Skip to content

build-push-ecr refactor using docker/build-push-action@v3 #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thecristen wants to merge 3 commits into
base: main
Choose a base branch
from
Open

build-push-ecr refactor using docker/build-push-action@v3 #28

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a3ea843
refactor: docker/login-action for testing creds
thecristen Jun 20, 2022
866a82b
refactor: docker/metadata-action for tagging
thecristen Jun 20, 2022
1cc5b85
refactor: use docker/build-push-action
thecristen Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 33 additions & 24 deletions build-push-ecr/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ inputs:
required: true
aws-region:
description: AWS region to use
required: true
required: false
Copy link
Member

@paulswartz paulswartz Jun 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

praise: 🤦 thank you for fixing this!

default: us-east-1
docker-repo:
description: ECR Docker repo to push to
Expand All @@ -29,33 +29,42 @@ inputs:
outputs:
docker-tag:
description: Docker Tag
value: ${{ steps.docker.outputs.tag }}
value: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
runs:
using: composite
steps:
- run: test -n "${{ inputs.aws-access-key-id }}" -a -n "${{ inputs.aws-secret-access-key }}"
shell: bash
- run: echo "::set-output name=tag::${{ inputs.docker-repo }}:git-$(git rev-parse --short HEAD)"
id: docker
shell: bash
- run: >
docker build
${{ inputs.docker-additional-args }}
--pull -t ${{ steps.docker.outputs.tag }} ${{ inputs.dockerfile-path }}
shell: bash
- run: >
aws ecr get-login-password --region ${{ inputs.aws-region }}
| docker login --username AWS --password-stdin ${{ inputs.docker-repo }}
env:
AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
shell: bash
- run: docker push ${{ steps.docker.outputs.tag }}
shell: bash
- name: Login to AWS ECR
uses: docker/login-action@v2
with:
registry: ${{ secrets.docker-repo }}
username: ${{ secrets.aws-access-key-id }}
password: ${{ secrets.aws-secret-access-key }}
Copy link
Member

@paulswartz paulswartz Jun 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

praise: this is neat! I didn't know the built-in action could log in directly.

- run: >
for tag in ${{ inputs.docker-additional-tags }}; do
docker tag ${{ steps.docker.outputs.tag }} ${{ inputs.docker-repo }}:$tag
docker push ${{ inputs.docker-repo }}:$tag
echo "type=raw,priority=900,value=${tag},enable=true" >> tags.txt
Copy link
Member

@paulswartz paulswartz Jun 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: it would be better to write this file into the $RUNNER_TEMP directory. otherwise, any existing content in a tags.txt file will be passed to the job and I don't think that's what you want.

done
echo "::set-output name=tags::$(cat tags.txt)"
shell: bash
if: ${{ inputs.docker-additional-tags != '' }}
id: more-tags
- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ secrets.docker-repo }}
tags: |
type=sha,priority=1000,prefix=git-
${{ steps.more-tags.outputs.tags )}}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Push to ECR
uses: docker/build-push-action@v3
id: docker-build
with:
push: true
pull: true
file: ${{ inputs.dockerfile-path }}
build-args: ${{ inputs.docker-additional-args }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha,src=/tmp/.buildx-cache
cache-to: type=gha,dest=/tmp/.buildx-cache,mode=max