From a3ea843ab6f9c360f05ce7ecf7cc347106792875 Mon Sep 17 00:00:00 2001 From: Cristen Jones Date: Mon, 20 Jun 2022 16:44:30 -0400 Subject: [PATCH 1/3] refactor: docker/login-action for testing creds also will login if valid! --- build-push-ecr/action.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/build-push-ecr/action.yml b/build-push-ecr/action.yml index ba30b90..37fe429 100644 --- a/build-push-ecr/action.yml +++ b/build-push-ecr/action.yml @@ -33,8 +33,12 @@ outputs: runs: using: composite steps: - - run: test -n "${{ inputs.aws-access-key-id }}" -a -n "${{ inputs.aws-secret-access-key }}" - shell: bash + - name: Login to AWS ECR + uses: docker/login-action@v2 + with: + registry: ${{ secrets.docker-repo }} + username: ${{ secrets.aws-access-key-id }} + password: ${{ secrets.aws-secret-access-key }} - run: echo "::set-output name=tag::${{ inputs.docker-repo }}:git-$(git rev-parse --short HEAD)" id: docker shell: bash @@ -43,13 +47,6 @@ runs: ${{ inputs.docker-additional-args }} --pull -t ${{ steps.docker.outputs.tag }} ${{ inputs.dockerfile-path }} shell: bash - - run: > - aws ecr get-login-password --region ${{ inputs.aws-region }} - | docker login --username AWS --password-stdin ${{ inputs.docker-repo }} - env: - AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }} - AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }} - shell: bash - run: docker push ${{ steps.docker.outputs.tag }} shell: bash - run: > From 866a82b7226c0b71be9b213dadbccbaf6f025640 Mon Sep 17 00:00:00 2001 From: Cristen Jones Date: Mon, 20 Jun 2022 17:32:20 -0400 Subject: [PATCH 2/3] refactor: docker/metadata-action for tagging Computes needed docker image tags with metadata-action. git-$(git rev-parse --short HEAD) --> type=sha,prefix=git- (it defaults to short sha) additional tag --> type=raw,value=tag --- build-push-ecr/action.yml | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/build-push-ecr/action.yml b/build-push-ecr/action.yml index 37fe429..ef6abf6 100644 --- a/build-push-ecr/action.yml +++ b/build-push-ecr/action.yml @@ -29,7 +29,7 @@ inputs: outputs: docker-tag: description: Docker Tag - value: ${{ steps.docker.outputs.tag }} + value: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} runs: using: composite steps: @@ -39,20 +39,26 @@ runs: registry: ${{ secrets.docker-repo }} username: ${{ secrets.aws-access-key-id }} password: ${{ secrets.aws-secret-access-key }} - - run: echo "::set-output name=tag::${{ inputs.docker-repo }}:git-$(git rev-parse --short HEAD)" - id: docker + - run: > + for tag in ${{ inputs.docker-additional-tags }}; do + echo "type=raw,priority=900,value=${tag},enable=true" >> tags.txt + done + echo "::set-output name=tags::$(cat tags.txt)" shell: bash + id: more-tags + - name: Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ secrets.docker-repo }} + tags: | + type=sha,priority=1000,prefix=git- + ${{ steps.more-tags.outputs.tags )}} + - run: > docker build ${{ inputs.docker-additional-args }} - --pull -t ${{ steps.docker.outputs.tag }} ${{ inputs.dockerfile-path }} + --pull -t ${{ steps.meta.outputs.tags }} ${{ inputs.dockerfile-path }} shell: bash - - run: docker push ${{ steps.docker.outputs.tag }} - shell: bash - - run: > - for tag in ${{ inputs.docker-additional-tags }}; do - docker tag ${{ steps.docker.outputs.tag }} ${{ inputs.docker-repo }}:$tag - docker push ${{ inputs.docker-repo }}:$tag - done + - run: docker push ${{ steps.meta.outputs.tags }} shell: bash - if: ${{ inputs.docker-additional-tags != '' }} From 1cc5b8533a173d07d09ec751758c691e4a2358b3 Mon Sep 17 00:00:00 2001 From: Cristen Jones Date: Mon, 20 Jun 2022 17:39:20 -0400 Subject: [PATCH 3/3] refactor: use docker/build-push-action Handles building the image pushing to ECR, enables caching --- build-push-ecr/action.yml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/build-push-ecr/action.yml b/build-push-ecr/action.yml index ef6abf6..3f71e71 100644 --- a/build-push-ecr/action.yml +++ b/build-push-ecr/action.yml @@ -9,7 +9,7 @@ inputs: required: true aws-region: description: AWS region to use - required: true + required: false default: us-east-1 docker-repo: description: ECR Docker repo to push to @@ -54,11 +54,17 @@ runs: tags: | type=sha,priority=1000,prefix=git- ${{ steps.more-tags.outputs.tags )}} - - - run: > - docker build - ${{ inputs.docker-additional-args }} - --pull -t ${{ steps.meta.outputs.tags }} ${{ inputs.dockerfile-path }} - shell: bash - - run: docker push ${{ steps.meta.outputs.tags }} - shell: bash + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Push to ECR + uses: docker/build-push-action@v3 + id: docker-build + with: + push: true + pull: true + file: ${{ inputs.dockerfile-path }} + build-args: ${{ inputs.docker-additional-args }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha,src=/tmp/.buildx-cache + cache-to: type=gha,dest=/tmp/.buildx-cache,mode=max