|
| 1 | +name: Create Release and Image |
| 2 | +# Required Repository Secrets: |
| 3 | +#AWS_REGION |
| 4 | +#AWS_ECR_REPOSITORY_URL |
| 5 | +#AWS_ECR_REPO_SLUG |
| 6 | +#AWS_ACCESS_KEY_ID |
| 7 | +#AWS_SECRET_ACCESS_KEY |
| 8 | +#GIT_USERNAME |
| 9 | +#GIT_PASSWORD |
| 10 | +on: |
| 11 | + workflow_dispatch: |
| 12 | + inputs: |
| 13 | + RELEASE_TAG: |
| 14 | + description: "New release tag (format: vX.Y.Z)" |
| 15 | + required: true |
| 16 | + DOCKER_BRANCH: |
| 17 | + description: "Source branch name" |
| 18 | + default: "main" |
| 19 | + required: true |
| 20 | + CI_BOT_PAT: |
| 21 | + description: "Personal Access Token with repo access" |
| 22 | + required: true |
| 23 | + |
| 24 | +env: |
| 25 | + AWS_REGION: ${{ secrets.AWS_REGION }} |
| 26 | + REPOSITORY_URL: ${{ secrets.AWS_ECR_REPOSITORY_URL }} |
| 27 | + GIT_USERNAME: ${{ secrets.GIT_USERNAME }} |
| 28 | + GIT_PASSWORD: ${{ secrets.GIT_PASSWORD }} |
| 29 | + REPO_SLUG: ${{ vars.AWS_ECR_REPO_SLUG }} |
| 30 | + |
| 31 | +jobs: |
| 32 | + prepare_and_tag: |
| 33 | + name: Update Dockerfile & Tag |
| 34 | + runs-on: ubuntu-latest |
| 35 | + |
| 36 | + steps: |
| 37 | + - name: Validate input tag |
| 38 | + run: | |
| 39 | + if [[ ! "${{ inputs.RELEASE_TAG }}" =~ ^v.+ ]]; then |
| 40 | + echo "RELEASE_TAG must start with 'v'" |
| 41 | + exit 1 |
| 42 | + fi |
| 43 | +
|
| 44 | + - name: Checkout repo |
| 45 | + uses: actions/checkout@v4 |
| 46 | + with: |
| 47 | + ref: ${{ inputs.DOCKER_BRANCH }} |
| 48 | + token: ${{ inputs.CI_BOT_PAT }} |
| 49 | + |
| 50 | + - name: Configure git author |
| 51 | + run: | |
| 52 | + git config user.name "hotwax-ci-bot" |
| 53 | + git config user.email "[email protected]" |
| 54 | +
|
| 55 | + - name: Update Dockerfile(s) |
| 56 | + run: | |
| 57 | + TAG="${{ inputs.RELEASE_TAG }}" |
| 58 | + sed -i "s|RUN git clone --depth 1 -b \".*\" https://github.com/hotwax/shopify-app-bridge.git|RUN git clone --depth 1 -b \"$TAG\" https://github.com/hotwax/hotwax-maarg-docker-config.git|" docker/prod/Dockerfile || true |
| 59 | + if [[ -f docker/uat/Dockerfile ]]; then |
| 60 | + sed -i "s|RUN git clone --depth 1 -b \".*\" https://github.com/hotwax/shopify-app-bridge.git|RUN git clone --depth 1 -b \"$TAG\" https://github.com/hotwax/hotwax-maarg-docker-config.git|" docker/uat/Dockerfile || true |
| 61 | + fi |
| 62 | +
|
| 63 | + - name: Commit changes |
| 64 | + run: | |
| 65 | + if ! git diff --quiet; then |
| 66 | + git add docker |
| 67 | + git commit -m "Updated Dockerfile(s) to ${{ inputs.RELEASE_TAG }}" |
| 68 | + git push https://x-access-token:${{ inputs.CI_BOT_PAT }}@github.com/${{ github.repository }} HEAD:${{ inputs.DOCKER_BRANCH }} |
| 69 | + else |
| 70 | + echo "No changes to commit" |
| 71 | + fi |
| 72 | +
|
| 73 | + - name: Create annotated tag |
| 74 | + run: | |
| 75 | + TAG="${{ inputs.RELEASE_TAG }}" |
| 76 | + git tag -d "$TAG" 2>/dev/null || true |
| 77 | + git tag -a "$TAG" -m "Tagged release $TAG" |
| 78 | + git push https://x-access-token:${{ inputs.CI_BOT_PAT }}@github.com/${{ github.repository }} "$TAG" |
| 79 | +
|
| 80 | + build_and_push: |
| 81 | + name: Build & Push Docker Image |
| 82 | + runs-on: ubuntu-latest |
| 83 | + needs: prepare_and_tag |
| 84 | + environment: production |
| 85 | + env: |
| 86 | + DOCKER_BUILDKIT: "1" |
| 87 | + |
| 88 | + steps: |
| 89 | + - name: Checkout at tag |
| 90 | + uses: actions/checkout@v4 |
| 91 | + with: |
| 92 | + ref: ${{ inputs.RELEASE_TAG }} |
| 93 | + token: ${{ inputs.CI_BOT_PAT }} |
| 94 | + |
| 95 | + - name: Configure AWS credentials |
| 96 | + uses: aws-actions/configure-aws-credentials@v4 |
| 97 | + with: |
| 98 | + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 99 | + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 100 | + aws-region: ${{ env.AWS_REGION }} |
| 101 | + |
| 102 | + - name: Login to Amazon ECR |
| 103 | + id: login-ecr |
| 104 | + uses: aws-actions/amazon-ecr-login@v2 |
| 105 | + |
| 106 | + - name: Build and push Docker image |
| 107 | + uses: docker/build-push-action@v6 |
| 108 | + with: |
| 109 | + context: . |
| 110 | + file: docker/prod/Dockerfile |
| 111 | + push: true |
| 112 | + no-cache: true |
| 113 | + build-args: | |
| 114 | + GIT_USERNAME=${{ env.GIT_USERNAME }} |
| 115 | + GIT_PASSWORD=${{ env.GIT_PASSWORD }} |
| 116 | + tags: | |
| 117 | + ${{ env.REPOSITORY_URL }}/${{ env.REPO_SLUG }}:${{ inputs.RELEASE_TAG }} |
| 118 | +
|
| 119 | + release: |
| 120 | + name: Create GitHub Release |
| 121 | + runs-on: ubuntu-latest |
| 122 | + needs: build_and_push |
| 123 | + |
| 124 | + steps: |
| 125 | + - name: Create release |
| 126 | + run: | |
| 127 | + RELEASE_DATE=$(date +%F) |
| 128 | + curl -s -X POST https://api.github.com/repos/${{ github.repository }}/releases \ |
| 129 | + -H "Authorization: token ${{ inputs.CI_BOT_PAT }}" \ |
| 130 | + -H "Content-Type: application/json" \ |
| 131 | + -d @- <<EOF |
| 132 | + { |
| 133 | + "tag_name": "${{ inputs.RELEASE_TAG }}", |
| 134 | + "name": "${{ inputs.RELEASE_TAG }} ($RELEASE_DATE)", |
| 135 | + "body": "Release created on $RELEASE_DATE", |
| 136 | + "draft": false, |
| 137 | + "prerelease": false |
| 138 | + } |
| 139 | + EOF |
| 140 | + - name: Notify Google Chat (success) |
| 141 | + if: success() |
| 142 | + env: |
| 143 | + GCHAT_WEBHOOK: ${{ secrets.GCHAT_WEBHOOK }} |
| 144 | + run: | |
| 145 | + if [ -z "$GCHAT_WEBHOOK" ]; then |
| 146 | + echo "GCHAT_WEBHOOK not set — skipping Google Chat notification." |
| 147 | + exit 0 |
| 148 | + fi |
| 149 | + tag="${{ inputs.RELEASE_TAG }}" |
| 150 | + repo="${{ github.repository }}" |
| 151 | + rel_url="${{ github.server_url }}/${{ github.repository }}/releases/tag/${tag}" |
| 152 | + # Google Chat supports basic Markdown (like [text](url)) |
| 153 | + text="Release <${rel_url}|${tag}> published for \`${repo}\`" |
| 154 | + payload=$(jq -n --arg t "$text" '{text:$t}') |
| 155 | + curl -sS -X POST -H 'Content-Type: application/json' -d "$payload" "$GCHAT_WEBHOOK" |
| 156 | +
|
0 commit comments