From 81372eaf6f7b6410208451c804f6481069a54617 Mon Sep 17 00:00:00 2001 From: zotoMIT Date: Tue, 26 Apr 2022 13:37:02 -0400 Subject: [PATCH] Add workflow to publish to ECR, modify dockerfile and makefile This commit adds the workflow to automatically publish images on pushes to the main branch. I update the dockerfile to use the 3.10-slim image, which more closely matches how we do other python dockerfiles. i update the makefile to have two dev specific commands, "dist-dev" which creates the docker image locally and "publish-dev" which then publishes it to the dev ECR for use in stepfunctions. --- .github/workflows/dev_ecr_push.yml | 37 ++++++++++++++++++++++++++++++ Dockerfile | 2 +- Makefile | 32 +++++++++----------------- 3 files changed, 49 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/dev_ecr_push.yml diff --git a/.github/workflows/dev_ecr_push.yml b/.github/workflows/dev_ecr_push.yml new file mode 100644 index 0000000..a56bded --- /dev/null +++ b/.github/workflows/dev_ecr_push.yml @@ -0,0 +1,37 @@ +name: dev ECR push +on: + push: + branches: + - main +# Set defaults +defaults: + run: + shell: bash + +env: + AWS_REGION: "us-east-1" + AWS_ACCOUNT_ID: "222053980223" + IAM_ROLE: "timdex-transmogrifier-gha-dev" + +jobs: + deploy: + name: Deploy dev build + runs-on: ubuntu-latest + # These permissions are needed to interact with GitHub's OIDC Token endpoint. + permissions: + id-token: write + contents: read + + steps: + - uses: actions/checkout@v2 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.IAM_ROLE }} + aws-region: ${{ env.AWS_REGION }} + + - name: Build image + run: make dist-dev + - name: Push image + run: make publish-dev + diff --git a/Dockerfile b/Dockerfile index c14630e..37238f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3 AS py3 +FROM python:3.10-slim AS py3 RUN pip install pipenv FROM py3 AS wheel diff --git a/Makefile b/Makefile index d9b80d2..34ead34 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,8 @@ .PHONY: install test lint dist update publish promote SHELL=/bin/bash -ECR_REGISTRY=672626379771.dkr.ecr.us-east-1.amazonaws.com +ECR_REGISTRY=222053980223.dkr.ecr.us-east-1.amazonaws.com DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ) - help: ## Print this message @awk 'BEGIN { FS = ":.*##"; print "Usage: make \n\nTargets:" } \ /^[-_[:alpha:]]+:.?*##/ { printf " %-15s%s\n", $$1, $$2 }' $(MAKEFILE_LIST) @@ -36,26 +35,17 @@ isort: mypy: pipenv run mypy harvester - -### Docker commands ### -dist: ## Build docker container - docker build -t $(ECR_REGISTRY)/oaiharvester-stage:latest \ - -t $(ECR_REGISTRY)/oaiharvester-stage:`git describe --always` \ - -t oaiharvester . - update: install ## Update all Python dependencies pipenv clean pipenv update --dev -publish: ## Push and tag the latest image (use `make dist && make publish`) - $$(aws ecr get-login --no-include-email --region us-east-1) - docker push $(ECR_REGISTRY)/oaiharvester-stage:latest - docker push $(ECR_REGISTRY)/oaiharvester-stage:`git describe --always` - -promote: ## Promote the current staging build to production - $$(aws ecr get-login --no-include-email --region us-east-1) - docker pull $(ECR_REGISTRY)/oaiharvester-stage:latest - docker tag $(ECR_REGISTRY)/oaiharvester-stage:latest $(ECR_REGISTRY)/oaiharvester-prod:latest - docker tag $(ECR_REGISTRY)/oaiharvester-stage:latest $(ECR_REGISTRY)/oaiharvester-prod:$(DATETIME) - docker push $(ECR_REGISTRY)/oaiharvester-prod:latest - docker push $(ECR_REGISTRY)/oaiharvester-prod:$(DATETIME) +### Docker commands ### +dist-dev: ## Build docker image + docker build --platform linux/amd64 -t $(ECR_REGISTRY)/timdex-oaiharvester-dev:latest \ + -t $(ECR_REGISTRY)/timdex-oaiharvester-dev:`git describe --always` \ + -t oaiharvester:latest . + +publish-dev: dist-dev ## Build, tag and push + docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY) + docker push $(ECR_REGISTRY)/timdex-oaiharvester-dev:latest + docker push $(ECR_REGISTRY)/timdex-oaiharvester-dev:`git describe --always`