Skip to content

Commit

Permalink
Merge pull request #8 from govuk-one-login/image-architecture-fix-min…
Browse files Browse the repository at this point in the history 
…or-change

PLAT-4215 Adding option to configure the --platform tag during docker build
  • Loading branch information
@monhaque
monhaque committed Apr 17, 2024
2 parents 5e1a290 + c8c2388 commit aa8da0d
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 23 deletions.
39 changes: 20 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,21 @@ The action packages, signs, and uploads the application to the specified ECR and

## Action Inputs

| Input | Required | Description | Example |
|----------------------------|----------|----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
| dockerfile | false | The Dockerfile to use for the build | Dockerfile
| docker-build-path | false | The Dockerfile path to use for the build | Docker-build-path
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true"
| private-docker-registry | false | Private Docker registry URL. Default to "" | "abc12345.live.dynatrace.com"
| private-docker-login-username | false | Login username to the private docker registry | "abc12345"
| private-docker-login-password | false | Login password to the private docker registry | This should ideally be a GitHub secret
| Input | Required | Description | Example |
| ----------------------------- | -------- | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
| dockerfile | false | The Dockerfile to use for the build | Dockerfile |
| docker-build-path | false | The Dockerfile path to use for the build | Docker-build-path |
| docker-platform | false | The target architecture for the image build | "" |
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true" |
| private-docker-registry | false | Private Docker registry URL. Default to "" | "abc12345.live.dynatrace.com" |
| private-docker-login-username | false | Login username to the private docker registry | "abc12345" |
| private-docker-login-password | false | Login password to the private docker registry | This should ideally be a GitHub secret |

## Usage Example

Expand All @@ -41,10 +42,10 @@ Pull in the action in your workflow as below, making sure to specify the release

- pre-commit:

```shell
brew install pre-commit
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
```
```shell
brew install pre-commit
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
```

## Releasing updates

Expand All @@ -60,4 +61,4 @@ NOTE: Until v3 is released, you will need to point both v1 and v2 to the latest

### Breaking changes

Release a new major version as normal following semantic versioning.
Release a new major version as normal following semantic versioning.
11 changes: 8 additions & 3 deletions action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ inputs:
docker-build-path:
description: The Dockerfile path to use for the build
required: false
docker-platform:
description: The target architecture for the image build
required: false
default: ""
checkout-repo:
description: Checks out the repo as the first step of the action. Default "true".
required: false
Expand Down Expand Up @@ -69,7 +73,7 @@ runs:
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true' # pragma: allowlist secret
mask-password: "true" # pragma: allowlist secret

- name: Login to private Docker Registry
if: ${{ inputs.private-docker-registry != '' }}
Expand All @@ -82,7 +86,7 @@ runs:
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.9.0'
cosign-release: "v1.9.0"

- name: Upload Fargates to S3
env:
Expand All @@ -95,7 +99,8 @@ runs:
ARTIFACT_BUCKET_NAME: ${{ inputs.artifact-bucket-name }}
DOCKERFILE: ${{ inputs.dockerfile }}
DOCKER_BUILD_PATH: ${{ inputs.docker-build-path }}
DOCKER_PLATFORM: ${{ inputs.docker-platform }}
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}

run: ${{ github.action_path }}/scripts/build-tag-push-ecr.sh
shell: bash
shell: bash
16 changes: 15 additions & 1 deletion scripts/build-tag-push-ecr.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,21 @@ fi

echo "Building image"

docker build -t "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" -f "$DOCKER_BUILD_PATH"/"$DOCKERFILE" "$DOCKER_BUILD_PATH"
PLATFORM_OPTION=""

if [ -n "${DOCKER_PLATFORM}" ]; then
echo "Using platform option as --platform ${DOCKER_PLATFORM}"
PLATFORM_OPTION="--platform ${DOCKER_PLATFORM}"
else
echo "No platform option supplied, using defaults."
fi

docker build \
--tag "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" \
$PLATFORM_OPTION \
--file "$DOCKER_BUILD_PATH"/"$DOCKERFILE" \
"$DOCKER_BUILD_PATH"

docker push "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA"

if [ ${CONTAINER_SIGN_KMS_KEY_ARN} != "none" ]; then
Expand Down

0 comments on commit aa8da0d

Please sign in to comment.