Build and push image #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push image | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| concurrency: | |
| group: build-and-push-image-${{ github.sha }} | |
| jobs: | |
| check-image-presence: | |
| name: Check if images already exist | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| outputs: | |
| build_needed: ${{ steps.check_image.outputs.BUILD_NEEDED }} | |
| steps: | |
| - name: Configure AWS Dev Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::393416225559:role/GithubDeployMavisAndInfrastructure | |
| aws-region: eu-west-2 | |
| - name: Check if dev image exists | |
| run: | | |
| if aws ecr describe-images --repository-name mavis/webapp --image-ids imageTag=${{ github.sha }} > /dev/null 2>&1; then | |
| echo "Dev image with given tag already exists" | |
| else | |
| echo "Dev image does not exist. Build needed" | |
| echo "BUILD_NEEDED=true" >> $GITHUB_ENV | |
| fi | |
| - name: Configure AWS Prod credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::820242920762:role/GithubDeployMavisAndInfrastructure | |
| aws-region: eu-west-2 | |
| - name: Check if prod image exists | |
| id: check_image | |
| run: | | |
| if [ -e $BUILD_NEEDED ] && aws ecr describe-images --repository-name mavis/webapp --image-ids imageTag=${{ github.sha }} > /dev/null 2>&1; then | |
| echo "Prod and dev images with given tag already exist. No build needed" | |
| else | |
| echo "At least one image does not exist. Build needed" | |
| echo "BUILD_NEEDED=true" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| needs: check-image-presence | |
| if: needs.check-image-presence.outputs.build_needed == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Build Docker image | |
| run: docker build -t "mavis:latest" . | |
| - name: Save Docker image | |
| run: docker save -o image.tar mavis:latest | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: image | |
| path: image.tar | |
| push: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| aws-role: | |
| - arn:aws:iam::820242920762:role/GithubDeployMavisAndInfrastructure | |
| - arn:aws:iam::393416225559:role/GithubDeployMavisAndInfrastructure | |
| steps: | |
| - name: Download Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: image | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ matrix.aws-role }} | |
| aws-region: eu-west-2 | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Load Docker image | |
| run: docker load -i image.tar | |
| - name: Tag Docker image | |
| run: docker tag mavis:latest "${{ steps.login-ecr.outputs.registry }}/mavis/webapp":"${{ github.sha }}" | |
| - name: Push Docker image | |
| run: docker push "${{ steps.login-ecr.outputs.registry }}/mavis/webapp":"${{ github.sha }}" |