|
1 | | -name: Build and upload docker images |
| 1 | +name: Build and Push Image |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | push: |
5 | 5 | branches: |
6 | 6 | - '**' |
7 | 7 |
|
8 | 8 | permissions: |
9 | | - id-token: write # for JWT request |
10 | | - contents: read # for actions/checkout |
| 9 | + contents: read |
| 10 | + packages: write |
| 11 | + |
| 12 | +env: |
| 13 | + REGISTRY: ghcr.io |
| 14 | + IMAGE_NAME: cabinetoffice/fb-user-datastore-api |
11 | 15 |
|
12 | 16 | jobs: |
13 | | - docker-image-build: |
14 | | - name: docker-image-build |
| 17 | + build-fb-user-datastore-api: |
15 | 18 | runs-on: ubuntu-latest |
16 | | - environment: preprod |
17 | 19 | steps: |
18 | | - - name: Checkout repo |
19 | | - uses: actions/checkout@v4.1.7 |
20 | | - - name: Configure AWS Credentials |
21 | | - uses: aws-actions/configure-aws-credentials@v4.0.2 |
22 | | - with: |
23 | | - role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME }} |
24 | | - aws-region: eu-west-2 |
25 | | - role-session-name: github-aws-access |
26 | | - - name: Login to Amazon ECR |
27 | | - id: login-ecr |
28 | | - uses: aws-actions/amazon-ecr-login@v2.0.1 |
29 | | - - name: Build fb-user-datastore, tag, and push docker image to Amazon ECR |
30 | | - env: |
31 | | - REGISTRY: ${{ steps.login-ecr.outputs.registry }} |
32 | | - REPOSITORY: "fb-user-datastore" |
33 | | - IMAGE_TAG: ${{ github.sha }} |
| 20 | + - name: Checkout |
| 21 | + uses: actions/checkout@v4 |
| 22 | + |
| 23 | + - name: Compute tag |
| 24 | + id: tag |
| 25 | + shell: bash |
34 | 26 | run: | |
35 | | - docker build -t ${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} . |
36 | | - docker tag ${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} |
37 | | - docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} |
| 27 | + set -euo pipefail |
| 28 | + sha="${GITHUB_SHA}" |
| 29 | + short_sha="${sha:0:7}" |
| 30 | + ref="${GITHUB_REF_NAME}" |
| 31 | +
|
| 32 | + if [[ "$ref" == "main" ]]; then |
| 33 | + tag="main-${short_sha}" |
| 34 | + else |
| 35 | + # Sanitize branch name for Docker tag compatibility. |
| 36 | + safe_ref="$(echo "$ref" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9_.-]/-/g')" |
| 37 | + tag="branch-${safe_ref}-${short_sha}" |
| 38 | + fi |
| 39 | +
|
| 40 | + echo "value=$tag" >> "$GITHUB_OUTPUT" |
| 41 | +
|
| 42 | + - name: Log in to GHCR |
| 43 | + uses: docker/login-action@v3 |
| 44 | + with: |
| 45 | + registry: ${{ env.REGISTRY }} |
| 46 | + username: ${{ github.actor }} |
| 47 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 48 | + |
| 49 | + - name: Build and push image |
| 50 | + uses: docker/build-push-action@v6 |
| 51 | + with: |
| 52 | + context: . |
| 53 | + push: true |
| 54 | + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.value }} |
0 commit comments