-
Notifications
You must be signed in to change notification settings - Fork 6
100 lines (87 loc) · 3.23 KB
/
mirror-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Create and Commit Next-Build Docker Image
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
on:
workflow_dispatch:
inputs:
image_tag:
description: Image tag version
type: string
required: true
default: "1.0.0"
workflow_run:
workflows: ['Create Production Tag']
types: [completed]
branches: [main]
jobs:
mirror:
runs-on: ubuntu-20.04
env:
ECR_REPOSITORY: "dsva/next-build-node"
IMAGE_TAG: ${{ inputs.image_tag }}
if: ${{ !(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure') }}
steps:
- uses: actions/checkout@v4
with:
path: next-build
- uses: actions/checkout@v4
with:
repository: department-of-veterans-affairs/vets-website
path: vets-website
- name: 'Download tag artifact'
if: ${{ github.event_name == 'workflow_run' }}
uses: actions/github-script@v7
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "tag.txt"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/tag.zip`, Buffer.from(download.data));
- name: 'Unzip artifact'
if: ${{ github.event_name == 'workflow_run' }}
run: unzip tag.zip
- name: 'Read tag version'
if: ${{ github.event_name == 'workflow_run' }}
run: |
echo "IMAGE_TAG=$(cat tag.txt)" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
aws-region: us-gov-west-1
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }}
role-duration-seconds: 900
role-session-name: vsp-vagov-next-build-githubaction
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
if: ${{ env.IMAGE_TAG != '' }}
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
cp next-build/docker/Dockerfile .
cp next-build/docker/.dockerignore .
docker build . -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Write release name as artifact
run: |
mkdir -p ./tag
echo $IMAGE_TAG > ./tag/tag.txt
- uses: actions/upload-artifact@v4
with:
name: tag.txt
path: tag/
## Needs failure state handling, and in general this and update manifest need notification handling.