From f949547ecf19dc5ca9b6ecb2da5ad374751078ed Mon Sep 17 00:00:00 2001 From: Michael Kramer Date: Wed, 26 Nov 2025 11:06:48 +0100 Subject: [PATCH] Use proposed action workflow for testing it --- .github/workflows/deploy.yml | 3 +- .../docker-build-push-image-test.yml | 154 ++++++++++++++++++ 2 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/docker-build-push-image-test.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 43c1cc9..dbe751f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -12,7 +12,8 @@ permissions: jobs: build-and-push-image: if: github.repository_owner == 'exercism' # Stops this job from running on forks. - uses: exercism/github-actions/.github/workflows/docker-build-push-image.yml@main + # uses: exercism/github-actions/.github/workflows/docker-build-push-image.yml@main + uses: ./.github/workflows/docker-build-push-image-test.yml secrets: AWS_ACCOUNT_ID: ${{secrets.AWS_ACCOUNT_ID}} AWS_REGION: ${{secrets.AWS_REGION}} diff --git a/.github/workflows/docker-build-push-image-test.yml b/.github/workflows/docker-build-push-image-test.yml new file mode 100644 index 0000000..233df6d --- /dev/null +++ b/.github/workflows/docker-build-push-image-test.yml @@ -0,0 +1,154 @@ +name: Build and Push Docker image + +on: + workflow_call: + inputs: + aws_ecr: + description: "Push to AWS ECR" + default: true + required: false + type: boolean + docker_hub: + description: "Push to Docker Hub" + default: true + required: false + type: boolean + provenance: + description: "Generate provenance attestation for the build" + default: true + required: false + type: boolean + image_name: + description: "The name of the image to deploy (default: repo name)" + required: false + type: string + platform: + description: "The image's platform (default: linux/amd64)" + default: "linux/amd64" + required: false + type: string + secrets: + AWS_ACCOUNT_ID: + description: "The AWS account ID used to determine the ECR registry" + required: true + AWS_REGION: + description: "The AWS region used to determine the ECR registry" + required: true + AWS_ECR_ACCESS_KEY_ID: + description: "The access key ID used to log into AWS ECR" + required: true + AWS_ECR_SECRET_ACCESS_KEY: + description: "The secret access key ID used to log into AWS ECR" + required: true + DOCKERHUB_USERNAME: + description: "The username used to log into Docker Hub" + required: true + DOCKERHUB_PASSWORD: + description: "The password used to log into Docker Hub" + required: true + DOCKER_BUILD_ARGS: + description: "Docker build arguments" + required: false + +permissions: + contents: write + +jobs: + build-and-push: + runs-on: ubuntu-22.04 + + env: + ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com + + steps: + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + with: + # Never deploy from non-main branches + ref: main + + - name: Check if Dockerfile is present + id: dockerfile-exists + run: | + dockerfile_exists=$(test -f Dockerfile && echo 'true' || echo 'false') + if [ "${dockerfile_exists}" == "false" ]; then + echo "::warning:: Skip deploy due to missing Dockerfile" + fi + echo "result=${dockerfile_exists}" >> $GITHUB_OUTPUT + + - name: Set up Docker + uses: docker/setup-docker-action@v4 + with: + daemon-config: | + { + "features": { + "containerd-snapshotter": true + } + } + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + if: steps.dockerfile-exists.outputs.result == 'true' + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 + + - name: Login to DockerHub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}} + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to ECR + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}} + with: + registry: ${{ env.ECR_REGISTRY }} + username: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} + + - name: Build Docker image + if: ${{steps.dockerfile-exists.outputs.result == 'true' && (inputs.docker_hub || inputs.aws_ecr)}} + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + with: + context: . + file: ./Dockerfile + load: true + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: ${{ secrets.DOCKER_BUILD_ARGS }} + provenance: false + platforms: ${{ inputs.platform }} + + - name: Push to Docker Hub + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}} + with: + context: . + file: ./Dockerfile + push: true + tags: | + sencudra/${{ inputs.image_name || github.event.repository.name }}:latest + sencudra/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: ${{ secrets.DOCKER_BUILD_ARGS }} + provenance: false + platforms: ${{ inputs.platform }} + + - name: Push to AWS ECR + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}} + with: + context: . + file: ./Dockerfile + push: true + tags: | + ${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:production + ${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: ${{ secrets.DOCKER_BUILD_ARGS }} + provenance: false + platforms: ${{ inputs.platform }}