Build image from main and deploy to staging #32
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish image and deploy to staging | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| ECR_REPOSITORY_URI: ${{ secrets.AWS_ECR_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/${{ secrets.ECR_REPOSITORY }} | |
| jobs: | |
| prepare-variables: | |
| name: Prepare variables | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| outputs: | |
| image_tags: ${{ steps.generate_image_tags.outputs.image_tags }} | |
| unique_image_tag: ${{ steps.generate_image_tags.outputs.unique_image_tag }} | |
| ecr_repo_uri: ${{ steps.generate_image_tags.outputs.ecr_repo_uri }} | |
| steps: | |
| # Required by generate_image_tags | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Generate image tags | |
| id: generate_image_tags | |
| env: | |
| IMAGE_REPOSITORY: ${{ env.ECR_REPOSITORY_URI }} | |
| BRANCH_IMAGE_TAG: ${{ github.ref_name }} | |
| run: | | |
| unique_image_tag="${BRANCH_IMAGE_TAG}-$(git rev-parse --short HEAD)" | |
| image_tags="${IMAGE_REPOSITORY}:${BRANCH_IMAGE_TAG},${IMAGE_REPOSITORY}:${unique_image_tag}" | |
| echo "unique_image_tag=${unique_image_tag}" >> $GITHUB_OUTPUT | |
| echo "image_tags=${image_tags}" >> $GITHUB_OUTPUT | |
| echo "ecr_repo_uri=${IMAGE_REPOSITORY}" >> $GITHUB_OUTPUT | |
| build-push: | |
| needs: prepare-variables | |
| uses: saleor/saleor-internal-actions/.github/workflows/build-push-image-multi-platform.yaml@92c29aa0e4545de579b892b2ef9f2d6366c29c11 # v1.5.2 | |
| permissions: | |
| contents: read | |
| id-token: write # needed for AWS/ECR login | |
| packages: write # needed for GHCR (not used, but required permission) | |
| with: | |
| checkout-ref: ${{ github.ref_name }} | |
| enable-aws-ecr: true | |
| aws-ecr-region: eu-west-1 | |
| oci-full-repository: ${{ needs.prepare-variables.outputs.ecr_repo_uri }} | |
| tags: ${{ needs.prepare-variables.outputs.image_tags }} | |
| amd64-runner-image: ubuntu-24.04 | |
| arm64-runner-image: ubuntu-24.04-arm | |
| secrets: | |
| aws-ecr-role-to-assume: arn:aws:iam::${{ secrets.AWS_STAGING_ACCOUNT_ID }}:role/${{ secrets.AWS_APPS_SALEOR_MCP_STAGING_CICD_ROLE_NAME }} | |
| aws-ecr-registries: ${{ secrets.AWS_ECR_ACCOUNT }} | |
| deploy: | |
| needs: [prepare-variables, build-push] | |
| runs-on: ubuntu-22.04 | |
| permissions: {} | |
| steps: | |
| - name: Get Token | |
| id: get-token | |
| uses: saleor/saleor-internal-actions/request-vault-token@6a0fa7c073b3857a11d414f25a149065fe5a0fcf # v1.4.0 | |
| with: | |
| vault-url: ${{ secrets.VAULT_URL }} | |
| vault-jwt: ${{ secrets.VAULT_JWT }} | |
| - name: Trigger staging deployment | |
| env: | |
| GITHUB_TOKEN: ${{ steps.get-token.outputs.token }} | |
| UNIQUE_IMAGE_TAG: ${{ needs.prepare-variables.outputs.unique_image_tag }} | |
| run: | | |
| payload=$( | |
| jq --arg image_tag "$UNIQUE_IMAGE_TAG" -n '{ | |
| "event_type": "saleor-mcp-staging", | |
| "client_payload": { | |
| "image_tag": $image_tag | |
| } | |
| }' | |
| ) | |
| gh api /repos/saleor/saleor-cloud-deployments/dispatches --input - <<< "$payload" |