diff --git a/.github/scripts/release-ecr-tags.js b/.github/scripts/release-ecr-tags.js new file mode 100644 index 0000000000..cf10de6fde --- /dev/null +++ b/.github/scripts/release-ecr-tags.js @@ -0,0 +1,21 @@ +/** + * Release Tags + * + * Creating release tag based on each release version for AWS ECR Public + * + */ + +module.exports = ({ context }) => { + if (context.eventName === 'release') { + return getReleaseTag(context) + } + throw new Error('Release Violation: Could not determine the required release tags.') +} + +function getReleaseTag(context) { + const semver = context.payload.release.tag_name + if (semver.match(/^v[0-9]+\.[0-9]+\.[0-9]+$/) === null) { + throw new Error(`Release Violation: Provided version '${semver}' is not valid semver.`) + } + return semver.replace('v','') +} diff --git a/.github/scripts/release-tags.js b/.github/scripts/release-tags.js index ce33531bf7..72a05b58fc 100644 --- a/.github/scripts/release-tags.js +++ b/.github/scripts/release-tags.js @@ -1,6 +1,6 @@ /** * Release Tags - * + * * Extracts tags which we can attach to our docker build processes for * container versioning. Looking at the context we determine what the * tag needs to look like in the scenarios of 'release', 'staging', @@ -14,7 +14,7 @@ * step before a full release. The version is tagged with * 'main-${hash}' * - * 'dev' - relates to PRs which are submitted against the main + * 'dev' - relates to PRs which are submitted against the main * branch. The version is tagged with 'pr-${hash}'. * * This script is tied to actions/github-script jobs in our workflows. @@ -55,11 +55,11 @@ function getDomain(context) { } function getReleaseTag(domain, app, context) { - const semver = context.payload.release.tag_name.replace('v', '') - if (semver.match(/^[0-9]+\.[0-9]+\.[0-9]+$/) === false) { + const semver = context.payload.release.tag_name + if (semver.match(/^v[0-9]+\.[0-9]+\.[0-9]+$/) === null) { throw new Error(`Release Violation: Provided version '${semver}' is not valid semver.`) } - return `ghcr.io/${domain}/${app}:latest,ghcr.io/${domain}/${app}:${semver}` + return `ghcr.io/${domain}/${app}:latest,ghcr.io/${domain}/${app}:${semver.replace('v','')}` } function getMainTag(domain, app, { sha }) { diff --git a/.github/workflows/release-ecr.yml b/.github/workflows/release-ecr.yml new file mode 100644 index 0000000000..a6006c1579 --- /dev/null +++ b/.github/workflows/release-ecr.yml @@ -0,0 +1,53 @@ +name: Release Apps for ECR + +on: + release: + types: [ published ] + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} + cancel-in-progress: true + +env: + APPS: 'legacy-api,ocean-api,playground-api,status-api' + +jobs: + build: + if: github.actor != 'dependabot[bot]' + name: Publish + runs-on: ubuntu-latest + environment: ECR Release Publishing + strategy: + matrix: + app: [ legacy-api, ocean-api, playground-api, status-api ] + steps: + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + + - name: Set up QEMU + uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 + + - name: Login to Public ECR + uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 + with: + registry: public.ecr.aws + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + - name: Resolve ECR Tags + uses: actions/github-script@9ac08808f993958e9de277fe43a64532a609130e + id: ecr-tags + with: + script: return require('./.github/scripts/release-ecr-tags.js')({ context }) + result-encoding: string + + - name: Build, tag, and push image to Amazon ECR + env: + ECR_REGISTRY: public.ecr.aws/x0i4b0k2 + ECR_REPOSITORY: ${{ matrix.app }} + IMAGE_TAG: ${{ steps.ecr-tags.outputs.result }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG