From e494fe69869d0de9d24f16f43b96f7ad356f2313 Mon Sep 17 00:00:00 2001 From: Cameron Dunn <88673576+cameron-dunn-sublime@users.noreply.github.com> Date: Thu, 23 Dec 2021 11:17:47 -0800 Subject: [PATCH] Updated version of check_images_x_region & Tags Fix (#10) * Use updated version of check_images_x_region And use tagged version of configure-aws-credentials * Remove tag from push --all-tags This used to work, but now gives an error. I guess it is funny to say "all-tags" and then specify a tag. --- .github/workflows/check_images_x_region.sh | 43 +++++++++++++++++++--- .github/workflows/release-images.yml | 2 +- .github/workflows/tag-latest.yml | 18 ++++----- 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/.github/workflows/check_images_x_region.sh b/.github/workflows/check_images_x_region.sh index 28b9f0fb..9f2641e8 100755 --- a/.github/workflows/check_images_x_region.sh +++ b/.github/workflows/check_images_x_region.sh @@ -4,6 +4,11 @@ set -e tag=$1 +timeout_seconds=120 + +# Use a variable because return 1 will exit the script with `set -e`, but we want to retry. +checkImageResult="false" + function checkImages() { repo=$1 primary_sha=$(aws ecr describe-images --region us-east-1 --repository-name $repo --image-ids imageTag=$tag | jq -r '.imageDetails[0].imageDigest') @@ -13,12 +18,40 @@ function checkImages() { if [[ "$sha" != "$primary_sha" ]]; then echo "Incomplete ECR propagation for repo $repo (tag $tag) in $region. Expected $primary_sha but found $sha." - exit 1 + return 0 fi + + echo "ECR propagation for repo $repo (tag $tag) in $region is complete. Found $sha" + done + + checkImageResult="true" + + return 0 +} + +function checkImagesWithTimeout() { + repo=$1 + + end=$((SECONDS+$timeout_seconds)) + + while [ $SECONDS -lt $end ]; do + checkImageResult="false" + checkImages $repo + + if [ "$checkImageResult" = "true" ]; then + return 0 + fi + echo "Replication has not finished for $repo, sleeping." + sleep 5 done + + echo "Replication did not finish for $repo after waiting $timeout_seconds" + + # Just exit instead of checking status codes below (although it doesn't matter with `set -e` + exit 1 } -checkImages strelka-frontend -checkImages strelka-backend -checkImages strelka-manager -checkImages strelka-mmrpc \ No newline at end of file +checkImagesWithTimeout strelka-frontend +checkImagesWithTimeout strelka-backend +checkImagesWithTimeout strelka-manager +checkImagesWithTimeout strelka-mmrpc \ No newline at end of file diff --git a/.github/workflows/release-images.yml b/.github/workflows/release-images.yml index e4b08f35..18627885 100644 --- a/.github/workflows/release-images.yml +++ b/.github/workflows/release-images.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321 # No released version with OIDC + uses: aws-actions/configure-aws-credentials@1.6 with: # Use a role instead of including credentials in secrets, but still hide that role name to be gated by GH environments. role-to-assume: ${{ secrets.ECR_REPO_ROLE }} diff --git a/.github/workflows/tag-latest.yml b/.github/workflows/tag-latest.yml index 8d7c5e44..81ed133a 100644 --- a/.github/workflows/tag-latest.yml +++ b/.github/workflows/tag-latest.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@v2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321 # No released version with OIDC + uses: aws-actions/configure-aws-credentials@1.6 with: # Use a role instead of including credentials in secrets, but still hide that role name to be gated by GH environments. role-to-assume: ${{ secrets.ECR_REPO_ROLE }} @@ -79,8 +79,8 @@ jobs: docker tag $ECR_REGISTRY/strelka-frontend:$VERSION $ECR_REGISTRY/strelka-frontend:$MINOR_VERSION docker tag $ECR_REGISTRY/strelka-frontend:$VERSION sublimesec/strelka-frontend:$MINOR_VERSION - docker push --all-tags $ECR_REGISTRY/strelka-frontend:latest - docker push --all-tags sublimesec/strelka-frontend:latest + docker push --all-tags $ECR_REGISTRY/strelka-frontend + docker push --all-tags sublimesec/strelka-frontend - name: Pull, Tag, Push BackEnd env: @@ -100,8 +100,8 @@ jobs: docker tag $ECR_REGISTRY/strelka-backend:$VERSION $ECR_REGISTRY/strelka-backend:$MINOR_VERSION docker tag $ECR_REGISTRY/strelka-backend:$VERSION sublimesec/strelka-backend:$MINOR_VERSION - docker push --all-tags $ECR_REGISTRY/strelka-backend:latest - docker push --all-tags sublimesec/strelka-backend:latest + docker push --all-tags $ECR_REGISTRY/strelka-backend + docker push --all-tags sublimesec/strelka-backend - name: Pull, Tag, Push Manager env: @@ -121,8 +121,8 @@ jobs: docker tag $ECR_REGISTRY/strelka-manager:$VERSION $ECR_REGISTRY/strelka-manager:$MINOR_VERSION docker tag $ECR_REGISTRY/strelka-manager:$VERSION sublimesec/strelka-manager:$MINOR_VERSION - docker push --all-tags $ECR_REGISTRY/strelka-manager:latest - docker push --all-tags sublimesec/strelka-manager:latest + docker push --all-tags $ECR_REGISTRY/strelka-manager + docker push --all-tags sublimesec/strelka-manager - name: Pull, Tag, Push MMRPC env: @@ -142,8 +142,8 @@ jobs: docker tag $ECR_REGISTRY/strelka-mmrpc:$VERSION $ECR_REGISTRY/strelka-mmrpc:$MINOR_VERSION docker tag $ECR_REGISTRY/strelka-mmrpc:$VERSION sublimesec/strelka-mmrpc:$MINOR_VERSION - docker push --all-tags $ECR_REGISTRY/strelka-mmrpc:latest - docker push --all-tags sublimesec/strelka-mmrpc:latest + docker push --all-tags $ECR_REGISTRY/strelka-mmrpc + docker push --all-tags sublimesec/strelka-mmrpc - name: Validate All X-Region Replication run: |