Build and Push Container to ECR, deploy to lambda

chore(deps): update all patch dependencies (#488) #419

Workflow file for this run

.github/workflows/build_and_push.yml at ac122bb

	name: Build and Push Container to ECR, deploy to lambda

	on:
	workflow_dispatch:
	push:
	branches: [main]

	env:
	AWS_REGION: ca-central-1
	GITHUB_SHA: ${{ github.sha }}
	REGISTRY: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/list-manager

	permissions:
	id-token: write
	contents: read

	jobs:
	changes:
	runs-on: ubuntu-latest
	outputs:
	images: ${{ steps.filter.outputs.changes }}
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
	id: filter
	with:
	filters: \|
	api: 'api/**'

	build-push-and-deploy:
	if: needs.changes.outputs.images != '[]'
	runs-on: ubuntu-latest
	needs: changes
	strategy:
	fail-fast: false
	matrix:
	image: ${{ fromJSON(needs.changes.outputs.images) }}

	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Build container
	working-directory: ./${{ matrix.image }}
	run: \|
	docker build \
	--build-arg git_sha=$GITHUB_SHA \
	-t $REGISTRY/${{ matrix.image }}:$GITHUB_SHA \
	-t $REGISTRY/${{ matrix.image }}:latest .

	- name: Configure AWS credentials using OIDC
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/list-manager-apply
	role-session-name: ECRPush
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1

	- name: Push containers to ECR
	run: \|
	docker push $REGISTRY/${{ matrix.image }}:$GITHUB_SHA
	docker push $REGISTRY/${{ matrix.image }}:latest

	- name: Deploy lambda
	if: matrix.image == 'api' \|\| contains(matrix.image, 'scanners')
	run: \|
	FNAME=$(sed 's/\//-/g' <<< "${{ matrix.image }}")
	aws lambda update-function-code \
	--function-name "$FNAME" \
	--image-uri $REGISTRY/${{ matrix.image }}:latest > /dev/null 2>&1

	- name: Migrate Database
	if: matrix.image == 'api'
	run: \|
	source .github/workflows/scripts/migrate.sh
	migrate

	- name: Docker generate SBOM
	uses: cds-snc/security-tools/.github/actions/generate-sbom@598deeaed48ab3bb0df85f0ed124ba53f0ade385 # v3.1.0
	with:
	docker_image: "${{ env.REGISTRY }}/${{ matrix.image }}:latest"
	dockerfile_path: "${{ matrix.image }}/Dockerfile"
	sbom_name: "${{ matrix.image }}"
	token: "${{ secrets.GITHUB_TOKEN }}"

	- name: Logout of Amazon ECR
	run: docker logout ${{ steps.login-ecr.outputs.registry }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all patch dependencies (#488) #419

Workflow file

chore(deps): update all patch dependencies (#488) #419

Jobs

Run details

Workflow file for this run