diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml new file mode 100644 index 0000000..388de7b --- /dev/null +++ b/.github/workflows/dev-build.yml @@ -0,0 +1,29 @@ +### This is the Terraform-generated dev-build.yml workflow for the ecr-workflow-test-dev app repository ### +### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document ### +### If the container requires any additional pre-build commands, uncomment and edit ### +### the PREBUILD line at the end of the document. ### +name: Dev Container Build and Deploy +on: + workflow_dispatch: + pull_request: + branches: + - main + paths-ignore: + - '.github/**' + +permissions: + id-token: write + contents: read + +jobs: + deploy: + name: Dev Container Deploy + uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-deploy-dev.yml@multi-arch-deploy + secrets: inherit + with: + AWS_REGION: "us-east-1" + GHA_ROLE: "ecr-workflow-test-gha-dev" + ECR: "ecr-workflow-test-dev" + CPU_ARCH: "linux/arm64" + # FUNCTION: "" + # PREBUILD: diff --git a/.github/workflows/prod-promote.yml b/.github/workflows/prod-promote.yml new file mode 100644 index 0000000..fba09f5 --- /dev/null +++ b/.github/workflows/prod-promote.yml @@ -0,0 +1,25 @@ +### This is the Terraform-generated prod-promote.yml workflow for the ecr-workflow-test-prod repository. ### +### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document. ### +name: Prod Container Promote +on: + workflow_dispatch: + release: + types: [published] + +permissions: + id-token: write + contents: read + +jobs: + deploy: + name: Prod Container Promote + uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-promote-prod.yml@multi-arch-deploy + secrets: inherit + with: + AWS_REGION: "us-east-1" + GHA_ROLE_STAGE: ecr-workflow-test-gha-stage + GHA_ROLE_PROD: ecr-workflow-test-gha-prod + ECR_STAGE: "ecr-workflow-test-stage" + ECR_PROD: "ecr-workflow-test-prod" + # FUNCTION: "" + \ No newline at end of file diff --git a/.github/workflows/stage-build.yml b/.github/workflows/stage-build.yml new file mode 100644 index 0000000..6fc3b1e --- /dev/null +++ b/.github/workflows/stage-build.yml @@ -0,0 +1,29 @@ +### This is the Terraform-generated dev-build.yml workflow for the ecr-workflow-test-stage app repository ### +### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document ### +### If the container requires any additional pre-build commands, uncomment and edit ### +### the PREBUILD line at the end of the document. ### +name: Stage Container Build and Deploy +on: + workflow_dispatch: + push: + branches: + - main + paths-ignore: + - '.github/**' + +permissions: + id-token: write + contents: read + +jobs: + deploy: + name: Stage Container Deploy + uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-deploy-stage.yml@multi-arch-deploy + secrets: inherit + with: + AWS_REGION: "us-east-1" + GHA_ROLE: "ecr-workflow-test-gha-stage" + ECR: "ecr-workflow-test-stage" + CPU_ARCH: "linux/arm64" + # FUNCTION: "" + # PREBUILD: diff --git a/Dockerfile b/Dockerfile index 553a5f1..0022de8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,20 @@ -FROM python:3.12-slim as build -WORKDIR /app -COPY . . +FROM python:3.13-slim + +RUN apt-get update && \ + apt-get install -y --no-install-recommends git ca-certificates && \ + rm -rf /var/lib/apt/lists/* -RUN pip install --no-cache-dir --upgrade pip pipenv +COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv +ENV UV_SYSTEM_PYTHON=1 + +WORKDIR /app -RUN apt-get update && apt-get upgrade -y && apt-get install -y git +# Copy project metadata +COPY pyproject.toml uv.lock* ./ -COPY Pipfile* / -RUN pipenv install +COPY ecr_test ./ecr_test +RUN uv pip install --system . -ENTRYPOINT ["pipenv", "run", "ecr_test"] +# See pyproject.toml +ENTRYPOINT ["my-app", "run"] +CMD [] diff --git a/Makefile b/Makefile index 1351136..a1ca5ae 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,12 @@ SHELL=/bin/bash DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ) +### This is the Terraform-generated header for ecr-workflow-test-dev. If ### +### this is a Lambda repo, uncomment the FUNCTION line below ### +### and review the other commented lines in the document. ### +ECR_NAME_DEV:=ecr-workflow-test-dev +ECR_URL_DEV:=222053980223.dkr.ecr.us-east-1.amazonaws.com/ecr-workflow-test-dev +CPU_ARCH:=linux/arm64 +### End of Terraform-generated header ### help: # Preview Makefile commands @awk 'BEGIN { FS = ":.*#"; print "Usage: make \n\nTargets:" } \ @@ -70,4 +77,38 @@ ruff-apply: # Resolve 'fixable errors' with 'ruff' # CLI convenience commands ############################## my-app: # CLI without any arguments, utilizing uv script entrypoint - uv run my-app \ No newline at end of file + uv run my-app + + +### Terraform-generated Developer Deploy Commands for Dev environment ### +dist-dev: ## Build docker container (intended for developer-based manual build) + docker buildx create --use && docker buildx build --platform $(CPU_ARCH) \ + -t $(ECR_URL_DEV):latest \ + -t $(ECR_URL_DEV):$(shell git describe --always) \ + -t $(ECR_NAME_DEV):latest . + +publish-dev: dist-dev ## Build, tag and push (intended for developer-based manual publish) + docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_DEV) + docker push $(ECR_URL_DEV):latest + docker push $(ECR_URL_DEV):$(shell git describe --always) + + +### Terraform-generated manual shortcuts for deploying to Stage. This requires ### +### that ECR_NAME_STAGE, ECR_URL_STAGE, and FUNCTION_STAGE environment ### +### variables are set locally by the developer and that the developer has ### +### authenticated to the correct AWS Account. The values for the environment ### +### variables can be found in the stage_build.yml caller workflow. ### +dist-stage: ## Only use in an emergency + docker buildx create --use && docker buildx build --platform $(CPU_ARCH) \ + -t $(ECR_URL_STAGE):latest \ + -t $(ECR_URL_STAGE):$(shell git describe --always) \ + -t $(ECR_NAME_STAGE):latest . + +publish-stage: ## Only use in an emergency + docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_STAGE) + docker push $(ECR_URL_STAGE):latest + docker push $(ECR_URL_STAGE):$(shell git describe --always) + +### If this is a Lambda repo, uncomment the two lines below ### +# update-lambda-stage: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update) +# aws lambda update-function-code --function-name $(FUNCTION_STAGE) --image-uri $(ECR_URL_STAGE):latest