generated from linz/template-javascript-hello-world
-
Notifications
You must be signed in to change notification settings - Fork 4
137 lines (114 loc) · 4.81 KB
/
push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Build
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3
with:
node-version: 20.x
- name: Generate Readme
run: |
npm run docs
# Validate no READMEs have been updated
- name: Validate Readme generation
run: |
git diff --exit-code
# Only build containers on branches otherwise container builds are duplicated deploy-nonprod-containers
- name: Set up Docker Buildx
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
- name: Build container
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
with:
context: .
platforms: linux/amd64
push: false
build-args: |
GIT_HASH=${{ github.sha }}
GITHUB_RUN_ID=${{ github.run_id}}
deploy-nonprod-containers:
runs-on: ubuntu-latest
concurrency: deploy-dev-${{ github.ref }}
needs: ['build']
# On push to master when it is not a release!
if: ${{ github.ref == 'refs/heads/master' && !startsWith(github.event.head_commit.message, 'release:') }}
permissions:
id-token: write
contents: read
packages: write
env:
AWS_CI_ROLE: ${{ secrets.AWS_CI_ROLE }}
environment:
name: nonprod
steps:
- uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3
with:
node-version: 20.x
- name: Download actionlint
run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
- name: Run actionlint to check workflow files
run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color
- name: Setup GIT version
id: version
run: |
GIT_VERSION=$(git describe --tags --always --match 'v*')
GIT_VERSION_MAJOR=$(echo "$GIT_VERSION" | cut -d. -f1)
GIT_VERSION_MAJOR_MINOR=$(echo "$GIT_VERSION" | cut -d. -f1,2)
{ echo "version=${GIT_VERSION}"; echo "version_major=${GIT_VERSION_MAJOR}"; echo "version_major_minor=${GIT_VERSION_MAJOR_MINOR}"; } >> "$GITHUB_OUTPUT"
- name: Set up Docker Qemu
id: qemu
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
- name: Docker meta
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.version=${{ steps.version.outputs.version }}
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS Credentials
if: ${{env.AWS_CI_ROLE != ''}}
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_CI_ROLE }}
- name: Login to Amazon ECR
if: ${{env.AWS_CI_ROLE != ''}}
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1
- name: Setup docker tags
id: tags
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
with:
result-encoding: string
script: |
const tags = [];
tags.push('ghcr.io/${{ github.repository }}:latest');
tags.push('ghcr.io/${{ github.repository }}:${{ steps.version.outputs.version }}');
if ("${{ steps.login-ecr.outputs.registry }}") {
tags.push('${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:latest');
tags.push('${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:${{ steps.version.outputs.version }}');
}
return tags.join(', ')
- name: Build and push container
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
with:
context: .
tags: ${{ steps.tags.outputs.result }}
push: true
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/arm64,linux/amd64
build-args: |
GIT_HASH=${{ github.sha }}
GIT_VERSION=${{ steps.version.outputs.version }}
GITHUB_RUN_ID=${{ github.run_id}}