From 9e9902b87356439d0add88dbddc51113ef97b8ef Mon Sep 17 00:00:00 2001
From: grahamalama <gbeckley@mozilla.com>
Date: Mon, 14 Oct 2024 10:16:08 -0400
Subject: [PATCH] Add workflow to build + push image to GAR from this repo
 (#984)

---
 .github/workflows/build.yaml | 77 ++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 .github/workflows/build.yaml

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 00000000..c37473f1
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,77 @@
+name: Build image and push to GAR
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+env:
+  GAR_LOCATION: us
+  GAR_REPOSITORY: ctms-prod
+  GCP_PROJECT_ID: moz-fx-ctms-prod
+  IMAGE: ctms
+  IMAGE_PLATFORMS: linux/amd64,linux/arm64
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+      
+      - id: determine_tag
+        name: determine tag
+        run: |-
+          TAG=$(git describe --tags)
+          printf "\e[1;36m[INFO]\e[0m \$TAG=\"${TAG}\"\n"
+          echo TAG=${TAG} >> ${GITHUB_OUTPUT}
+
+      - id: meta
+        name: generate Docker image metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE }}
+          # https://github.com/marketplace/actions/docker-metadata-action#tags-input
+          tags: |
+            type=raw,value=${{ steps.determine_tag.outputs.TAG }}
+            type=raw,value=latest
+
+      - id: generate_version_json
+        name: generate version.json
+        run: |-
+          printf '{"commit":"%s","version":"%s","source":"%s","build":"%s"}\n' \
+            "$(git rev-parse HEAD)" \
+            "${{ steps.determine_tag.outputs.TAG }}" \
+            "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \
+            "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | tee version.json
+
+      - id: gcp_auth
+        name: gcp auth
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com
+          workload_identity_provider: projects/${{ var.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions
+
+      - id: docker_login
+        name: docker login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.gcp_auth.outputs.access_token }}
+
+      - id: build_and_push
+        name: build and push
+        uses: docker/build-push-action@v5
+        with:
+          platforms: ${{ env.IMAGE_PLATFORMS }}
+          context: .
+          tags: ${{ steps.meta.outputs.tags }}
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max