diff --git a/.github/workflows/_test-docker.yaml b/.github/workflows/_test-docker.yaml
index df88bc37..775b73c9 100644
--- a/.github/workflows/_test-docker.yaml
+++ b/.github/workflows/_test-docker.yaml
@@ -6,6 +6,7 @@ on:
- ".github/workflows/_test-docker.yaml"
- ".github/workflows/docker-*.yaml"
- "tests/docker/**"
+ - "docker/metadata-action/**"
jobs:
test_docker_build_push_ecr:
@@ -72,3 +73,41 @@ jobs:
docker_context: tests/docker
docker_push: false
artifact_name: docker-artifacts
+
+ prep_test_docker_build_push_ecr_advanced:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Build meta and tags
+ id: docker_meta
+ uses: docker/metadata-action@v5
+ with:
+ images: 488017668515.dkr.ecr.eu-central-1.amazonaws.com/sam
+ tags: |
+ type=ref,event=pr
+ type=semver,pattern={{version}}
+ type=semver,pattern={{major}}.{{minor}}
+ type=raw,${{ steps.current-time.outputs.formattedTime }}.${{ github.run_number }}
+ type=raw,{{branch}}.${{ github.run_number }}
+ labels: |
+ org.opencontainers.image.title=Feed Sam Service
+ org.opencontainers.image.description=Feed image rendering service
+ org.opencontainers.image.vendor=tx.group
+ org.opencontainers.image.authors=Christian Jürges
+ outputs:
+ tags: ${{ steps.docker_meta.outputs.tags }}
+ labels: ${{ steps.docker_meta.outputs.labels }}
+ docker_build_args: |
+ GO_VERSION=${{ env.GO_VERSION }}
+ ALPINE_VERSION=${{ env.ALPINE_VERSION }}
+
+ test_docker_build_push_ecr_advanced:
+ needs: prep_test_docker_build_push_ecr_advanced
+ uses: ./.github/workflows/docker-build-push-ecr-advanced.yaml
+ with:
+ aws_account_id: ${{ vars.aws_account_id }}
+ aws_region: ${{ vars.aws_region }}
+ aws_role_name: ${{ vars.aws_role_name }}
+ dockerfile_path: tests/docker/alpine/build/Dockerfile
+ image_tags: ${{ toJSON(needs.prep_test_docker_build_push_ecr_advanced.outputs.tags) }}
+ image_labels: ${{ toJSON(needs.prep_test_docker_build_push_ecr_advanced.outputs.labels) }}
+ docker_build_args: ${{ needs.prep_test_docker_build_push_ecr_advanced.outputs.docker_build_args }}
diff --git a/.github/workflows/docker-build-push-ecr-advanced.yaml b/.github/workflows/docker-build-push-ecr-advanced.yaml
new file mode 100644
index 00000000..2488f30d
--- /dev/null
+++ b/.github/workflows/docker-build-push-ecr-advanced.yaml
@@ -0,0 +1,134 @@
+name: Docker Build and Push to ECR
+run-name: Docker Build and Push to ECR run by ${{ github.actor }}
+
+on:
+ workflow_call:
+ secrets:
+ docker_secrets:
+ description: "Comma-delimited list of Github secrets to pass to docker build workflow"
+ required: false
+ inputs:
+ environment:
+ description: "Environment to run the build in"
+ type: string
+ aws_account_id:
+ description: "AWS Account ID"
+ type: string
+ aws_region:
+ description: "AWS Region"
+ type: string
+ aws_role_name:
+ description: "AWS Role Name"
+ type: string
+ aws_oidc_role_arn:
+ description: "AWS OIDC IAM role to assume"
+ type: string
+ image_tags:
+ description: "toJSON() string with full repo/image:tag list"
+ type: string
+ required: true
+ image_labels:
+ description: "toJSON() JSON string with image labels"
+ type: string
+ default: "{}"
+ docker_build_args:
+ description: "array string with build args"
+ type: string
+ default: "[]"
+ docker_context:
+ description: "Path to the build context"
+ type: string
+ dockerfile_path:
+ description: "Path to the Dockerfile. If not defined, will default to {docker_context}/Dockerfile"
+ type: string
+ docker_push:
+ description: "Push Image to ECR"
+ type: boolean
+ default: true
+ docker_target:
+ description: "Build target"
+ type: string
+ artifact_name:
+ description: "Artifact name to be downloaded before building"
+ type: string
+ artifact_path:
+ description: "Artifact target path"
+ type: string
+ runner_labels:
+ description: "Runner that the main job should run on as JSON encoded list."
+ type: string
+ default: " ['ubuntu-latest'] "
+
+
+jobs:
+ prereq: # this job is required to pass the runner_labels to the build job!
+ runs-on: ubuntu-latest
+ steps:
+ - id: prereq
+ name: Provision step # at least one step is required in a job
+ run: |
+ echo "image tags: ${{ inputs.image_tags }}"
+ echo "image labels: ${{ inputs.image_labels }}"
+ echo "build args: ${{ inputs.docker_build_args }}"
+ outputs:
+ runner_labels: ${{ inputs.runner_labels }}
+ image_tags: ${{ inputs.image_tags }}
+ image_labels: ${{ inputs.image_labels }}
+ build_args: ${{ inputs.docker_build_args }}
+
+ build:
+ needs: prereq
+ runs-on: ${{ fromJSON(needs.prereq.outputs.runner_labels) }}
+ environment: ${{ inputs.environment }}
+ permissions:
+ id-token: write
+ contents: read
+ pull-requests: write
+ steps:
+ - name: Check out code
+ uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+
+ - name: Download artifacts to pass to docker build
+ if: ${{ inputs.artifact_name || inputs.artifact_path }} # avoid downloading artifacts if not needed
+ uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+ env:
+ ARTIFACT_NAME: ${{ inputs.artifact_name || vars.artifact_name }}
+ ARTIFACT_PATH: ${{ inputs.artifact_path || vars.artifact_path }}
+ with:
+ name: ${{ env.ARTIFACT_NAME }}
+ path: ${{ env.ARTIFACT_PATH }}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
+ env:
+ ROLE_TO_ASSUME: ${{ inputs.aws_oidc_role_arn || vars.aws_oidc_role_arn || format('arn:aws:iam::{0}:role/{1}', inputs.aws_account_id, inputs.aws_role_name) }}
+ AWS_REGION: ${{ inputs.aws_region || vars.aws_region || 'eu-central-1' }}
+ with:
+ role-to-assume: ${{ env.ROLE_TO_ASSUME }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
+
+ - name: Build and export
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
+ env:
+ DOCKER_CTX: ${{ inputs.docker_context || vars.docker_context || '.' }}
+ DOCKERFILE_PATH: ${{ inputs.dockerfile_path || vars.dockerfile_path }} # upstream defaults to {DOCKER_CTX}/Dockerfile
+ DOCKER_TARGET: ${{ inputs.docker_target || vars.docker_target }}
+ with:
+ context: ${{ env.DOCKER_CTX }}
+ file: ${{ env.DOCKERFILE_PATH }}
+ secrets: ${{ secrets.docker_secrets }}
+ # platforms: linux/amd64,linux/arm64 # TODO add support for multi-arch builds
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+ push: ${{ inputs.docker_push }}
+ target: ${{ env.DOCKER_TARGET }}
+ tags: ${{ fromJSON(needs.prereq.outputs.image_tags) }}
+ labels: ${{ fromJSON(needs.prereq.outputs.image_labels) }}
+ build-args: ${{ needs.prereq.outputs.build_args }}
diff --git a/.github/workflows/docker-build-push-ecr.yaml b/.github/workflows/docker-build-push-ecr.yaml
index 53f623e5..9d530348 100644
--- a/.github/workflows/docker-build-push-ecr.yaml
+++ b/.github/workflows/docker-build-push-ecr.yaml
@@ -60,6 +60,7 @@ jobs:
permissions:
id-token: write
contents: read
+ pull-requests: write
steps:
- name: Check out code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 0ed6b52b..b8426557 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -26,6 +26,7 @@ jobs:
permissions:
id-token: write
contents: read
+ pull-requests: write
steps:
- name: Check out code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
diff --git a/.github/workflows/docker-push-ecr.yaml b/.github/workflows/docker-push-ecr.yaml
index bdfaf476..730a5284 100644
--- a/.github/workflows/docker-push-ecr.yaml
+++ b/.github/workflows/docker-push-ecr.yaml
@@ -33,6 +33,7 @@ jobs:
permissions:
id-token: write
contents: read
+ pull-requests: write
steps:
- name: Download artifact
env:
diff --git a/docs/workflows/docker-build-push-ecr-advanced.md b/docs/workflows/docker-build-push-ecr-advanced.md
new file mode 100644
index 00000000..7efb975b
--- /dev/null
+++ b/docs/workflows/docker-build-push-ecr-advanced.md
@@ -0,0 +1,154 @@
+---
+title: Docker Build and Push to ECR
+---
+
+
+# Docker Build and Push to ECR
+
+
+## Description
+
+
+## Inputs
+
+| name | description | type | required | default |
+| --- | --- | --- | --- | --- |
+| `environment` | Environment to run the build in
| `string` | `false` | `""` |
+| `aws_account_id` | AWS Account ID
| `string` | `false` | `""` |
+| `aws_region` | AWS Region
| `string` | `false` | `""` |
+| `aws_role_name` | AWS Role Name
| `string` | `false` | `""` |
+| `aws_oidc_role_arn` | AWS OIDC IAM role to assume
| `string` | `false` | `""` |
+| `image_tags` | toJSON() string with full repo/image:tag list
| `string` | `true` | `""` |
+| `image_labels` | toJSON() JSON string with image labels
| `string` | `false` | `{}` |
+| `docker_build_args` | array string with build args
| `string` | `false` | `[]` |
+| `docker_context` | Path to the build context
| `string` | `false` | `""` |
+| `dockerfile_path` | Path to the Dockerfile. If not defined, will default to {docker_context}/Dockerfile
| `string` | `false` | `""` |
+| `docker_push` | Push Image to ECR
| `boolean` | `false` | `true` |
+| `docker_target` | Build target
| `string` | `false` | `""` |
+| `artifact_name` | Artifact name to be downloaded before building
| `string` | `false` | `""` |
+| `artifact_path` | Artifact target path
| `string` | `false` | `""` |
+| `runner_labels` | Runner that the main job should run on as JSON encoded list.
| `string` | `false` | ` ['ubuntu-latest'] ` |
+
+
+
+
+
+
+
+## Usage
+
+```yaml
+jobs:
+ job1:
+ uses: tx-pts-dai/github-workflows/.github/workflows/docker-build-push-ecr-advanced.yaml@v1
+ with:
+ environment:
+ # Environment to run the build in
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ aws_account_id:
+ # AWS Account ID
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ aws_region:
+ # AWS Region
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ aws_role_name:
+ # AWS Role Name
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ aws_oidc_role_arn:
+ # AWS OIDC IAM role to assume
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ image_tags:
+ # toJSON() string with full repo/image:tag list
+ #
+ # Type: string
+ # Required: true
+ # Default: ""
+
+ image_labels:
+ # toJSON() JSON string with image labels
+ #
+ # Type: string
+ # Required: false
+ # Default: {}
+
+ docker_build_args:
+ # array string with build args
+ #
+ # Type: string
+ # Required: false
+ # Default: []
+
+ docker_context:
+ # Path to the build context
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ dockerfile_path:
+ # Path to the Dockerfile. If not defined, will default to {docker_context}/Dockerfile
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ docker_push:
+ # Push Image to ECR
+ #
+ # Type: boolean
+ # Required: false
+ # Default: true
+
+ docker_target:
+ # Build target
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ artifact_name:
+ # Artifact name to be downloaded before building
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ artifact_path:
+ # Artifact target path
+ #
+ # Type: string
+ # Required: false
+ # Default: ""
+
+ runner_labels:
+ # Runner that the main job should run on as JSON encoded list.
+ #
+ # Type: string
+ # Required: false
+ # Default: ['ubuntu-latest']
+```
+
+
+# Example
+
+# FAQ
diff --git a/tests/docker/alpine/Dockerfile b/tests/docker/alpine/Dockerfile
new file mode 100644
index 00000000..d70dbe4b
--- /dev/null
+++ b/tests/docker/alpine/Dockerfile
@@ -0,0 +1,8 @@
+ARG GO_VERSION
+ARG ALPINE_VERSION
+# compile sam
+FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+
+WORKDIR /app
+RUN echo "Hello, world!"
+RUN echo "Using go version ${GO_VERSION} and alpine version ${ALPINE_VERSION}"
\ No newline at end of file