Skip to content

Commit aa8da0d

Browse files
author
Monjurul Haque
authored
Merge pull request #8 from govuk-one-login/image-architecture-fix-minor-change
PLAT-4215 Adding option to configure the --platform tag during docker build
2 parents 5e1a290 + c8c2388 commit aa8da0d

3 files changed

Lines changed: 43 additions & 23 deletions

File tree

README.md

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -6,20 +6,21 @@ The action packages, signs, and uploads the application to the specified ECR and
66

77
## Action Inputs
88

9-
| Input | Required | Description | Example |
10-
|----------------------------|----------|----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
11-
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
12-
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
13-
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
14-
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
15-
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
16-
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
17-
| dockerfile | false | The Dockerfile to use for the build | Dockerfile
18-
| docker-build-path | false | The Dockerfile path to use for the build | Docker-build-path
19-
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true"
20-
| private-docker-registry | false | Private Docker registry URL. Default to "" | "abc12345.live.dynatrace.com"
21-
| private-docker-login-username | false | Login username to the private docker registry | "abc12345"
22-
| private-docker-login-password | false | Login password to the private docker registry | This should ideally be a GitHub secret
9+
| Input | Required | Description | Example |
10+
| ----------------------------- | -------- | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
11+
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
12+
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
13+
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
14+
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
15+
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
16+
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
17+
| dockerfile | false | The Dockerfile to use for the build | Dockerfile |
18+
| docker-build-path | false | The Dockerfile path to use for the build | Docker-build-path |
19+
| docker-platform | false | The target architecture for the image build | "" |
20+
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true" |
21+
| private-docker-registry | false | Private Docker registry URL. Default to "" | "abc12345.live.dynatrace.com" |
22+
| private-docker-login-username | false | Login username to the private docker registry | "abc12345" |
23+
| private-docker-login-password | false | Login password to the private docker registry | This should ideally be a GitHub secret |
2324

2425
## Usage Example
2526

@@ -41,10 +42,10 @@ Pull in the action in your workflow as below, making sure to specify the release
4142
4243
- pre-commit:
4344
44-
```shell
45-
brew install pre-commit
46-
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
47-
```
45+
```shell
46+
brew install pre-commit
47+
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
48+
```
4849

4950
## Releasing updates
5051

@@ -60,4 +61,4 @@ NOTE: Until v3 is released, you will need to point both v1 and v2 to the latest
6061

6162
### Breaking changes
6263

63-
Release a new major version as normal following semantic versioning.
64+
Release a new major version as normal following semantic versioning.

action.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ inputs:
2929
docker-build-path:
3030
description: The Dockerfile path to use for the build
3131
required: false
32+
docker-platform:
33+
description: The target architecture for the image build
34+
required: false
35+
default: ""
3236
checkout-repo:
3337
description: Checks out the repo as the first step of the action. Default "true".
3438
required: false
@@ -69,7 +73,7 @@ runs:
6973
id: login-ecr
7074
uses: aws-actions/amazon-ecr-login@v2
7175
with:
72-
mask-password: 'true' # pragma: allowlist secret
76+
mask-password: "true" # pragma: allowlist secret
7377

7478
- name: Login to private Docker Registry
7579
if: ${{ inputs.private-docker-registry != '' }}
@@ -82,7 +86,7 @@ runs:
8286
- name: Install Cosign
8387
uses: sigstore/cosign-installer@main
8488
with:
85-
cosign-release: 'v1.9.0'
89+
cosign-release: "v1.9.0"
8690

8791
- name: Upload Fargates to S3
8892
env:
@@ -95,7 +99,8 @@ runs:
9599
ARTIFACT_BUCKET_NAME: ${{ inputs.artifact-bucket-name }}
96100
DOCKERFILE: ${{ inputs.dockerfile }}
97101
DOCKER_BUILD_PATH: ${{ inputs.docker-build-path }}
102+
DOCKER_PLATFORM: ${{ inputs.docker-platform }}
98103
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
99104

100105
run: ${{ github.action_path }}/scripts/build-tag-push-ecr.sh
101-
shell: bash
106+
shell: bash

scripts/build-tag-push-ecr.sh

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,21 @@ fi
88

99
echo "Building image"
1010

11-
docker build -t "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" -f "$DOCKER_BUILD_PATH"/"$DOCKERFILE" "$DOCKER_BUILD_PATH"
11+
PLATFORM_OPTION=""
12+
13+
if [ -n "${DOCKER_PLATFORM}" ]; then
14+
echo "Using platform option as --platform ${DOCKER_PLATFORM}"
15+
PLATFORM_OPTION="--platform ${DOCKER_PLATFORM}"
16+
else
17+
echo "No platform option supplied, using defaults."
18+
fi
19+
20+
docker build \
21+
--tag "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" \
22+
$PLATFORM_OPTION \
23+
--file "$DOCKER_BUILD_PATH"/"$DOCKERFILE" \
24+
"$DOCKER_BUILD_PATH"
25+
1226
docker push "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA"
1327

1428
if [ ${CONTAINER_SIGN_KMS_KEY_ARN} != "none" ]; then

0 commit comments

Comments
 (0)