Skip to content
Publish version to AWS ECR

Publish version to AWS ECR #7

Sign in to view logs

Publish version to AWS ECR

Publish version to AWS ECR #7

Workflow file for this run

.github/workflows/publish-version-ecr.yaml at dd0521c
name: Publish version to AWS ECR
on:
workflow_dispatch: # manual trigger to publish prod/dev version
workflow_run: # trigger on GH version to publish prod version
workflows: ["Publish version to GitHub"]
types:
- completed
branches:
- main
jobs:
build-and-push:
name: Build and push Docker image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set version
id: set-version
run: |
if [ "${{ github.event_name }}" == "workflow_run" ]; then
POETRY_VERSION=$(grep -E '^requires-poetry = ' pyproject.toml | sed -E 's/requires-poetry = "(.*)"/\1/')
pip install poetry==$POETRY_VERSION
PROD=true
VERSION=$(poetry version -s)
REF=refs/tags/$VERSION
else
REF=$GITHUB_REF
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
PROD=true
VERSION=${GITHUB_REF#refs/tags/}
else
PROD=false
VERSION=dev-${GITHUB_REF#refs/heads/}-${GITHUB_SHA::7}
fi
fi
echo "PROD=$PROD" >> $GITHUB_OUTPUT
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "REF=$REF" >> $GITHUB_OUTPUT
# on main, we do not want necessarily the latest commit, but the one that was tagged
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ steps.set-version.outputs.REF }}
fetch-depth: 0
- name: Get Python version
id: get-python-version
run: |
pip install toml
PYTHON_VERSION=$(python -c 'import scripts.vars; scripts.vars.get_python_version()')
echo "PYTHON_VERSION=$PYTHON_VERSION" >> $GITHUB_OUTPUT
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1 # required for Public ECR
- name: Login to AWS Public ECR
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build and push Docker image
id: build-and-push
env:
VERSION: ${{ steps.set-version.outputs.VERSION }}
PROD: ${{ steps.set-version.outputs.PROD }}
ECR_REGISTRY: public.ecr.aws/w2b7b8c0
ECR_REPOSITORY: decode-cloud/user-api
PYTHON_VERSION: ${{ steps.get-python-version.outputs.PYTHON_VERSION }}
run: |
if ! aws ecr-public describe-repositories --repository-names $ECR_REPOSITORY --region us-east-1 2>/dev/null; then
aws ecr-public create-repository --repository-name $ECR_REPOSITORY --region us-east-1
fi
IMAGE_REF=$ECR_REGISTRY/$ECR_REPOSITORY:$VERSION
echo "IMAGE_REF=$IMAGE_REF" >> $GITHUB_OUTPUT
if docker manifest inspect $IMAGE_REF > /dev/null 2>&1; then
NEW_IMAGE=false
echo "Image $IMAGE_REF already exists, nothing pushed" >> $GITHUB_STEP_SUMMARY
else
NEW_IMAGE=true
docker build --build-arg PYTHON_VERSION=$PYTHON_VERSION -t $IMAGE_REF .
docker push $IMAGE_REF
echo "## 🚀 Published Docker Image: $IMAGE_REF" >> $GITHUB_STEP_SUMMARY
if [[ $PROD == "true" ]]; then
SET_LATEST=true
LATEST_EXISTS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest > /dev/null 2>&1 && echo "true" || echo "false")
if [[ $LATEST_EXISTS == "true" ]]; then
LATEST_LABELS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest | grep -o '"org.opencontainers.image.version":"[^"]*"' | cut -d'"' -f4 || echo "")
if printf '%s\n%s\n' "$LATEST_LABELS" "$VERSION" | sort -V | head -n1 | grep -q "^$VERSION$"; then
SET_LATEST=false
fi
fi
if [[ $SET_LATEST == "true" ]]; then
docker tag $IMAGE_REF $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
echo "Also tagged as: \`$ECR_REGISTRY/$ECR_REPOSITORY:latest\`" >> $GITHUB_STEP_SUMMARY
fi
fi
fi
echo "NEW_IMAGE=$NEW_IMAGE" >> $GITHUB_OUTPUT
- name: Add to GH release
if: steps.build-and-push.outputs.NEW_IMAGE == 'true' && steps.set-version.outputs.PROD == 'true'
uses: tubone24/update_release@v1.3.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ steps.set-version.outputs.VERSION }}
with:
body: "**Published image (AWS ECR Public):** `${{ steps.build-and-push.outputs.IMAGE_REF }}`"
isAppendBody: true