Skip to content

fixed ECR

fixed ECR #50

name: Deploy to ECR
on:
push:
branches:
- container_builds-default
- container_builds-dev
- container_builds-prod
jobs:
build:
name: Build Image
runs-on: ubuntu-latest
strategy:
matrix:
include:
- python_version: p310
arch: x86
build_platform: linux/amd64
- python_version: p310
arch: arm64
build_platform: linux/arm64
- python_version: p311
arch: x86
build_platform: linux/amd64
- python_version: p311
arch: arm64
build_platform: linux/arm64
- python_version: p312
arch: x86
build_platform: linux/amd64
- python_version: p312
arch: arm64
build_platform: linux/arm64
permissions:
id-token: write
contents: read
steps:
- name: echo Build
run: |
echo python_version: ${{ matrix.python_version }}
echo arch: ${{ matrix.arch }}
echo build_platform: ${{ matrix.build_platform }}
- name: Check out code
uses: actions/checkout@v2
- name: Set AWS Environment variable based on branch
run: |
if [ ${{ github.ref }} == refs/heads/container_builds-default ]
then
echo AWS_ENV=Klayers-defaultp38 >> $GITHUB_ENV
elif [ ${{ github.ref }} == refs/heads/container_builds-dev ]
then
echo AWS_ENV=Klayers-devp38 >> $GITHUB_ENV
elif [ ${{ github.ref }} == refs/heads/container_builds-prod ]
then
echo AWS_ENV=Klayers-prodp38 >> $GITHUB_ENV
else
exit 1
fi
APP_NAME=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r '.app_name')
echo APP_NAME=$APP_NAME >> $GITHUB_ENV
shell: bash
- name: Get AWS configuration
run: |
GITHUB_ROLE_ARN=$(cat ./.github/workflows/role_arns.json | jq -r --arg arg $AWS_ENV '.github_role_arn | .[$arg]')
AWS_REGION=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r --arg arg $AWS_ENV '.aws_region | .[$arg]')
echo AWS_ROLE_ARN=$GITHUB_ROLE_ARN >> $GITHUB_ENV
echo AWS_DEFAULT_REGION=$AWS_REGION >> $GITHUB_ENV
shell: bash
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
role-to-assume: ${{ env.AWS_ROLE_ARN }}
role-duration-seconds: 900 # minimum of 900
role-session-name: container-build-${{ env.AWS_ENV }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Set up repository variables
run: |
PARAM_PREFIX=build/${{ matrix.python_version }}/${{ matrix.arch }}
REPO_PARAM=/kl/$AWS_ENV/$PARAM_PREFIX/repo
REPO_URL=$(aws ssm get-parameter --name $REPO_PARAM | jq -r '.Parameter.Value')
REPO_NAME=$(echo $REPO_URL | cut -d'/' -f2)
BUILD_DIR=pipeline/container_images/build_images/${{ matrix.python_version }}_${{ matrix.arch }}
echo REPO_NAME=$REPO_NAME >> $GITHUB_ENV
echo REPO_URL=$REPO_URL >> $GITHUB_ENV
echo PARAM_PREFIX=$PARAM_PREFIX >> $GITHUB_ENV
echo BUILD_DIR=$BUILD_DIR >> $GITHUB_ENV
cp ./pipeline/container_images/build_images/common/build.py ./$BUILD_DIR
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
if: ${{ matrix.build_platform == 'linux/arm64' }} # only need this for ARM64 builds
- name: Build and push
uses: docker/build-push-action@v4
with:
context: ${{ env.BUILD_DIR }}
push: true
tags: ${{ env.REPO_URL }}:latest
platforms: ${{ matrix.build_platform }}
- name: update SSM
run: |
DIGEST=$(aws ecr describe-images --repository-name $REPO_NAME --image-ids imageTag=latest | jq -r '.imageDetails[0].imageDigest')
aws ssm put-parameter --name /kl/$AWS_ENV/$PARAM_PREFIX/digest --value $DIGEST --overwrite --type String | jq '.'