github-actions/.github/workflows/docker-build-push-image.yml at main · exercism/github-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Build and Push Docker image

on:
  workflow_call:
    inputs:
      aws_ecr:
        description: "Push to AWS ECR"
        default: true
        required: false
        type: boolean
      docker_hub:
        description: "Push to Docker Hub"
        default: true
        required: false
        type: boolean
      provenance:
        description: "Generate provenance attestation for the build"
        default: true
        required: false
        type: boolean
      image_name:
        description: "The name of the image to deploy (default: repo name)"
        required: false
        type: string
      platform:
        description: "The image's platform (default: linux/amd64)"
        default: "linux/amd64"
        required: false
        type: string
    secrets:
      AWS_ACCOUNT_ID:
        description: "The AWS account ID used to determine the ECR registry"
        required: true
      AWS_REGION:
        description: "The AWS region used to determine the ECR registry"
        required: true
      AWS_ECR_ACCESS_KEY_ID:
        description: "The access key ID used to log into AWS ECR"
        required: true
      AWS_ECR_SECRET_ACCESS_KEY:
        description: "The secret access key ID used to log into AWS ECR"
        required: true
      DOCKERHUB_USERNAME:
        description: "The username used to log into Docker Hub"
        required: true
      DOCKERHUB_PASSWORD:
        description: "The password used to log into Docker Hub"
        required: true
      DOCKER_BUILD_ARGS:
        description: "Docker build arguments"
        required: false

permissions:
  contents: write

jobs:
  build-and-push:
    runs-on: ubuntu-22.04

    env:
      ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com

    steps:
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          # Never deploy from non-main branches
          ref: main

      - name: Check if Dockerfile is present
        id: dockerfile-exists
        run: |
          dockerfile_exists=$(test -f Dockerfile && echo 'true' || echo 'false')
          if [ "${dockerfile_exists}" == "false" ]; then
            echo "::warning:: Skip deploy due to missing Dockerfile"
          fi
          echo "result=${dockerfile_exists}" >> $GITHUB_OUTPUT

      - name: Set up Docker
        uses: docker/setup-docker-action@1a6edb0ba9ac496f6850236981f15d8f9a82254d
        with:
          daemon-config: |
            {
              "features": {
                "containerd-snapshotter": true
              }
            }

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a

      - name: Set up Docker Buildx
        if: steps.dockerfile-exists.outputs.result == 'true'
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd

      - name: Login to DockerHub
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
        if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}}
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Login to ECR
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
        if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}}
        with:
          registry: ${{ env.ECR_REGISTRY }}
          username: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}

      - name: Build Docker image
        if: ${{steps.dockerfile-exists.outputs.result == 'true' && (inputs.docker_hub || inputs.aws_ecr)}}
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
        with:
          context: .
          file: ./Dockerfile
          load: true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
          provenance: false
          platforms: ${{ inputs.platform }}

      - name: Push to Docker Hub
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
        if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.docker_hub}}
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: |
            exercism/${{ inputs.image_name || github.event.repository.name }}:latest
            exercism/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
          provenance: false
          platforms: ${{ inputs.platform }}

      - name: Push to AWS ECR
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
        if: ${{steps.dockerfile-exists.outputs.result == 'true' && inputs.aws_ecr}}
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: |
            ${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:production
            ${{ env.ECR_REGISTRY }}/${{ inputs.image_name || github.event.repository.name }}:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: ${{ secrets.DOCKER_BUILD_ARGS }}
          provenance: false
          platforms: ${{ inputs.platform }}