Skip to content

Migrate to ADS-beta #91

Migrate to ADS-beta

Migrate to ADS-beta #91

Workflow file for this run

name: build_docker
on:
workflow_dispatch:
push:
branches:
- 'main'
tags:
- 'v*'
pull_request:
env:
REGISTRY: ghcr.io
IMAGE: ghcr.io/openmethane/openmethane-prior
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
platform:
# - linux/arm64
- linux/amd64
permissions:
contents: read
packages: write
outputs:
digest: ${{ steps.build.outputs.digest }}
# Builds and pushes the image
# Tags the image with the PR that it is linked to
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ env.IMAGE }}"
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
- name: Build and push image
uses: docker/build-push-action@v5
id: build
with:
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
push: true
pull: false
cache-from: type=gha
cache-to: type=gha,mode=max
test-unit:
# Simple test suite to verify that the docker container works as expected
timeout-minutes: 10
runs-on: ubuntu-latest
needs: build
permissions:
contents: read
packages: read
container:
image: ghcr.io/openmethane/openmethane-prior@${{ needs.build.outputs.digest }}
credentials:
username: ${{ github.actor }}
password: ${{ secrets.github_token }}
steps:
- name: Run a quick test suite
run: |
cd /opt/project
cp .env.example .env
python -m pytest -r a -v tests/integration/test_domain_json.py
env:
CDSAPI_KEY: ${{ secrets.CDSAPI_ADS_KEY }}
CDSAPI_URL: https://ads.atmosphere.copernicus.eu/api/v2
# Tag the latest image if running on the main branch
# TODO: Handle tagged builds
tag-latest-image:
runs-on: ubuntu-latest
needs: [ test-unit ]
if: github.ref == 'refs/heads/main'
permissions:
contents: read
packages: write
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout code
uses: actions/checkout@v4
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ env.IMAGE }}"
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main'}}
- name: Push latest image
uses: docker/build-push-action@v5
id: build
with:
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
load: true
# Push the image to ECR as well
push-ecr:
runs-on: ubuntu-latest
strategy:
matrix:
account_id:
- "654654509571"
- "058264429703"
include:
- account_id: "654654509571"
aws_access_key_secret: "AWS_ACCESS_KEY_ID_SANDBOX"
aws_secret_access_key_secret: "AWS_SECRET_ACCESS_KEY_SANDBOX"
- account_id: "058264429703"
aws_access_key_secret: "AWS_ACCESS_KEY_ID_PROD"
aws_secret_access_key_secret: "AWS_SECRET_ACCESS_KEY_PROD"
needs: [test-unit, build ]
permissions:
contents: read
packages: read
env:
GHCR_IMAGE_ID: ghcr.io/openmethane/openmethane-prior@${{ needs.build.outputs.digest }}
ECR_IMAGE: ${{ matrix.account_id }}.dkr.ecr.ap-southeast-2.amazonaws.com/openmethane/openmethane-prior
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout code
uses: actions/checkout@v4
- name: Login to Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
# TODO: Use the OIDC token instead of the access key
with:
aws-access-key-id: ${{ secrets[matrix.aws_access_key_secret] }}
aws-secret-access-key: ${{ secrets[matrix.aws_secret_access_key_secret] }}
aws-region: ap-southeast-2
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Pull built docker image
run: |
docker pull ${{ env.GHCR_IMAGE_ID }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ env.ECR_IMAGE }}"
tags: |
type=schedule
type=ref,event=pr
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main'}}
- name: Tag and push docker image to Amazon ECR
run: |
TAGS="${{ steps.meta.outputs.tags }}"
IFS=$'\n'
for tag in $TAGS; do
echo "Tagging ${{ env.GHCR_IMAGE_ID }} as $tag"
docker tag "${{ env.GHCR_IMAGE_ID }}" "$tag"
docker push "$tag"
done