ci_container.yml

name: Build containers CI

on:
  workflow_dispatch:
  pull_request:

env:
  GITHUB_SHA: ${{ github.sha }}
  REGISTRY: 283582579564.dkr.ecr.ca-central-1.amazonaws.com/sre-bot

permissions:
  id-token: write
  contents: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Audit DNS requests
        uses: cds-snc/dns-proxy-action@main
        env:
          DNS_PROXY_FORWARDTOSENTINEL: "true"
          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}

      - name: Checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Configure aws credentials using OIDC
        uses: aws-actions/configure-aws-credentials@master
        with:
          role-to-assume: arn:aws:iam::283582579564:role/sre-bot-plan
          role-session-name: SREBotGitHubActions
          aws-region: "ca-central-1"

      - name: Download GeoDB from S3
        run: |
          aws s3 cp s3://${{ secrets.GEO_DB_BUCKET }}/GeoLite2-City.tar.gz ./GeoLite2-City.tar.gz

      - name: Build container
        working-directory: ./
        run: |
          docker build \
          --build-arg git_sha=$GITHUB_SHA \
          -t sre-bot:latest \
          -t $REGISTRY/sre-bot:$GITHUB_SHA-`date '+%Y-%m-%d'` \
          -t $REGISTRY/sre-bot:latest .