Skip to content

Publish Image to ECR #9701

Publish Image to ECR

Publish Image to ECR #9701

name: Publish Image to ECR
on:
workflow_dispatch:
inputs:
image_name:
description: 'The name of the docker image to be publish'
required: false
type: string
default: coordinator
existing_tag:
description: 'The existing tag of the docker image to publish'
required: true
type: string
ecr_repo:
description: 'The AWS ECR repo name to be published'
required: false
type: string
default: pl-coordinator-env
ecr_repo_type:
description: 'The type of ECR repository it is (private or public)'
required: true
type: choice
default: private
options:
- private
- public
new_tag:
description: 'The new tag of the docker image'
required: true
type: string
aws_region:
description: 'The AWS region where the ECR is defined'
required: false
type: string
default: us-west-2
tracker_hash:
description: '[Internal usage] Used for tracking workflow job status within Meta infra'
required: false
type: string
env:
REGISTRY: ghcr.io
IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ inputs.image_name }}
IMAGE_TAG: ${{ inputs.existing_tag }}
# The line below is intended to make it easier for developers to understand the inputs that they are putting in for the ECR repo.
# Our public ECR registry has the prefix of t7b1w5a4 and this code prepends that to the actual name of the image repository
# if the developer puts in the repostiory type of "public". This allows the developer to just specify the image repository like
# onedocker-prod or pc-coordinator-prod
ECR_REPOSITORY: ${{ inputs.ecr_repo_type == 'private' && inputs.ecr_repo || format('t7b1w5a4/{0}', inputs.ecr_repo) }}
NEW_IMAGE_TAG: ${{ inputs.new_tag }}
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Print Tracker Hash
run: echo ${{ inputs.tracker_hash}}
- uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull image from rc registry
run: docker pull ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
- name: Set AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ inputs.aws_region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: ${{ inputs.ecr_repo_type }}
- name: Tag docker image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.NEW_IMAGE_TAG }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
- name: Push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.NEW_IMAGE_TAG }}
docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}