Build release candidate images #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build release candidate images | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: "Git ref to build from" | |
| default: main | |
| version: | |
| description: "Release version (e.g. 1.4.0)" | |
| required: true | |
| rc: | |
| description: "RC number (e.g. rc.1)" | |
| required: true | |
| dry_run: | |
| description: "If true, skip creating git tag and pushing Docker images" | |
| type: boolean | |
| default: true # TODO: change to `false` once validated | |
| jobs: | |
| rc-release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure AIMS dev AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-east-1 | |
| aws-access-key-id: ${{ secrets.AIMS_DEV_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AIMS_DEV_AWS_SECRET_ACCESS_KEY }} | |
| - name: Login to AIMS dev ECR | |
| id: ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Validate semantic version | |
| run: | | |
| VERSION="${{ github.event.inputs.version }}" | |
| if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Invalid version: $VERSION" | |
| echo "Version must be semantic: MAJOR.MINOR.PATCH (e.g. 1.4.0)" | |
| exit 1 | |
| fi | |
| - name: Validate RC format | |
| run: | | |
| if [[ ! "${{ github.event.inputs.rc }}" =~ ^rc\.[0-9]+$ ]]; then | |
| echo "RC must be in format rc.N (e.g. rc.1)" | |
| exit 1 | |
| fi | |
| - name: Make repo owner lowercase | |
| id: repo | |
| run: | | |
| echo "owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT | |
| - name: Determine RC Docker image tags | |
| id: vars | |
| run: | | |
| VERSION="${{ github.event.inputs.version }}" | |
| RC="${{ github.event.inputs.rc }}" | |
| TAG="${VERSION}-${RC}" | |
| ECR_REGISTRY="${{ steps.ecr.outputs.registry }}" | |
| # GHCR URLs | |
| GHCR_APP="ghcr.io/${{ steps.repo.outputs.owner }}/dibbs-ecr-refiner/refiner" | |
| GHCR_LAMBDA="ghcr.io/${{ steps.repo.outputs.owner }}/dibbs-ecr-refiner/lambda" | |
| GHCR_OPS="ghcr.io/${{ steps.repo.outputs.owner }}/dibbs-ecr-refiner/ops" | |
| # ECR URLs | |
| ECR_APP="$ECR_REGISTRY/dibbs-dev-refiner/refiner" | |
| ECR_LAMBDA="$ECR_REGISTRY/dibbs-dev-refiner/lambda" | |
| ECR_OPS="$ECR_REGISTRY/dibbs-dev-refiner/ops" | |
| echo "app_tags=$GHCR_APP:$TAG,$ECR_APP:$TAG" >> $GITHUB_OUTPUT | |
| echo "lambda_tags=$GHCR_LAMBDA:$TAG,$ECR_LAMBDA:$TAG" >> $GITHUB_OUTPUT | |
| echo "ops_tags=$GHCR_OPS:$TAG,$ECR_OPS:$TAG" >> $GITHUB_OUTPUT | |
| echo "version_tag=$TAG" >> $GITHUB_OUTPUT | |
| - name: Print RC Docker image tags | |
| run: | | |
| echo "===== RC IMAGE TAGS =====" | |
| echo "App: ${{ steps.vars.outputs.app_tags }}" | |
| echo "Lambda: ${{ steps.vars.outputs.lambda_tags }}" | |
| echo "Ops: ${{ steps.vars.outputs.ops_tags }}" | |
| echo "==================================" | |
| - name: Configure Git username and email | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Create and push RC Git tag | |
| if: ${{ github.event.inputs.dry_run == 'false' }} | |
| run: | | |
| GIT_TAG="${{ steps.vars.outputs.version_tag }}" | |
| if git rev-parse "$GIT_TAG" >/dev/null 2>&1; then | |
| echo "Tag $GIT_TAG already exists, skipping" | |
| else | |
| git tag -a "$GIT_TAG" -m "Release candidate $GIT_TAG" | |
| git push origin "$GIT_TAG" | |
| fi | |
| - name: Build/push Refiner App RC image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile.app | |
| push: ${{ github.event.inputs.dry_run == 'false' }} | |
| tags: ${{ steps.vars.outputs.app_tags }} | |
| build-args: | | |
| VITE_GIT_HASH=${{ github.sha }} | |
| VITE_GIT_BRANCH=${{ github.event.inputs.ref }} | |
| VERSION=${{ steps.vars.outputs.version_tag }} | |
| - name: Build/push Refiner Lambda RC image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| provenance: false | |
| file: Dockerfile.lambda | |
| push: ${{ github.event.inputs.dry_run == 'false' }} | |
| platforms: linux/amd64 | |
| tags: ${{ steps.vars.outputs.lambda_tags }} | |
| build-args: | | |
| VERSION=${{ steps.vars.outputs.version_tag }} | |
| - name: Build/push Refiner Ops RC image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile.ops | |
| push: ${{ github.event.inputs.dry_run == 'false' }} | |
| tags: ${{ steps.vars.outputs.ops_tags }} | |
| build-args: | | |
| VERSION=${{ steps.vars.outputs.version_tag }} |