Skip to content

Ecr #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
eugenioseveri merged 22 commits into from
Mar 19, 2025
Merged

Ecr #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
c024f84
Ecr
0ssigeno Oct 2, 2023
8bd85ee
Ecr
0ssigeno Oct 2, 2023
ab1162d
Fix
0ssigeno Oct 3, 2023
c6da2fc
Fix
0ssigeno Oct 4, 2023
597f616
Fix
0ssigeno Oct 4, 2023
6c455a0
Typo
0ssigeno Oct 4, 2023
19c99f4
Fix role
0ssigeno Oct 4, 2023
8e22c12
Fix
0ssigeno Oct 4, 2023
5bc58a5
Fix dockerfile
0ssigeno Oct 4, 2023
f8c0852
Fixes
0ssigeno Oct 4, 2023
7476d83
Fixes
0ssigeno Oct 4, 2023
bd39ab4
Tab
0ssigeno Oct 4, 2023
a331e2e
Fix
0ssigeno Oct 4, 2023
df3b9d4
Fix
0ssigeno Oct 4, 2023
06e82d6
Test
0ssigeno Oct 4, 2023
8cf57fe
Cache system
0ssigeno Oct 5, 2023
2aa0117
Fix
0ssigeno Oct 5, 2023
9700733
Removed env
0ssigeno Oct 5, 2023
ae98b3e
Real branch
0ssigeno Oct 5, 2023
f959f1e
Added test tag
0ssigeno Oct 16, 2023
e23c581
Merge branch 'develop' into ecr
eugenioseveri Mar 18, 2025
ba510dc
Disabled 'publish_on_ecr' by default
eugenioseveri Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/actions/push_on_ecr/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Composite action push on ecr
description: Composite action push on ecr
inputs:
repository:
description: Repository name
required: true
dockerfile:
description: Path for dockerfile from working directory
required: true
working_directory:
description: Docker build context
required: true

aws_account_id:
description: Aws User code
required: true
aws_access_key:
description: Aws access key
required: true
aws_secret_access_key:
description: Aws secret access key
required: true
image_tag:
description: Directory that must be run against the linters
required: true

aws_region:
description: Aws region
required: true

runs:
using: "composite"
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ inputs.aws_region}}
aws-access-key-id: ${{ inputs.aws_access_key }}
aws-secret-access-key: ${{ inputs.aws_secret_access_key }}

- name: Login to Amazon ECR Private
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push
uses: docker/build-push-action@v5
with:
context: ${{ inputs.working_directory }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }}
file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }}
6 changes: 0 additions & 6 deletions .github/workflows/_python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,12 +412,6 @@ jobs:
shell: bash
working-directory: ${{ inputs.check_docs_directory }}

- name: Build DockerFile
if: inputs.check_dockerfile
run: |
docker build -f ${{ inputs.check_dockerfile }} .
working-directory: ${{ inputs.working_directory }}

- name: Start services
uses: ./.github/actions/services
if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo
Expand Down
72 changes: 70 additions & 2 deletions .github/workflows/_release_and_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,48 @@ on:
required: false
default: #CyberSecurity

publish_on_ecr:
description: Publish on ecr
type: boolean
required: false
default: false
repository:
description: Repository name
type: string
required: false
default: ${{ github.event.repository.name }}

dockerfiles:
description: Path for dockerfiles from working directory
type: string
required: false
working_directory:
description: Docker build context
type: string
required: false
default: .
aws_region:
description: Aws region
type: string
required: false
default: eu-central-1


jobs:
release_and_tag:
name: Create release and tag
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
if: github.event.pull_request.merged == true
outputs:
match: ${{ steps.check-tag.outputs.match }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags

- name: Check Tag
id: check-tag
if: github.base_ref == 'master' || github.base_ref == 'main'
run: |
if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -115,4 +145,42 @@ jobs:
api_key: ${{ secrets.TWITTER_API_KEY }}
api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}


push_on_ecr:
runs-on: ubuntu-latest
needs: release_and_tag
if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true
strategy:
matrix:
dockerfile: ${{ fromJson(inputs.dockerfiles) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags
- name: Push on ecr branch
uses: ./.github/actions/push_on_ecr
if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev' || github.base_ref == 'test'
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ matrix.dockerfile }}
image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || ( github.base_ref == 'develop' || github.base_ref == 'dev' ) && 'stag' || 'test' }}
aws_region: ${{ inputs.aws_region }}
working_directory: ${{ inputs.working_directory }}

- name: Push on ecr new release
if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' )
uses: ./.github/actions/push_on_ecr
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: ${{ github.event.pull_request.title }}
aws_region: ${{ inputs.aws_region }}
working_directory: ${{ inputs.working_directory }}
1 change: 0 additions & 1 deletion .github/workflows/pull_request_automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ jobs:
check_migrations: true
check_requirements_licenses: true
check_docs_directory:
check_dockerfile: Dockerfile

use_postgres: false
postgres_db: db
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,9 @@ jobs:
publish_on_test_pypi: false
publish_on_npm: false
publish_on_twitter: false
publish_on_ecr: false
repository: certego-test
working_directory: .github/test/python_test
dockerfiles: >-
["Dockerfile"]
aws_region: eu-central-1
56 changes: 56 additions & 0 deletions actions/push_on_ecr/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Composite action push on ecr
description: Composite action push on ecr
inputs:
repository:
description: Repository name
required: true
dockerfile:
description: Path for dockerfile from working directory
required: true
working_directory:
description: Docker build context
required: true

aws_account_id:
description: Aws User code
required: true
aws_access_key:
description: Aws access key
required: true
aws_secret_access_key:
description: Aws secret access key
required: true
image_tag:
description: Directory that must be run against the linters
required: true

aws_region:
description: Aws region
required: true

runs:
using: "composite"
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ inputs.aws_region}}
aws-access-key-id: ${{ inputs.aws_access_key }}
aws-secret-access-key: ${{ inputs.aws_secret_access_key }}

- name: Login to Amazon ECR Private
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push
uses: docker/build-push-action@v5
with:
context: ${{ inputs.working_directory }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com/${{ inputs.repository }}:${{ inputs.image_tag }}
file: ${{ inputs.working_directory }}/${{ inputs.dockerfile }}
6 changes: 0 additions & 6 deletions workflows/_python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,12 +412,6 @@ jobs:
shell: bash
working-directory: ${{ inputs.check_docs_directory }}

- name: Build DockerFile
if: inputs.check_dockerfile
run: |
docker build -f ${{ inputs.check_dockerfile }} .
working-directory: ${{ inputs.working_directory }}

- name: Start services
uses: ./.github/actions/services
if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached || inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo
Expand Down
72 changes: 70 additions & 2 deletions workflows/_release_and_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,48 @@ on:
required: false
default: #CyberSecurity

publish_on_ecr:
description: Publish on ecr
type: boolean
required: false
default: false
repository:
description: Repository name
type: string
required: false
default: ${{ github.event.repository.name }}

dockerfiles:
description: Path for dockerfiles from working directory
type: string
required: false
working_directory:
description: Docker build context
type: string
required: false
default: .
aws_region:
description: Aws region
type: string
required: false
default: eu-central-1


jobs:
release_and_tag:
name: Create release and tag
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
if: github.event.pull_request.merged == true
outputs:
match: ${{ steps.check-tag.outputs.match }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags

- name: Check Tag
id: check-tag
if: github.base_ref == 'master' || github.base_ref == 'main'
run: |
if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -115,4 +145,42 @@ jobs:
api_key: ${{ secrets.TWITTER_API_KEY }}
api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}


push_on_ecr:
runs-on: ubuntu-latest
needs: release_and_tag
if: github.event.pull_request.merged == true && inputs.publish_on_ecr == true
strategy:
matrix:
dockerfile: ${{ fromJson(inputs.dockerfiles) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # otherwise, you do not retrieve the tags
- name: Push on ecr branch
uses: ./.github/actions/push_on_ecr
if: github.base_ref == 'master' || github.base_ref == 'main' || github.base_ref == 'develop' || github.base_ref == 'dev'
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ matrix.dockerfile }}
image_tag: ${{ ( github.base_ref == 'main' || github.base_ref == 'master' ) && 'prod' || 'stag' }}
aws_region: ${{ inputs.aws_region }}
working_directory: ${{ inputs.working_directory }}

- name: Push on ecr new release
if: needs.release_and_tag.outputs.match == 'true' && (github.base_ref == 'master' || github.base_ref == 'main' )
uses: ./.github/actions/push_on_ecr
with:
repository: ${{ inputs.repository }}
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
dockerfile: ${{ inputs.dockerfile }}
image_tag: ${{ github.event.pull_request.title }}
aws_region: ${{ inputs.aws_region }}
working_directory: ${{ inputs.working_directory }}
1 change: 0 additions & 1 deletion workflows/pull_request_automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ jobs:
check_migrations: true
check_requirements_licenses: true
check_docs_directory:
check_dockerfile: Dockerfile

use_postgres: false
postgres_db: db
Expand Down
6 changes: 6 additions & 0 deletions workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,9 @@ jobs:
publish_on_test_pypi: false
publish_on_npm: false
publish_on_twitter: false
publish_on_ecr: false
repository: certego-test
working_directory: .github/test/python_test
dockerfiles: >-
["Dockerfile"]
aws_region: eu-central-1
Loading