forked from GoogleContainerTools/kaniko
-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (105 loc) · 4.57 KB
/
verta-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Build and Push
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- verta/main
- 'release/*'
permissions:
id-token: write # This is required for requesting the JWT
contents: write # Read is required for actions/checkout, write is required to comment on commits
statuses: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
VERTA_ECR_REGISTRY: "493416687123.dkr.ecr.us-east-1.amazonaws.com"
jobs:
kaniko:
runs-on: ubuntu-latest
env:
ECR_REPOSITORY: "493416687123.dkr.ecr.us-east-1.amazonaws.com/external/kaniko-project/executor"
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
# need previous commit to find PR head commit info
fetch-depth: 2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::493416687123:role/github-actions
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Get branch names
id: branch_names
uses: tj-actions/branch-names@v7
- name: Get docker image tag
id: image_info
run: |
branch=$(echo ${{ steps.branch_names.outputs.current_branch }} | sed 's,/,_,g')
# PRs checkout a merge of PR head with target. Branches checkout current head of branch.
# When in a PR, use the PR head commit sha instead of the checkout commit sha.
pr_sha="${{ github.event.pull_request.head.sha }}"
sha=${pr_sha:-$GITHUB_SHA}
sha_details=$(TZ=UTC git show -s --format=%cd--%h --date='format-local:%Y-%m-%dT%H-%M-%S' --abbrev=7 $sha)
echo "sha=${sha}" >> $GITHUB_OUTPUT
echo "tag=${branch}-${sha_details}" >> $GITHUB_OUTPUT
- name: Update commit status with Docker image status
uses: ouzi-dev/commit-status-updater@v2
with:
name: "Tag: ${{ steps.image_info.outputs.tag }}"
description: "Publishing..."
- name: Inspect image to see if it already exists
id: should_publish
run: |
TARGETS=""
docker manifest inspect $ECR_REPOSITORY:${{ steps.image_info.outputs.tag }} || TARGETS="kaniko"
echo "targets=${TARGETS}" >> $GITHUB_OUTPUT
- name: Build and push Docker image to ECR
uses: docker/build-push-action@v4
if: "!(steps.should_publish.outputs.targets == '')"
env:
DOCKER_BUILDKIT: "1"
with:
# context: .
file: deploy/Dockerfile
push: true
# build-args: |
# VERSION=${{ steps.image_info.outputs.tag }}
tags: |
${{ env.ECR_REPOSITORY }}:${{ steps.image_info.outputs.tag }}
- name: Configure AWS credentials for us-west-2
# external components should mirror every merge to verta/main
if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::493416687123:role/github-actions
aws-region: us-west-2
- name: Login to Amazon ECR for us-west-2
id: login-ecr-release
if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
uses: aws-actions/amazon-ecr-login@v1
- name: Mirror Docker image to us-west-2
id: mirror-release
if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
shell: bash
run: |
export TARGET_REPOSITORY=${ECR_REPOSITORY/us-east-1/us-west-2}
docker manifest inspect ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} || \
docker tag ${ECR_REPOSITORY}:${{ steps.image_info.outputs.tag }} ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} && \
docker push ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }}
- name: Create commit comment
uses: peter-evans/commit-comment@v2
if: "!(steps.should_publish.outputs.targets == '')"
with:
body: "Docker Tag: ${{ steps.image_info.outputs.tag }}"
- name: Update commit status with Docker image status
uses: ouzi-dev/commit-status-updater@v2
with:
name: "Tag: ${{ steps.image_info.outputs.tag }}"
url: "${{ github.server_url }}/${{ github.repository }}/commit/${{ steps.image_info.outputs.sha }}#comments"
status: success