.github/workflows/container_builds.yml

name: Deploy to ECR

on:
 
  push:
    branches:
      - container_builds-default
      - container_builds-dev
      - container_builds-prod

jobs:
  
  build:
    
    name: Build Image
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - python_version: p39
            arch: x86
            build_platform: linux/amd64
          - python_version: p310
            arch: x86
            build_platform: linux/amd64
          - python_version: p310
            arch: arm64
            build_platform: linux/arm64
          - python_version: p311
            arch: x86
            build_platform: linux/amd64
          - python_version: p311
            arch: arm64
            build_platform: linux/arm64
          - python_version: p312
            arch: x86
            build_platform: linux/amd64
          - python_version: p312
            arch: arm64
            build_platform: linux/arm64


    permissions:
      id-token: write
      contents: read


    steps:
      - name: echo Build
        run: |
          echo python_version: ${{ matrix.python_version }}
          echo arch: ${{ matrix.arch }}
          echo build_platform: ${{ matrix.build_platform }}

      - name: Check out code
        uses: actions/checkout@v2
      
      - name: Set AWS Environment variable based on branch
        run: |
          if [ ${{ github.ref }} == refs/heads/container_builds-default ]
          then
            echo AWS_ENV=Klayers-defaultp38 >> $GITHUB_ENV
          elif [ ${{ github.ref }} == refs/heads/container_builds-dev ]
          then
            echo AWS_ENV=Klayers-devp38 >> $GITHUB_ENV
          elif [ ${{ github.ref }} == refs/heads/container_builds-prod ]
          then
            echo AWS_ENV=Klayers-prodp38 >> $GITHUB_ENV            
          else
            exit 1
          fi
          
          APP_NAME=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r '.app_name')
          echo APP_NAME=$APP_NAME >> $GITHUB_ENV

        shell: bash

      - name: Get AWS configuration
        run: |
          GITHUB_ROLE_ARN=$(cat ./.github/workflows/role_arns.json | jq -r --arg arg $AWS_ENV '.github_role_arn | .[$arg]')
          AWS_REGION=$(cat ./pipeline/Terraform/terraform.tfvars.json | jq -r --arg arg $AWS_ENV '.aws_region | .[$arg]')
          
          echo AWS_ROLE_ARN=$GITHUB_ROLE_ARN >> $GITHUB_ENV
          echo AWS_DEFAULT_REGION=$AWS_REGION >> $GITHUB_ENV

        shell: bash

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-region: ${{ env.AWS_DEFAULT_REGION }}
          role-to-assume: ${{ env.AWS_ROLE_ARN }}
          role-duration-seconds: 900 # minimum of 900
          role-session-name: container-build-${{ env.AWS_ENV }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Set up repository variables
        run: |
          PARAM_PREFIX=build/${{ matrix.python_version }}/${{ matrix.arch }}
          REPO_PARAM=/kl/$AWS_ENV/$PARAM_PREFIX/repo
          REPO_URL=$(aws ssm get-parameter --name $REPO_PARAM | jq -r '.Parameter.Value')
          REPO_NAME=$(echo $REPO_URL | cut -d'/' -f2)
          BUILD_DIR=pipeline/container_images/build_images/${{ matrix.python_version }}_${{ matrix.arch }}

          echo REPO_NAME=$REPO_NAME >> $GITHUB_ENV
          echo REPO_URL=$REPO_URL >> $GITHUB_ENV
          echo PARAM_PREFIX=$PARAM_PREFIX >> $GITHUB_ENV
          echo BUILD_DIR=$BUILD_DIR >> $GITHUB_ENV
  
          cp ./pipeline/container_images/build_images/common/build.py ./$BUILD_DIR

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
        if: ${{ matrix.build_platform == 'linux/arm64' }}  # only need this for ARM64 builds
        
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: ${{ env.BUILD_DIR }}
          push: true
          tags: ${{ env.REPO_URL }}:latest
          platforms: ${{ matrix.build_platform }}
      
      - name: update SSM
        run: |
          DIGEST=$(aws ecr describe-images --repository-name $REPO_NAME --image-ids imageTag=latest | jq -r '.imageDetails[0].imageDigest')
          aws ssm put-parameter --name /kl/$AWS_ENV/$PARAM_PREFIX/digest --value $DIGEST --overwrite --type String | jq '.'