Skip to content
This repository was archived by the owner on Feb 24, 2026. It is now read-only.
Generate API dependencies image

Generate API dependencies image #7

Sign in to view logs

Generate API dependencies image

Generate API dependencies image #7

Workflow file for this run

.github/workflows/api-dependencies.yml at dd31ea1
name: Generate API dependencies image
on:
workflow_call:
inputs:
ref:
description: 'The branch, tag or SHA to checkout'
required: false
type: string
default: ''
workflow_dispatch:
inputs:
environment:
description: 'Environment to deploy to'
type: choice
required: true
default: 'staging'
options:
- staging
- production
jobs:
check-changes:
name: Check for dependency changes
runs-on: ubuntu-latest
outputs:
changes_detected: ${{ steps.check-changes.outputs.changes_detected }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref || github.ref }}
fetch-depth: 0
- name: Check for changes in dependency files
id: check-changes
run: |
# For manual triggers or workflow calls, check if files have changed
if git rev-parse --verify HEAD^1 >/dev/null 2>&1; then
# If we have a parent commit, compare with it
CHANGED_FILES=$(git diff --name-only HEAD^1 HEAD)
else
# If this is the first commit or we're on a different branch
# List all tracked files
CHANGED_FILES=$(git ls-tree -r --name-only HEAD)
fi
# Define the pattern for dependency-related files
DEPENDENCY_PATTERN="^package\.json$|^yarn\.lock$|^apps\/api\/package\.json$"
DEPENDENCY_PATTERN="$DEPENDENCY_PATTERN|^packages\/(auth|common|config|contracts|core|plugin|utils)\/.*package\.json$"
DEPENDENCY_PATTERN="$DEPENDENCY_PATTERN|^packages\/plugins\/[a-z\-]+[^u][^i]\/.*package\.json$"
DEPENDENCY_PATTERN="$DEPENDENCY_PATTERN|^\.deploy\/dependencies\/api\/|^\.github\/workflows\/api-dependencies\.yml$"
if echo "$CHANGED_FILES" | grep -q -E "$DEPENDENCY_PATTERN"; then
echo "changes_detected=true" >> $GITHUB_OUTPUT
echo "Dependency changes detected"
else
echo "changes_detected=false" >> $GITHUB_OUTPUT
echo "No dependency changes detected"
fi
handle-no-changes:
name: Handle no changes
needs: check-changes
if: needs.check-changes.outputs.changes_detected != 'true'
runs-on: ubuntu-latest
steps:
- name: No changes required
run: |
echo "No dependency changes detected. No rebuild required."
exit 0
sync-infrastructure-config:
name: Sync Infrastructure Configuration
needs: check-changes
if: needs.check-changes.outputs.changes_detected == 'true' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
environment: ${{ inputs.environment || (startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging') }}
permissions:
contents: read
id-token: write
outputs:
ecr_repository_dependencies: ${{ steps.get-iac-outputs.outputs.ecr_repository_dependencies }}
env:
AWS_REGION: ${{ vars.AWS_REGION || 'eu-west-1' }}
TERRAFORM_BACKEND_BUCKET: ${{ vars.OPENTOFU_BACKEND_BUCKET || 'dspot-terraform-states-s3' }}
TERRAFORM_BACKEND_REGION: ${{ vars.OPENTOFU_BACKEND_REGION || 'eu-west-1' }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref || github.ref }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: "~1.9"
tofu_wrapper: false
- name: Retrieve ECR Configuration from OpenTofu State
id: get-iac-outputs
run: |
# Determine environment
ENVIRONMENT="${{ inputs.environment || (startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging') }}"
TERRAFORM_BACKEND_KEY="hubstaff_to_gauzy_migration/$ENVIRONMENT/terraform.tfstate"
echo "🔧 Initializing OpenTofu for $ENVIRONMENT environment..."
echo "Backend bucket: ${{ env.TERRAFORM_BACKEND_BUCKET }}"
echo "Backend key: $TERRAFORM_BACKEND_KEY"
echo "Backend region: ${{ env.TERRAFORM_BACKEND_REGION }}"
# Create minimal OpenTofu configuration for remote state access
mkdir -p /tmp/tofu-config
cd /tmp/tofu-config
cat > backend.tf << EOF
terraform {
backend "s3" {
bucket = "${{ env.TERRAFORM_BACKEND_BUCKET }}"
key = "$TERRAFORM_BACKEND_KEY"
region = "${{ env.TERRAFORM_BACKEND_REGION }}"
}
}
EOF
echo "📁 Created temporary OpenTofu configuration:"
cat backend.tf
# Initialize OpenTofu with remote backend
tofu init
echo "📋 Retrieving ECR repository names..."
# Get repository names directly from OpenTofu outputs
ECR_DEPENDENCY_REPO=$(tofu output -raw ecr_dependency_repository_name 2>/dev/null || echo "")
if [ -n "$ECR_DEPENDENCY_REPO" ]; then
echo "✅ Retrieved ECR dependency repository name: $ECR_DEPENDENCY_REPO"
else
echo "❌ Failed to retrieve ECR dependency repository name from OpenTofu state"
echo "Available outputs:"
tofu output 2>/dev/null || echo "No outputs available"
exit 1
fi
# Set outputs
echo "ecr_repository_dependencies=$ECR_DEPENDENCY_REPO" >> $GITHUB_OUTPUT
echo "✅ Retrieved ECR configuration:"
echo "ECR Dependencies Repository: $ECR_DEPENDENCY_REPO"
echo "ECR Registry will be used from GitHub variable ECR_REGISTRY"
# Cleanup
cd /
rm -rf /tmp/tofu-config
generate-dependencies:
name: Generate dependencies image
needs: [check-changes, sync-infrastructure-config]
if: needs.check-changes.outputs.changes_detected == 'true' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
environment: ${{ inputs.environment || (startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging') }}
permissions:
contents: read
id-token: write
env:
AWS_REGION: ${{ vars.AWS_REGION || 'eu-west-1' }}
ECR_REGISTRY: ${{ vars.ECR_REGISTRY }}
ECR_REPOSITORY_DEPENDENCIES: ${{ needs.sync-infrastructure-config.outputs.ecr_repository_dependencies }} # Dynamic from IaC
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref || github.ref }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Validate ECR Configuration
run: |
echo "🔍 Validating ECR configuration..."
echo "ECR Registry (manual): ${{ env.ECR_REGISTRY }}"
echo "ECR Repository (from IaC): ${{ env.ECR_REPOSITORY_DEPENDENCIES }}"
if [ -z "${{ env.ECR_REGISTRY }}" ]; then
echo "❌ ECR_REGISTRY GitHub variable is not set"
echo "Please add ECR_REGISTRY variable in GitHub repository settings"
exit 1
fi
if [ -z "${{ env.ECR_REPOSITORY_DEPENDENCIES }}" ]; then
echo "❌ ECR_REPOSITORY_DEPENDENCIES is not set from OpenTofu"
exit 1
fi
echo "✅ ECR configuration is valid!"
- name: Build dependency images
run: |
echo "🔨 Building API dependency images..."
echo "Registry: ${{ env.ECR_REGISTRY }}"
echo "Repository: ${{ env.ECR_REPOSITORY_DEPENDENCIES }}"
# Build development dependencies image
docker build \
-t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}:latest-api-dev \
-f .deploy/dependencies/api/Dockerfile \
.
# Build production dependencies image
docker build \
--build-arg ENVIRONMENT=production \
-t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}:latest-api-prod \
-f .deploy/dependencies/api/Dockerfile \
.
# Also tag as latest for backward compatibility
docker tag ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}:latest-api-prod \
${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}:latest
- name: Push images to Amazon ECR
run: |
echo "📤 Pushing dependency images to ECR..."
echo "Pushing to: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }}"
docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY_DEPENDENCIES }} --all-tags
echo "✅ Successfully pushed all dependency images"