Skip to content

Use latest AWS action #66

Use latest AWS action

Use latest AWS action #66

Workflow file for this run

---
name: Build
on: [push, workflow_dispatch]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.18
- name: Install dependencies
run: go get -t -v ./...
working-directory: ./builder
- name: Test
run: go test -coverprofile=coverage.out ./...
working-directory: ./builder
- name: Coverage
run: go tool cover -func=coverage.out
working-directory: ./builder
build-image:
runs-on: ubuntu-latest
outputs:
image: ${{ steps.build.outputs.image }}
steps:
- uses: actions/checkout@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build
id: build
run: |
set -ex
IMAGE=ghcr.io/${{ github.repository }}/builder:${{ github.run_id }}
docker build -t "$IMAGE" .
docker push "$IMAGE"
echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
integration:
runs-on: ubuntu-latest
needs: [test, build-image]
permissions:
id-token: write
contents: read
packages: read
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull image
run: docker pull ${{ needs.build-image.outputs.image }}
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests
aws-region: us-east-1
- name: Checkout sample repo
run: git clone https://github.com/apppackio/apppack-demo-python.git
- name: Run integration tests
working-directory: ./apppack-demo-python
run: |
cat <<EOF > .envfile
APPNAME=gh-integration
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }}
CODEBUILD_SOURCE_VERSION=${{ github.sha }}
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test
ARTIFACT_BUCKET=integration-test-buildartifacts
AWS_REGION
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
EOF
docker run \
--rm \
--privileged \
--env-file .envfile \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume "$(pwd):/app" \
--workdir /app \
${{ needs.build-image.outputs.image }} \
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild"
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Verify apppack.toml
working-directory: ./apppack-demo-python
run: |
set -ex
cat apppack.toml
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = "bash -c 'gunicorn --access-logfile - --bind 0.0.0.0:\$PORT --forwarded-allow-ips '\"'\"'*'\"'\"' app:app'"
integration-appjson:
runs-on: ubuntu-latest
needs: [test, build-image]
permissions:
id-token: write
contents: read
packages: read
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull image
run: docker pull ${{ needs.build-image.outputs.image }}
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests
aws-region: us-east-1
- name: Checkout sample repo
run: git clone --branch app.json https://github.com/apppackio/apppack-demo-python.git
- name: Run integration tests
working-directory: ./apppack-demo-python
run: |
cat <<EOF > .envfile
APPNAME=gh-integration
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }}
CODEBUILD_SOURCE_VERSION=${{ github.sha }}
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test
ARTIFACT_BUCKET=integration-test-buildartifacts
AWS_REGION
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
EOF
docker run \
--rm \
--privileged \
--env-file .envfile \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume "$(pwd):/app" \
--workdir /app \
${{ needs.build-image.outputs.image }} \
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild"
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Verify apppack.toml
working-directory: ./apppack-demo-python
run: |
set -ex
cat apppack.toml
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = "bash -c 'gunicorn --access-logfile - --bind 0.0.0.0:\$PORT --forwarded-allow-ips '\"'\"'*'\"'\"' app:app'"
integration-heroku20:
runs-on: ubuntu-latest
needs: [test, build-image]
permissions:
id-token: write
contents: read
packages: read
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull image
run: docker pull ${{ needs.build-image.outputs.image }}
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests
aws-region: us-east-1
- name: Checkout sample repo
run: git clone --branch buildpacks-20 https://github.com/apppackio/apppack-demo-python.git
- name: Run integration tests
working-directory: ./apppack-demo-python
run: |
cat <<EOF > .envfile
APPNAME=gh-integration
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }}
CODEBUILD_SOURCE_VERSION=${{ github.sha }}
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test
ARTIFACT_BUCKET=integration-test-buildartifacts
ALLOW_EOL_SHIMMED_BUILDER=1
AWS_REGION
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
EOF
docker run \
--rm \
--privileged \
--env-file .envfile \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume "$(pwd):/app" \
--workdir /app \
${{ needs.build-image.outputs.image }} \
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild"
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Verify apppack.toml
working-directory: ./apppack-demo-python
run: |
set -ex
cat apppack.toml
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = 'gunicorn --access-logfile - --bind 0.0.0.0:$PORT --forwarded-allow-ips '"'"'*'"' app:app"
integration-docker:
runs-on: ubuntu-latest
needs: [test, build-image]
permissions:
id-token: write
contents: read
packages: read
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull image
run: docker pull ${{ needs.build-image.outputs.image }}
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests
aws-region: us-east-1
- name: Checkout sample repo (docker-build branch)
run: git clone --branch docker-build https://github.com/apppackio/apppack-demo-python.git
- name: Run integration tests
working-directory: ./apppack-demo-python
run: |
cat <<EOF > .envfile
APPNAME=gh-docker-integration
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }}
CODEBUILD_SOURCE_VERSION=${{ github.sha }}
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test
ARTIFACT_BUCKET=integration-test-buildartifacts
AWS_REGION
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
EOF
docker run \
--rm \
--privileged \
--env-file .envfile \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume "$(pwd):/app" \
--workdir /app \
${{ needs.build-image.outputs.image }} \
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild"
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Verify apppack.toml
working-directory: ./apppack-demo-python
run: |
set -ex
cat apppack.toml
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = 'gunicorn --access-logfile - --bind 0.0.0.0:$PORT --forwarded-allow-ips '"'"'*'"' app:app"
deploy:
runs-on: ubuntu-latest
# Only run this job if the current commit is tagged with a version
if: startswith(github.ref, 'refs/tags/v')
needs: [test, build-image, integration, integration-docker, integration-appjson, integration-heroku20]
permissions:
id-token: write
contents: read
packages: read
env:
ECR_REPO: public.ecr.aws/d9q4v8a4/apppack-build
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull and tag image
run: |
set -ex
docker pull ${{ needs.build-image.outputs.image }}
docker tag ${{ needs.build-image.outputs.image }} "$ECR_REPO:builder"
docker tag ${{ needs.build-image.outputs.image }} "$ECR_REPO:${{ github.ref_name }}"
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "arn:aws:iam::101287669015:role/codebuild-image-github-actions"
aws-region: us-east-1
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Push image
run: |
set -ex
docker push "$ECR_REPO:builder"
docker push "$ECR_REPO:${{ github.ref_name }}"