Support target stage in build-production

mlibrary · Jun 27, 2024 · bd83472 · bd83472
1 parent 272b307
commit bd83472
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 1 deletion.
diff --git a/.github/workflows/build-production.yml b/.github/workflows/build-production.yml
@@ -0,0 +1,102 @@
+# Merge changes to support target back to:
+# https://raw.githubusercontent.com/mlibrary/platform-engineering-workflows/main/.github/workflows/build-production.yml
+# Problem statement:
+#   - We need to pass target to build-push-action for lauth; not for others
+#   - Normally, the last stage is built, but we can't refer to "last" or its index to supply it generically by default
+#   - We don't know how to detect an input here and conditionally pass it to the build-push-action.
+#   - So, we have the condition at a rather funky spot... two mutually exclusive build steps, one with target and one without
+#
+# Maybe always passing inputs.target would just work (by being shuttled around as undefined)?
+name: Build production image
+
+on:
+  workflow_call: 
+    inputs:
+      docker_context: 
+        type: string
+        default: "."
+        required: false
+      dockerfile:
+        type: string
+        default: Dockerfile.prod
+        required: false
+      image_name:
+        type: string
+        required: true
+        description: The base name of the image.
+      tag: 
+        description: tag
+        required: true
+        type: string
+      target:
+        description: Target stage within the Dockerfile
+        required: false
+        type: string
+    secrets:
+      GH_PACKAGE_READ_TOKEN:
+        required: true
+
+jobs:
+  build_production:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Check that the tag exists in repo
+      id: tag_check
+      run: |
+        if git rev-parse 'refs/tags/${{ inputs.tag }}' &> /dev/null; then
+          echo 'tag=${{ inputs.tag }}' >> $GITHUB_OUTPUT
+        else
+          echo "Couldn't figure out tag from input: ${{ inputs.tag }}"
+          echo "Aborting deployment."
+          false
+        fi
+    - name: Log into Github Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Check that the tag exists in container registry
+      id: image_check
+      run: |
+        if docker manifest inspect ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }} > /dev/null; then
+          echo 'image_exists=true' >> $GITHUB_OUTPUT
+          echo "image exists!"
+        else
+          echo "image doesn't exist; Starting to Build and push image"
+        fi
+    - name: Checkout Correct repository
+      if: ${{ steps.image_check.outputs.image_exists != 'true' }}
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ steps.tag_check.outputs.tag }}
+    - name: Build and Push (without target)
+      if: ${{ steps.image_check.outputs.image_exists != 'true' && !inputs.target }}
+      uses: docker/build-push-action@v5
+      with:
+        context: ${{ inputs.docker_context }}
+        file: ${{ inputs.dockerfile }}
+        secrets: |
+          "gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}"
+          "github_token=${{ secrets.GITHUB_TOKEN }}"
+        push: true
+        tags: | 
+           ghcr.io/mlibrary/${{ inputs.image_name }}:latest
+           ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }}
+    - name: Build and Push (with target)
+      if: ${{ steps.image_check.outputs.image_exists != 'true' && !!inputs.target }}
+      uses: docker/build-push-action@v5
+      with:
+        context: ${{ inputs.docker_context }}
+        file: ${{ inputs.dockerfile }}
+        target: ${{ inputs.target }}
+        secrets: |
+          "gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}"
+          "github_token=${{ secrets.GITHUB_TOKEN }}"
+        push: true
+        tags: | 
+           ghcr.io/mlibrary/${{ inputs.image_name }}:latest
+           ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }}
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
@@ -7,7 +7,8 @@ on:
 jobs:
   build-staging:
     name: Build staging ${{ github.event.release.tag_name }}
-    uses: mlibrary/platform-engineering-workflows/.github/workflows/build-production.yml@v1
+    # uses: mlibrary/lauth/.github/workflows/build-production.yml@v1
+    uses: ./.github/workflows/build-production.yml@v1
     with:
       image_name: ${{ vars.IMAGE_NAME }}
       tag: ${{ github.event.release.tag_name }}