Added a GitHub workflow for image building

It uses the IAM role on AWS and pushes the image to ECR
cabinetoffice · Jul 29, 2024 · d219583 · d219583
1 parent 3f7aa84
commit d219583
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/.github/workflows/build_image.yaml b/.github/workflows/build_image.yaml
@@ -0,0 +1,37 @@
+name: Build and upload docker images
+
+on:
+  push:
+    branches:
+      - '**'
+
+permissions:
+  id-token: write   # for JWT request
+  contents: read    # for actions/checkout
+
+jobs:
+  docker-image-build:
+    name: docker-image-build
+    runs-on: ubuntu-latest
+    environment: preprod
+    steps:
+      - name: Checkout repo
+        uses: actions/[email protected]
+      - name: Configure AWS Credentials
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME }}
+          aws-region: eu-west-2
+          role-session-name: github-aws-access
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/[email protected]
+      - name: Build metadata-api, tag, and push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: "fb-service-token-cache"
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t ${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} .
+          docker tag ${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
+          docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}