-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (91 loc) · 3.94 KB
/
publish-ecr-image-release.yml
File metadata and controls
105 lines (91 loc) · 3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Create Release Build tag Bridge-Explorer
# Controls when the action will run. Invokes the workflow on push events
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
env:
AWS_REGION: 'eu-central-1'
permissions:
id-token: write # This is required for requesting the JWT
contents: write # This is required for actions/checkout and create release
jobs:
Build_and_push_image_to_ECR:
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4.0.0
with:
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.AWS_ECR_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Get latest Release Tag
if: (github.ref_type == 'tag' || github.ref == 'refs/heads/main')
id: release_tag
run: echo "tag=$(git describe --abbrev=0 --tags $(git rev-list --tags --max-count=1))" >> $GITHUB_OUTPUT
- name: Create Release
uses: actions/github-script@v6
if: startsWith(github.ref, 'refs/tags/')
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
if (!${{ toJson(steps.release_tag.outputs.tag) }}) {
core.setFailed("RELEASE_TAG is not defined.")
return;
}
try {
const response = await github.rest.repos.createRelease({
name: ${{ toJson(steps.release_tag.outputs.tag) }},
tag_name: ${{ toJson(steps.release_tag.outputs.tag) }},
draft: false,
generate_release_notes: true,
owner: context.repo.owner,
prerelease: false,
repo: context.repo.repo,
});
core.exportVariable('RELEASE_ID', response.data.id);
core.exportVariable('RELEASE_UPLOAD_URL', response.data.upload_url);
} catch (error) {
core.setFailed(error.message);
}
- name: Build, tag, and push PROD to Amazon ECR
if: startsWith(github.ref, 'refs/tags/')
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ steps.release_tag.outputs.tag }}
uses: docker/build-push-action@v3
with:
context: ./app
file: ./app/Dockerfile
push: true
tags: |
"${{ env.REGISTRY }}/bridge-explorer:${{ env.IMAGE_TAG }}"
platforms: |
linux/amd64
build-args: |
"NEXT_PUBLIC_APP_NAME=GnosisBridgeMonitor"
"NEXT_PUBLIC_DEFAULT_THEME=dark"
"NEXT_PUBLIC_DEFAULT_CHAIN_ID=1"
"NEXT_PUBLIC_COOKIES_WARNING_ENABLED=true"
"NEXT_PUBLIC_POLLING_INTERVAL=10000"
"NEXT_PUBLIC_RPC_MAINNET=https://rpc.eu-central-1.gateway.fm/v4/ethereum/non-archival/mainnet?apiKey=LXyRambFCpLn3HqgKKRluyfH8RHpf_qT.xOmQXGPVWlOlaDSK"
"NEXT_PUBLIC_RPC_GNOSIS=https://rpc.gnosischain.com"
"NEXT_PUBLIC_RPC_CHIADO=https://rpc.chiadochain.net"
"NEXT_PUBLIC_WALLET_CONNECT_DAPP_URL=${{ secrets.WALLET_CONNECT_URL }}"
"NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=${{ secrets.WALLET_CONNECT_PROJECT_ID }}"
"NEXT_PUBLIC_SUBGRAPH_ENVIRONMENT=production"
"NEXT_PUBLIC_SUBGRAPH_ACCESS_ID=${{ secrets.GRAPH_API_KEY }}"
"NEXT_PUBLIC_SUBGRAPH_CHAINS_RESOURCE_IDS=100:2ths6FTZhCBggnyakh7PL5KH91zjRv8xPNfzaCRKogJ,1:9W7Ye5xFfefNYDxXD4StqAuj7TU8eLq5PLmuPUnhFbeQ"
"NEXT_PUBLIC_ALCHEMY_API_KEY=${{ secrets.PROD_NEXT_PUBLIC_ALCHEMY_API_KEY }}"