-
Notifications
You must be signed in to change notification settings - Fork 3
89 lines (81 loc) · 3.94 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: DOCKER
on:
push:
branches:
- release-3.0
workflow_dispatch:
env:
REPOSITORY: flood_map_planning/app-internal
jobs:
build:
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones block `git describe --always --tags` from working later in 'Set all tags'
# Configure our AWS credentials and region environment variables for use in other GitHub Actions
# https://github.com/aws-actions/configure-aws-credentials
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_ENV_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ENV_ACCOUNT }}:role/${{ secrets.AWS_ENV_ROLE }}
# Login to AWS ECR private. It will use the credentials we configured in the previous step
# https://github.com/aws-actions/amazon-ecr-login
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Generate raw tag
id: raw-tag
run:
echo "raw_tag=$(git describe --always --tags)" >> $GITHUB_OUTPUT
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
flavor: |
latest=false
images: ${{ steps.login-ecr.outputs.registry }}/${{ env.REPOSITORY }}
tags: |
type=semver,priority=900,pattern={{raw}}
type=raw,priority=800,value=${{ steps.raw-tag.outputs.raw_tag }}
labels: |
org.opencontainers.image.licenses=OGL-UK-3.0
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
target: production
build-args: |
GIT_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
push: true
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
# Generate a summary that will be displayed against the Job when selected in the Actions tab.
# We this to quickly see details for the image generated instead of digging into the build output.
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary
- name: Generate job summary
id: summary
run: |
{
echo "### Docker Image details"
echo "The tag is **${{ steps.raw-tag.outputs.raw_tag }}**"
echo "| Label | Value |"
echo "| ---------- | ----- |"
echo "| created | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} |"
echo "| description| ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} |"
echo "| licenses | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.licenses'] }} |"
echo "| revision | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} |"
echo "| source | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.source'] }} |"
echo "| title | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }} |"
echo "| url | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.url'] }} |"
echo "| version | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} |"
} >> $GITHUB_STEP_SUMMARY