001 From: eugenioseveri Date: Wed, 19 Mar 2025 11:39:24 +0100 Subject: [PATCH 21/21] Disabled 'publish_on_ecr' by default --- .github/workflows/release.yml | 5 ++--- workflows/release.yml | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 43d6b27..7288a8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,10 +20,9 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false - publish_on_ecr: true + publish_on_ecr: false repository: certego-test working_directory: .github/test/python_test dockerfiles: >- ["Dockerfile"] - - aws_region: eu-central-1 \ No newline at end of file + aws_region: eu-central-1 diff --git a/workflows/release.yml b/workflows/release.yml index fd6a9ad..7288a8c 100644 --- a/workflows/release.yml +++ b/workflows/release.yml @@ -20,9 +20,9 @@ jobs: publish_on_test_pypi: false publish_on_npm: false publish_on_twitter: false - publish_on_ecr: true + publish_on_ecr: false repository: certego-test working_directory: .github/test/python_test dockerfiles: >- ["Dockerfile"] - aws_region: eu-central-1 \ No newline at end of file + aws_region: eu-central-1