Add GHA Workflow to automate ECR publishing

Why these changes are being introduced: Add a workflow for push to `main` that will publish the container to the existing ECR repository. How this addresses that need: * Create workflow that uses OIDC (role generated by mitlib-tf-workloads-ecr) to connect to AWS and run the `make` commands Side effects of this change: All future pushes to `main` will automatically force a new container to be published to ECR. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/ENSY-77
MITLibraries · May 18, 2022 · d76bce4 · d76bce4
1 parent cb7f98c
commit d76bce4
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/.github/workflows/dev_ecr_push.yml b/.github/workflows/dev_ecr_push.yml
@@ -0,0 +1,36 @@
+name: dev ECR push
+on:
+  push:
+    branches:
+      - main
+# Set defaults
+defaults:
+  run:
+    shell: bash
+
+env:
+  AWS_REGION: "us-east-1"
+  AWS_ACCOUNT_ID: "222053980223"
+  IAM_ROLE: "alma-webhook-lambdas-gha-dev"
+
+jobs:
+  deploy:
+    name: Deploy dev build
+    runs-on: ubuntu-latest
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.IAM_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Build image
+        run: make dist-dev
+      - name: Push image
+        run: make publish-dev