forked from jasonumiker-sysdig/example-scenarios
-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (110 loc) · 4.04 KB
/
build_image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---
name: Build and Push image
run-name: "Build and Push ${{ inputs.scenario }} image"
on:
workflow_dispatch:
inputs:
scenario:
type: choice
default: security-playground
required: true
options:
- security-playground
- hello-app
- postgres-sakila
docker_file:
description: 'Dockerfile to use for the build'
required: true
type: string
default: 'Dockerfile'
docker_extra_args:
description: 'Additional arguments for Docker build separated by comma'
required: false
type: string
push_image_to_ECR:
description: 'Wheter to push the image to ECR (default dry run)'
required: true
default: false
type: boolean
custom_tag:
description: 'Set a custom tag, leave blank to use the tag from the repo'
required: false
type: string
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
concurrency:
group: '${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
build_push_image:
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.sha }} # required for better experience using pre-releases
fetch-depth: 0 # Required due to the way Git works, without it this action won't be able to find any or the correct tags
- name: Get tags
run: git fetch --tags origin
- name: Tagging successfull version
id: tagging
uses: anothrNick/[email protected]
env:
DRY_RUN: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
DEFAULT_BUMP: "patch"
TAG_CONTEXT: 'repo'
PRERELEASE_SUFFIX: "beta"
PRERELEASE: ${{ (github.ref_name == 'staging') && 'true' || 'false' }}
CUSTOM_TAG: ${{ inputs.custom_tag }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set Docker context
run: |
docker context create builders
docker context use builders
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
endpoint: builders
- name: Docker meta ECR
id: meta_id_ecr
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
905418274209.dkr.ecr.us-east-1.amazonaws.com/public.ecr.aws/j4k4p5y8/${{ inputs.scenario }}
# Docker tags based on the following events/attributes
tags: |
type=raw,value=${{ steps.tagging.outputs.tag}},enable=true
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4 # More information on this action can be found below in the 'AWS Credentials' section
with:
role-to-assume: ${{ secrets.ECR_ROLE_ARN }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: 'Parse docker build args to multiline'
id: parse-build-args
run: |
DOCKER_BUILD_ARGS=$(echo "${{ inputs.docker_extra_args }}" | sed 's/,/\n/g' | awk '{$1=$1};1' | awk '{print "\"" $0 "\""}')
echo "DOCKER_BUILD_ARGS_ENV_VAR<<EOF" >> $GITHUB_ENV
# here we can place the command that will generate multi-line text
echo "$DOCKER_BUILD_ARGS" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Build and push to ECR
uses: docker/build-push-action@v6
with:
build-args: |
${{ env.DOCKER_BUILD_ARGS_ENV_VAR }}
platforms: linux/amd64
context: 'docker-build-${{inputs.scenario}}'
file: 'docker-build-${{inputs.scenario}}/${{inputs.docker_file}}'
push: ${{ inputs.push_image_to_ECR }}
tags: ${{ steps.meta_id_ecr.outputs.tags }}
labels: ${{ steps.meta_id_ecr.outputs.labels }}