added build images #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to ECR | |
on: | |
push: | |
branches: | |
- container_builds-default | |
- container_builds-dev | |
- container_builds-prod | |
jobs: | |
build: | |
name: Build Image | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- python_version: p39 | |
arch: x86 | |
build_platform: linux/amd64 | |
- python_version: p310 | |
arch: x86 | |
build_platform: linux/amd64 | |
- python_version: p310 | |
arch: arm64 | |
build_platform: linux/arm64 | |
- python_version: p311 | |
arch: x86 | |
build_platform: linux/amd64 | |
- python_version: p311 | |
arch: arm64 | |
build_platform: linux/arm64 | |
- python_version: p312 | |
arch: x86 | |
build_platform: linux/amd64 | |
- python_version: p312 | |
arch: arm64 | |
build_platform: linux/arm64 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: echo Build | |
run: | | |
echo python_version: ${{ matrix.python_version }} | |
echo arch: ${{ matrix.arch }} | |
echo build_platform: ${{ matrix.build_platform }} | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Set AWS Environment variable based on branch | |
run: | | |
if [ ${{ github.ref }} == refs/heads/container_builds-default ] | |
then | |
echo AWS_ENV=Klayers-defaultp38 >> $GITHUB_ENV | |
elif [ ${{ github.ref }} == refs/heads/container_builds-dev ] | |
then | |
echo AWS_ENV=Klayers-devp38 >> $GITHUB_ENV | |
elif [ ${{ github.ref }} == refs/heads/container_builds-prod ] | |
then | |
echo AWS_ENV=Klayers-prodp38 >> $GITHUB_ENV | |
else | |
exit 1 | |
fi | |
APP_NAME=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r '.app_name') | |
echo APP_NAME=$APP_NAME >> $GITHUB_ENV | |
shell: bash | |
- name: Get AWS configuration | |
run: | | |
GITHUB_ROLE_ARN=$(cat ./.github/workflows/role_arns.json | jq -r --arg arg $AWS_ENV '.github_role_arn | .[$arg]') | |
AWS_REGION=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r --arg arg $AWS_ENV '.aws_region | .[$arg]') | |
echo AWS_ROLE_ARN=$GITHUB_ROLE_ARN >> $GITHUB_ENV | |
echo AWS_DEFAULT_REGION=$AWS_REGION >> $GITHUB_ENV | |
shell: bash | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
role-duration-seconds: 900 # minimum of 900 | |
role-session-name: container-build-${{ env.AWS_ENV }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Set up repository variables | |
run: | | |
PARAM_PREFIX=build/${{ matrix.python_version }}/${{ matrix.arch }} | |
REPO_PARAM=/kl/$AWS_ENV/$PARAM_PREFIX/repo | |
REPO_URL=$(aws ssm get-parameter --name $REPO_PARAM | jq -r '.Parameter.Value') | |
REPO_NAME=$(echo $REPO_URL | cut -d'/' -f2) | |
BUILD_DIR=pipeline/container_images/build_images/${{ matrix.python_version }}_${{ matrix.arch }} | |
echo REPO_NAME=$REPO_NAME >> $GITHUB_ENV | |
echo REPO_URL=$REPO_URL >> $GITHUB_ENV | |
echo PARAM_PREFIX=$PARAM_PREFIX >> $GITHUB_ENV | |
echo BUILD_DIR=$BUILD_DIR >> $GITHUB_ENV | |
cp ./pipeline/container_images/build_images/common/build.py ./$BUILD_DIR | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
if: ${{ matrix.build_platform == 'linux/arm64' }} # only need this for ARM64 builds | |
- name: Build and push | |
uses: docker/build-push-action@v4 | |
with: | |
context: ${{ env.BUILD_DIR }} | |
push: true | |
tags: ${{ env.REPO_URL }}:latest | |
platforms: ${{ matrix.build_platform }} | |
- name: update SSM | |
run: | | |
DIGEST=$(aws ecr describe-images --repository-name $REPO_NAME --image-ids imageTag=latest | jq -r '.imageDetails[0].imageDigest') | |
aws ssm put-parameter --name /kl/$AWS_ENV/$PARAM_PREFIX/digest --value $DIGEST --overwrite --type String | jq '.' |