|
17 | 17 | env: |
18 | 18 | REGISTRY: ghcr.io |
19 | 19 | IMAGE_PREFIX: ${{ github.repository }} |
| 20 | + ECR_REGISTRY: 524473328983.dkr.ecr.us-west-2.amazonaws.com |
| 21 | + ECR_IMAGE_PREFIX: nemoclaw-community |
20 | 22 |
|
21 | 23 | permissions: |
22 | 24 | contents: read |
@@ -217,3 +219,78 @@ jobs: |
217 | 219 | BASE_IMAGE=${{ steps.base.outputs.image }} |
218 | 220 | cache-from: type=gha,scope=${{ matrix.sandbox }} |
219 | 221 | cache-to: type=gha,mode=max,scope=${{ matrix.sandbox }} |
| 222 | + |
| 223 | + # --------------------------------------------------------------------------- |
| 224 | + # Publish images to ECR (re-tag from GHCR, no rebuild required) |
| 225 | + # --------------------------------------------------------------------------- |
| 226 | + publish-ecr: |
| 227 | + name: Publish to ECR |
| 228 | + needs: [detect-changes, build-base, build] |
| 229 | + if: | |
| 230 | + always() && |
| 231 | + github.ref == 'refs/heads/main' && |
| 232 | + needs.detect-changes.result == 'success' && |
| 233 | + (needs.build-base.result == 'success' || needs.build-base.result == 'skipped') && |
| 234 | + (needs.build.result == 'success' || needs.build.result == 'skipped') |
| 235 | + runs-on: ubuntu-latest |
| 236 | + env: |
| 237 | + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 238 | + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 239 | + AWS_DEFAULT_REGION: us-west-2 |
| 240 | + steps: |
| 241 | + - name: Lowercase image prefix |
| 242 | + id: repo |
| 243 | + run: echo "image_prefix=${IMAGE_PREFIX,,}" >> "$GITHUB_OUTPUT" |
| 244 | + |
| 245 | + - name: Set up Docker Buildx |
| 246 | + uses: docker/setup-buildx-action@v3 |
| 247 | + |
| 248 | + - name: Log in to GHCR |
| 249 | + uses: docker/login-action@v3 |
| 250 | + with: |
| 251 | + registry: ${{ env.REGISTRY }} |
| 252 | + username: ${{ github.actor }} |
| 253 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 254 | + |
| 255 | + - name: Log in to ECR |
| 256 | + run: aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} |
| 257 | + |
| 258 | + - name: Copy base image to ECR |
| 259 | + if: needs.detect-changes.outputs.base-changed == 'true' |
| 260 | + run: | |
| 261 | + set -euo pipefail |
| 262 | + GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/base" |
| 263 | + ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/base" |
| 264 | + SHA="${{ github.sha }}" |
| 265 | +
|
| 266 | + echo "Copying ${GHCR_IMAGE}:${SHA} -> ${ECR_IMAGE}:${SHA}" |
| 267 | + docker buildx imagetools create \ |
| 268 | + -t "${ECR_IMAGE}:${SHA}" \ |
| 269 | + "${GHCR_IMAGE}:${SHA}" |
| 270 | +
|
| 271 | + echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
| 272 | + docker buildx imagetools create \ |
| 273 | + -t "${ECR_IMAGE}:latest" \ |
| 274 | + "${GHCR_IMAGE}:latest" |
| 275 | +
|
| 276 | + - name: Copy sandbox images to ECR |
| 277 | + if: needs.detect-changes.outputs.sandboxes != '[]' |
| 278 | + run: | |
| 279 | + set -euo pipefail |
| 280 | + SANDBOXES='${{ needs.detect-changes.outputs.sandboxes }}' |
| 281 | + SHA="${{ github.sha }}" |
| 282 | +
|
| 283 | + for SANDBOX in $(echo "$SANDBOXES" | jq -r '.[]'); do |
| 284 | + GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/${SANDBOX}" |
| 285 | + ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/${SANDBOX}" |
| 286 | +
|
| 287 | + echo "Copying ${GHCR_IMAGE}:${SHA} -> ${ECR_IMAGE}:${SHA}" |
| 288 | + docker buildx imagetools create \ |
| 289 | + -t "${ECR_IMAGE}:${SHA}" \ |
| 290 | + "${GHCR_IMAGE}:${SHA}" |
| 291 | +
|
| 292 | + echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
| 293 | + docker buildx imagetools create \ |
| 294 | + -t "${ECR_IMAGE}:latest" \ |
| 295 | + "${GHCR_IMAGE}:latest" |
| 296 | + done |
0 commit comments