Build Prefect Image #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Prefect Image | |
| permissions: | |
| contents: write | |
| id-token: write | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Which account the ECR repository is in' | |
| type: environment | |
| ignore_trivy_scan: | |
| type: boolean | |
| description: ignore vulnerabilities if they are found | |
| required: true | |
| default: false | |
| jobs: | |
| build: | |
| name: Build Image | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment }} | |
| env: | |
| ECR_REPOSITORY: mdb-prefect-worker | |
| # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
| - name: Set Image Tag | |
| env: | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| run: | | |
| # Get all tags for the repo and find the latest tag for the branch being built | |
| # git fetch --tags --force --quiet | |
| ################################################################### | |
| git fetch --tags --force | |
| git tag -l $BRANCH_NAME* | |
| git tag -l $BRANCH_NAME* | tail -1 | |
| ################################################################### | |
| tag=$(git tag -l $BRANCH_NAME* | tail -1) | |
| if [ ! -z "$tag" ]; | |
| then | |
| # Increment the build number if a tag is found | |
| build_num=$(echo "${tag##*.}") | |
| build_num=$((build_num+1)) | |
| echo "Image is: $BRANCH_NAME.$build_num" | |
| echo "IMAGE_TAG=$BRANCH_NAME.$build_num" >> $GITHUB_ENV | |
| else | |
| # If no tag is found create a new tag name | |
| build_num=1 | |
| echo "Image is: $BRANCH_NAME.$build_num" | |
| echo "IMAGE_TAG=$BRANCH_NAME.$build_num" >> $GITHUB_ENV | |
| fi | |
| # - name: Build | |
| # id: build-image | |
| # run: | | |
| # docker build -t $ECR_REPOSITORY:$IMAGE_TAG -f devops/dockerfiles/prefect . | |
| # - name: Set Trivy exit code | |
| # run: | | |
| # if [[ ${{ inputs.ignore_trivy_scan }} == true ]]; | |
| # then | |
| # echo 'TRIVY_EXIT_CODE=0' >> $GITHUB_ENV | |
| # else | |
| # echo 'TRIVY_EXIT_CODE=1' >> $GITHUB_ENV | |
| # fi | |
| # - name: Run Trivy vulnerability scanner | |
| # id: trivy-scan | |
| # uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0 | |
| # with: | |
| # image-ref: '${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}' | |
| # format: 'table' | |
| # exit-code: '${{ env.TRIVY_EXIT_CODE }}' | |
| # ignore-unfixed: true | |
| # severity: 'CRITICAL,HIGH' | |
| # - name: AWS OIDC Authentication | |
| # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| # with: | |
| # role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # role-session-name: ${{ github.actor }} | |
| # - name: Create Git tag for Image | |
| # run: | | |
| # git config user.name "GitHub Actions" | |
| # git config user.email "[email protected]" | |
| # git tag ${{ env.IMAGE_TAG }} | |
| # git push origin ${{ env.IMAGE_TAG }} | |
| # - name: Login to Amazon ECR | |
| # id: login-aws-ecr | |
| # uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 | |
| # - name: Push to Amazon ECR | |
| # id: push-image | |
| # env: | |
| # ECR_REGISTRY: ${{ steps.login-aws-ecr.outputs.registry }} | |
| # run: | | |
| # docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| # docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| # - name: Slack Notification | |
| # uses: act10ns/slack@87c73aef9f8838eb6feae81589a6b1487a4a9e08 # v1.6.0 | |
| # with: | |
| # status: ${{ job.status }} | |
| # steps: ${{ toJson(steps) }} | |
| # if: always() |