Add workflow to publish to ECR, modify dockerfile and makefile

This commit adds the workflow to automatically publish images on pushes to the main branch. I update the dockerfile to use the 3.10-slim image, which more closely matches how we do other python dockerfiles. i update the makefile to have two dev specific commands, "dist-dev" which creates the docker image locally and "publish-dev" which then publishes it to the dev ECR for use in stepfunctions.
MITLibraries · Apr 26, 2022 · 81372ea · 81372ea
1 parent 46bd37e
commit 81372ea
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 22 deletions.
diff --git a/.github/workflows/dev_ecr_push.yml b/.github/workflows/dev_ecr_push.yml
@@ -0,0 +1,37 @@
+name: dev ECR push
+on:
+  push:
+    branches:
+      - main
+# Set defaults
+defaults:
+  run:
+    shell: bash
+
+env:
+  AWS_REGION: "us-east-1"
+  AWS_ACCOUNT_ID: "222053980223"
+  IAM_ROLE: "timdex-transmogrifier-gha-dev"
+
+jobs:
+  deploy:
+    name: Deploy dev build
+    runs-on: ubuntu-latest
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.IAM_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Build image
+        run: make dist-dev
+      - name: Push image
+        run: make publish-dev
+
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3 AS py3
+FROM python:3.10-slim AS py3
 RUN pip install pipenv
 
 FROM py3 AS wheel

diff --git a/Makefile b/Makefile
@@ -1,9 +1,8 @@
 .PHONY: install test lint dist update publish promote
 SHELL=/bin/bash
-ECR_REGISTRY=672626379771.dkr.ecr.us-east-1.amazonaws.com
+ECR_REGISTRY=222053980223.dkr.ecr.us-east-1.amazonaws.com
 DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ)
 
-
 help: ## Print this message
 	@awk 'BEGIN { FS = ":.*##"; print "Usage:  make <target>\n\nTargets:" } \
 /^[-_[:alpha:]]+:.?*##/ { printf "  %-15s%s\n", $$1, $$2 }' $(MAKEFILE_LIST)
@@ -36,26 +35,17 @@ isort:
 mypy:
 	pipenv run mypy harvester
 
-
-### Docker commands ###
-dist: ## Build docker container
-	docker build -t $(ECR_REGISTRY)/oaiharvester-stage:latest \
-		-t $(ECR_REGISTRY)/oaiharvester-stage:`git describe --always` \
-		-t oaiharvester .
-
 update: install ## Update all Python dependencies
 	pipenv clean
 	pipenv update --dev
 
-publish: ## Push and tag the latest image (use `make dist && make publish`)
-	$$(aws ecr get-login --no-include-email --region us-east-1)
-	docker push $(ECR_REGISTRY)/oaiharvester-stage:latest
-	docker push $(ECR_REGISTRY)/oaiharvester-stage:`git describe --always`
-
-promote: ## Promote the current staging build to production
-	$$(aws ecr get-login --no-include-email --region us-east-1)
-	docker pull $(ECR_REGISTRY)/oaiharvester-stage:latest
-	docker tag $(ECR_REGISTRY)/oaiharvester-stage:latest $(ECR_REGISTRY)/oaiharvester-prod:latest
-	docker tag $(ECR_REGISTRY)/oaiharvester-stage:latest $(ECR_REGISTRY)/oaiharvester-prod:$(DATETIME)
-	docker push $(ECR_REGISTRY)/oaiharvester-prod:latest
-	docker push $(ECR_REGISTRY)/oaiharvester-prod:$(DATETIME)
+### Docker commands ###
+dist-dev: ## Build docker image
+	docker build --platform linux/amd64 -t $(ECR_REGISTRY)/timdex-oaiharvester-dev:latest \
+		-t $(ECR_REGISTRY)/timdex-oaiharvester-dev:`git describe --always` \
+		-t oaiharvester:latest .
+
+publish-dev: dist-dev ## Build, tag and push
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY)
+	docker push $(ECR_REGISTRY)/timdex-oaiharvester-dev:latest
+	docker push $(ECR_REGISTRY)/timdex-oaiharvester-dev:`git describe --always`