vrr/gitingest
2
0
Fork 0
mirror of https://github.com/cyclotruc/gitingest.git synced 2026-04-28 10:19:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ci: add ECR container build (#461)

Browse source
This commit is contained in:
Mickael 2025-07-27 04:24:58 +02:00 committed by GitHub
parent 63521631c0
commit c8eb5be143
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 86 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

82
.github/workflows/docker-build.ecr.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: Build & Push Container
on:
push:
branches:
- 'main'
tags:
- '*'
merge_group:
pull_request_target:
types: [labeled, synchronize, reopened, ready_for_review, opened]
env:
PUSH_FROM_PR: >-
${{ github.event_name == 'pull_request_target' &&
(
contains(github.event.pull_request.labels.*.name, 'push-container') ||
contains(github.event.pull_request.labels.*.name, 'deploy-pr-temp-env')
)
}}
jobs:
terraform:
name: "ECR"
runs-on: ubuntu-latest
if: github.repository == 'coderamp-labs/gitingest'
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CODERAMP_AWS_ECR_REGISTRY_PUSH_ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: eu-west-1
- name: Set current timestamp
id: vars
run: |
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Docker Meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ secrets.ECR_REGISTRY_URL }}
flavor: |
latest=false
tags: |
type=ref,event=branch,branch=main,suffix=-${{ steps.vars.outputs.sha_short }}-${{ steps.vars.outputs.timestamp }}
type=ref,event=pr,suffix=-${{ steps.vars.outputs.sha_short }}-${{ steps.vars.outputs.timestamp }}
type=pep440,pattern={{raw}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64, linux/arm64
push: ${{ github.event_name != 'pull_request_target' || env.PUSH_FROM_PR == 'true' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

8
.github/workflows/docker_image.yml → .github/workflows/docker-build.ghcr.yml vendored
View file

@ -17,9 +17,8 @@ concurrency:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# Now allow pushing from PRs when either 'push-container' OR 'deploy-pr-temp-env' is present:
PUSH_FROM_PR: >-
${{ github.event_name == 'pull_request' &&
${{ github.event_name == 'pull_request_target' &&
(
contains(github.event.pull_request.labels.*.name, 'push-container') ||
contains(github.event.pull_request.labels.*.name, 'deploy-pr-temp-env')
@ -31,6 +30,7 @@ permissions:
jobs:
docker-build:
name: "GHCR"
runs-on: ubuntu-latest
permissions:
contents: read
@ -84,14 +84,14 @@ jobs:
with:
context: .
platforms: linux/amd64, linux/arm64
push: ${{ github.event_name != 'pull_request' || env.PUSH_FROM_PR == 'true' }}
push: ${{ github.event_name != 'pull_request_target' || env.PUSH_FROM_PR == 'true' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate artifact attestation
if: github.event_name != 'pull_request' || env.PUSH_FROM_PR == 'true'
if: github.event_name != 'pull_request_target' || env.PUSH_FROM_PR == 'true'
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}