Create and Commit Next-Build Docker Image #201
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create and Commit Next-Build Docker Image | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
on: | |
workflow_dispatch: | |
inputs: | |
image_tag: | |
description: Image tag version | |
type: string | |
required: true | |
default: "1.0.0" | |
workflow_run: | |
workflows: ['Create Production Tag'] | |
types: [completed] | |
branches: [main] | |
jobs: | |
mirror: | |
runs-on: ubuntu-20.04 | |
env: | |
ECR_REPOSITORY: "dsva/next-build-node" | |
IMAGE_TAG: ${{ inputs.image_tag }} | |
if: ${{ !(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure') }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: next-build | |
- uses: actions/checkout@v4 | |
with: | |
repository: department-of-veterans-affairs/vets-website | |
path: vets-website | |
- name: 'Download tag artifact' | |
if: ${{ github.event_name == 'workflow_run' }} | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: context.payload.workflow_run.id, | |
}); | |
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "tag.txt" | |
})[0]; | |
let download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
let fs = require('fs'); | |
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/tag.zip`, Buffer.from(download.data)); | |
- name: 'Unzip artifact' | |
if: ${{ github.event_name == 'workflow_run' }} | |
run: unzip tag.zip | |
- name: 'Read tag version' | |
if: ${{ github.event_name == 'workflow_run' }} | |
run: | | |
echo "IMAGE_TAG=$(cat tag.txt)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/[email protected] | |
with: | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: vsp-vagov-next-build-githubaction | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push image to Amazon ECR | |
if: ${{ env.IMAGE_TAG != '' }} | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
cp next-build/docker/Dockerfile . | |
cp next-build/docker/.dockerignore . | |
docker build . -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Write release name as artifact | |
run: | | |
mkdir -p ./tag | |
echo $IMAGE_TAG > ./tag/tag.txt | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: tag.txt | |
path: tag/ | |
## Needs failure state handling, and in general this and update manifest need notification handling. |