This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push image | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| tag: | ||
| description: 'Tag name' | ||
| required: true | ||
| type: string | ||
| dockerfile: | ||
| description: 'Path to the Dockerfile' | ||
| required: false | ||
| type: string | ||
| default: './Dockerfile' | ||
| build_args: | ||
| description: 'Docker build arguments' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| artifacts_download: | ||
| description: 'Should download artifacts?' | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| artifacts_download_name: | ||
| description: 'Artifacts name to download' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| artifacts_download_path: | ||
| description: 'Artifacts path to download' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| skip_build: | ||
| description: 'List of platforms to skip build' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| tag_check_regex: | ||
| description: 'Regex to check tag' | ||
| required: false | ||
| type: string | ||
| default: '^([0-9]+)\.([0-9]+)\.([0-9]+)(-([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?(\\+([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?$' | ||
| extract_semver_from_tag: | ||
| description: 'Extract semver from tag' | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| tag_extract_regex: | ||
| description: 'Regex to extract semver from tag' | ||
| required: false | ||
| type: string | ||
| default: '([^@]+)$' | ||
| cdn_artifacts: | ||
| description: 'CDN' | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| cdn_artifacts_docker_path: | ||
| description: 'CDN assets path' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| cdn_docker_args: | ||
| description: 'Docker arguments for CDN' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| cdn_artifacts_s3_path: | ||
| description: 'CDN assets S3 path' | ||
| required: false | ||
| type: string | ||
| default: 'release-assets' | ||
| image_suffix: | ||
| description: 'Image suffix' | ||
| required: false | ||
| type: string | ||
| default: '' | ||
| jobs: | ||
| # Check tag setisfiy semantic versioning | ||
| tag_check: | ||
| uses: databox/.github/.github/workflows/tag-check.yml@master | ||
| secrets: inherit | ||
| with: | ||
| tag: ${{ inputs.tag }} | ||
| tag_check_regex: ${{ inputs.tag_check_regex }} | ||
| extract_semver_from_tag: ${{ inputs.extract_semver_from_tag }} | ||
| tag_extract_regex: ${{ inputs.tag_extract_regex }} | ||
| # Build image for each platform | ||
| build: | ||
| name: Build ${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }} | ||
| runs-on: ubnutu-22-04-${{ matrix.platform }}-1-core-4-ram | ||
| needs: | ||
| - tag_check | ||
| if: needs.tag_check.outputs.match == 'true' | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| platform: | ||
| - amd64 | ||
| - arm64 | ||
| env: | ||
| ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com | ||
| IMAGE: '' | ||
| IMAGE_TAG: '' | ||
| steps: | ||
| - name: Determine if build should be skipped | ||
| id: skip-build | ||
| run: | | ||
| if [[ "${{ inputs.skip_build }}" == *"${{ matrix.platform }}"* ]]; then | ||
| echo "skip=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "skip=false" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Build version ${{ needs.tag_check.outputs.semver }} for platform ${{ matrix.platform }} | ||
| run: echo "skip=${{ steps.skip-build.outputs.skip }}; dont skip=${{ !fromJson(steps.skip-build.outputs.skip) }}" | ||
| - name: Checkout repository | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| uses: actions/checkout@v4 | ||
| - name: Prepare ECR Repository variables | ||
| id: ecr | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| run: | | ||
| echo "IMAGE=$(echo ${{ github.repository }} | awk '{print tolower($0)}' | sed 's|[^/]*/||; s/_/-/g')${{ inputs.image_suffix }}" >> $GITHUB_ENV | ||
| echo "IMAGE_TAG=${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }}" >> $GITHUB_ENV | ||
| - name: Configure AWS Credentials | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - name: Login to Amazon ECR | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| - name: Set up docker buildx | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Generate docker build args | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| id: docker-build-args | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| debug: true | ||
| github-token: "${{ secrets.GITHUB_TOKEN }}" | ||
| result-encoding: string | ||
| script: | | ||
| const defaultArgsString = ` | ||
| PACKAGES_READ_TOKEN=${{ secrets.PACKAGES_READ_TOKEN }} | ||
| PACKAGES_READ_USER=${{ secrets.PACKAGES_READ_USER }} | ||
| RSA_PYTHON_MQ_LIB=${{ secrets.RSA_PYTHON_MQ_LIB }} | ||
| BUILD_VERSION=${{ needs.tag_check.outputs.semver }}`; | ||
| const argsString = `${{ inputs.build_args }}` + defaultArgsString; | ||
| /* | ||
| if (!argsString) { | ||
| return ' '; | ||
| } | ||
| */ | ||
| const args = argsString.split('\n').filter(arg => arg.trim() !== ''); | ||
| const result = args.map(arg => `--build-arg ${arg.replace(':', '=')}`).join(' '); | ||
| return result; | ||
| - name: Download artifacts | ||
| if: ${{ inputs.artifacts_download }} && ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ inputs.artifacts_download_name }} | ||
| path: ${{ inputs.artifacts_download_path }} | ||
| merge-multiple: true | ||
| - name: Docker build and push ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| run: | | ||
| docker buildx create --name DLC_builder --use | ||
| docker buildx build ${{ steps.docker-build-args.outputs.result }} -f ${{ inputs.dockerfile }} \ | ||
| -t ${{ env.ECR_REGISTRY }}/${{ env.IMAGE }}:${{ env.IMAGE_TAG }} --progress plain --push --provenance false . | ||
| - name: Save ${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }} tag | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| run: | | ||
| mkdir -p ${{ runner.temp }}/${{ needs.tag_check.outputs.semver }} | ||
| touch ${{ runner.temp }}/${{ needs.tag_check.outputs.semver }}/${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }} | ||
| - name: Upload ${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }} tag to GitHub Actions Artifacts | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ needs.tag_check.outputs.semver }}-${{ matrix.platform }} | ||
| path: ${{ runner.temp }}/${{ needs.tag_check.outputs.semver }} | ||
| retention-days: 1 | ||
| - run: | | ||
| echo "${{ !fromJson(steps.skip-build.outputs.skip) }}" | ||
| echo "${{ inputs.cdn_artifacts }}" | ||
| - name: Extract CDN artifacts from image | ||
| if: !fromJson(steps.skip-build.outputs.skip) && inputs.cdn_artifacts == true | ||
| run: | | ||
| mkdir -p ./${{ matrix.platform }} | ||
| docker run --rm -it -d --name temp_container ${{ inputs.cdn_docker_args }} \ | ||
| ${{ env.ECR_REGISTRY }}/${{ env.IMAGE }}:${{ env.IMAGE_TAG }} | ||
| docker cp temp_container:${{ inputs.cdn_artifacts_docker_path }} ./${{ matrix.platform }} | ||
| - name: Upload CDN artifacts to S3 | ||
| if: ${{ !fromJson(steps.skip-build.outputs.skip) }} && ${{ inputs.cdn_artifacts }} | ||
| uses: jakejarvis/s3-sync-action@master | ||
| with: | ||
| args: --follow-symlinks | ||
| env: | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_CDN }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_CDN }} | ||
| AWS_S3_BUCKET: ${{ secrets.RELEASE_ARTIFACTS_S3 }} | ||
| AWS_REGION: ${{ secrets.AWS_REGION_CDN }} | ||
| SOURCE_DIR: ./${{ matrix.platform }} | ||
| DEST_DIR: '${{ inputs.cdn_artifacts_s3_path }}/${{ needs.tag_check.outputs.semver }}/${{ matrix.platform }}' | ||
| outputs: | ||
| image: ${{ env.IMAGE }} | ||
| # Get built tags | ||
| build_tags: | ||
| name: Get built tags | ||
| runs-on: ubnutu-22-04-arm64-1-core-4-ram | ||
| needs: | ||
| - tag_check | ||
| - build | ||
| outputs: | ||
| tags: ${{ steps.read.outputs.files }} | ||
| steps: | ||
| - name: Download release tag from GitHub Actions Artifacts | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| path: ${{ runner.temp }}/${{ needs.tag_check.outputs.semver }} | ||
| pattern: ${{ needs.tag_check.outputs.semver }}-* | ||
| merge-multiple: true | ||
| - name: Read tags | ||
| id: read | ||
| run: | | ||
| DIRECTORY_PATH=${{ runner.temp }}/${{ needs.tag_check.outputs.semver }} | ||
| FILES=$(ls $DIRECTORY_PATH | tr '\n' ' ') | ||
| echo "files=$FILES" >> $GITHUB_OUTPUT | ||
| # Build and push manifest | ||
| manifest: | ||
| uses: databox/.github/.github/workflows/manifest.yml@cdn-support | ||
| secrets: inherit | ||
| needs: | ||
| - tag_check | ||
| - build | ||
| - build_tags | ||
| if: needs.tag_check.outputs.match == 'true' | ||
| with: | ||
| image: ${{ needs.build.outputs.image }} | ||
| tag: ${{ needs.tag_check.outputs.semver }} | ||
| additional_tags: ${{ needs.build_tags.outputs.tags }} | ||
