Ecr

Signed-off-by: 0ssigeno <[email protected]>
certego · Oct 2, 2023 · c024f84 · c024f84
1 parent c07ba3c
commit c024f84
Show file tree

Hide file tree

Showing 10 changed files with 206 additions and 28 deletions.
diff --git a/.github/actions/push_on_ecr/action.yml b/.github/actions/push_on_ecr/action.yml
@@ -0,0 +1,51 @@
+name: Composite action push on ecr
+description: Composite action push on ecr
+inputs:
+  repository:
+    description: Repository name
+    required: true
+  aws_account_id:
+    description: Aws User code
+    required: true
+  aws_access_key:
+    description: Aws access key
+    required: true
+  aws_secret_access_key:
+    description: Aws secret access key
+    required: true
+  dockerfile:
+    description: Path for dockerfile
+    required: true
+  image_tag:
+    description: Directory that must be run against the linters
+    required: true
+
+  aws_region:
+    description: Aws region
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ inputs.aws_region}}
+        aws-access-key-id: ${{ inputs.aws_access_key }}
+        aws-secret-access-key: ${{ inputs.secrets_aws_access_key }}
+        role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}}
+
+    - name: Login to Amazon ECR Private
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+
+    - name: Build, tag, and push docker image to Amazon ECR
+      env:
+        REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com
+        REPOSITORY: ${{ inputs.repository }}
+        IMAGE_TAG: ${{ inputs.image_tag }}
+      run: |
+        docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}}
+        docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+      shell: bash
diff --git a/.github/workflows/_python.yml b/.github/workflows/_python.yml
@@ -95,11 +95,7 @@ on:
         type: string
         required: false
         default: ''
-      check_dockerfile:
-        description: Check dockerfile build. WARNING action total time may increase significantly
-        type: string
-        required: false
-        default: ''
+
 
       use_postgres:
         description: Use postgres service
@@ -419,12 +415,6 @@ jobs:
         shell: bash
         working-directory: ${{ inputs.check_docs_directory }}
 
-      - name: Build DockerFile
-        if: inputs.check_dockerfile
-        run: |
-           docker build -f ${{ inputs.check_dockerfile }} .
-        working-directory: ${{ inputs.working_directory }}
-
       - name: Start services
         uses: ./.github/actions/services
         if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached ||  inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo

diff --git a/.github/workflows/_release_and_tag.yml b/.github/workflows/_release_and_tag.yml
@@ -31,18 +31,52 @@ on:
         required: false
         default: #CyberSecurity
 
+      publish_on_ecr:
+        description: Publish on ecr
+        type: boolean
+        required: false
+        default: false
+      repository:
+        description: todo
+        type: string
+        required: false
+      dockerfile:
+        description: todo
+        type: string
+        required: false
+      aws_region:
+        description: todo
+        type: string
+        required: false
+        default: eu-central-1
+
+
 jobs:
   release_and_tag:
     name: Create release and tag
     runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
+    if: github.event.pull_request.merged == true
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # otherwise, you do not retrieve the tags
 
+      - name: Push on ecr branch
+        uses: ./.github/actions/push_on_ecr
+        env:
+          TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' )  && 'prod' || 'stag' }}
+        with:
+          repository: ${{ inputs.repository }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          dockerfile: ${{ inputs.dockerfile }}
+          image_tag: $TAG
+          aws_region: ${{ inputs.aws_region }}
+
       - name: Check Tag
         id: check-tag
+        if: github.base_ref == 'master' || github.base_ref == 'main'
         run: |
           if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "match=true" >> $GITHUB_OUTPUT
@@ -115,4 +149,15 @@ jobs:
           api_key: ${{ secrets.TWITTER_API_KEY }}
           api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
           access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
-          access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
+          access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
+
+      - name: Push on ecr tag
+        if: steps.check-tag.outputs.match == 'true'
+        with:
+          repository: ${{ inputs.repository }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          dockerfile: ${{ inputs.dockerfile }}
+          image_tag: ${{ github.event.pull_request.title }}
+          aws_region: ${{ inputs.aws_region }}
diff --git a/.github/workflows/pull_request_automation.yml b/.github/workflows/pull_request_automation.yml
@@ -73,7 +73,6 @@ jobs:
       check_migrations: true
       check_requirements_licenses: true
       check_docs_directory:
-      check_dockerfile: Dockerfile
 
       use_postgres: false
       use_memcached: false

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,3 +20,7 @@ jobs:
       publish_on_test_pypi: false
       publish_on_npm: false
       publish_on_twitter: false
+      publish_on_ecr: false
+      repository: .github
+      dockerfile: Dockerfile
+      aws_region: eu-central-1
diff --git a/actions/push_on_ecr/action.yml b/actions/push_on_ecr/action.yml
@@ -0,0 +1,51 @@
+name: Composite action push on ecr
+description: Composite action push on ecr
+inputs:
+  repository:
+    description: Repository name
+    required: true
+  aws_account_id:
+    description: Aws User code
+    required: true
+  aws_access_key:
+    description: Aws access key
+    required: true
+  aws_secret_access_key:
+    description: Aws secret access key
+    required: true
+  dockerfile:
+    description: Path for dockerfile
+    required: true
+  image_tag:
+    description: Directory that must be run against the linters
+    required: true
+
+  aws_region:
+    description: Aws region
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ inputs.aws_region}}
+        aws-access-key-id: ${{ inputs.aws_access_key }}
+        aws-secret-access-key: ${{ inputs.secrets_aws_access_key }}
+        role-to-assume: arn:aws:iam::${{inputs.aws_account_id}}:role/${{inputs.aws_role_to_assume}}
+
+    - name: Login to Amazon ECR Private
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+
+    - name: Build, tag, and push docker image to Amazon ECR
+      env:
+        REGISTRY: ${{inputs.aws_account_id}}.dkr.ecr.${{inputs.aws_region}}.amazonaws.com
+        REPOSITORY: ${{ inputs.repository }}
+        IMAGE_TAG: ${{ inputs.image_tag }}
+      run: |
+        docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ${{inputs.dockerfile}}
+        docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+      shell: bash
diff --git a/workflows/_python.yml b/workflows/_python.yml
@@ -95,11 +95,7 @@ on:
         type: string
         required: false
         default: ''
-      check_dockerfile:
-        description: Check dockerfile build. WARNING action total time may increase significantly
-        type: string
-        required: false
-        default: ''
+
 
       use_postgres:
         description: Use postgres service
@@ -419,12 +415,6 @@ jobs:
         shell: bash
         working-directory: ${{ inputs.check_docs_directory }}
 
-      - name: Build DockerFile
-        if: inputs.check_dockerfile
-        run: |
-           docker build -f ${{ inputs.check_dockerfile }} .
-        working-directory: ${{ inputs.working_directory }}
-
       - name: Start services
         uses: ./.github/actions/services
         if: inputs.use_postgres || inputs.use_elastic_search || inputs.use_memcached ||  inputs.use_redis || inputs.use_rabbitmq || inputs.use_mongo

diff --git a/workflows/_release_and_tag.yml b/workflows/_release_and_tag.yml
@@ -31,18 +31,52 @@ on:
         required: false
         default: #CyberSecurity
 
+      publish_on_ecr:
+        description: Publish on ecr
+        type: boolean
+        required: false
+        default: false
+      repository:
+        description: todo
+        type: string
+        required: false
+      dockerfile:
+        description: todo
+        type: string
+        required: false
+      aws_region:
+        description: todo
+        type: string
+        required: false
+        default: eu-central-1
+
+
 jobs:
   release_and_tag:
     name: Create release and tag
     runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true && ( github.base_ref == 'master' || github.base_ref == 'main' )
+    if: github.event.pull_request.merged == true
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # otherwise, you do not retrieve the tags
+
+      - name: Push on ecr branch
+        uses: ./.github/actions/push_on_ecr
+        env:
+          TAG=${{ ( github.base_ref == 'main' || github.base_ref == 'master' )  && 'prod' || 'stag' }}
+        with:
+          repository: ${{ inputs.repository }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          dockerfile: ${{ inputs.dockerfile }}
+          image_tag: $TAG
+          aws_region: ${{ inputs.aws_region }}
 
       - name: Check Tag
         id: check-tag
+        if: github.base_ref == 'master' || github.base_ref == 'main'
         run: |
           if [[ "${{ github.event.pull_request.title }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "match=true" >> $GITHUB_OUTPUT
@@ -115,4 +149,15 @@ jobs:
           api_key: ${{ secrets.TWITTER_API_KEY }}
           api_key_secret: ${{ secrets.TWITTER_API_KEY_SECRET }}
           access_token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
-          access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
+          access_token_secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
+
+      - name: Push on ecr tag
+        if: steps.check-tag.outputs.match == 'true'
+        with:
+          repository: ${{ inputs.repository }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_access_key: ${{ secrets.AWS_ACCESS_KEY}}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          dockerfile: ${{ inputs.dockerfile }}
+          image_tag: ${{ github.event.pull_request.title }}
+          aws_region: ${{ inputs.aws_region }}
diff --git a/workflows/pull_request_automation.yml b/workflows/pull_request_automation.yml
@@ -73,7 +73,6 @@ jobs:
       check_migrations: true
       check_requirements_licenses: true
       check_docs_directory:
-      check_dockerfile: Dockerfile
 
       use_postgres: false
       use_memcached: false

diff --git a/workflows/release.yml b/workflows/release.yml
@@ -20,3 +20,7 @@ jobs:
       publish_on_test_pypi: false
       publish_on_npm: false
       publish_on_twitter: false
+      publish_on_ecr: false
+      repository: .github
+      dockerfile: Dockerfile
+      aws_region: eu-central-1