.github/workflows/push-container.yml

name: Push Container

on:
  workflow_call:
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_ACCOUNT_ID:
        required: true

env:
  AWS_REGISTRY_URI: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com
  AWS_REGION: us-east-1
  AWS_ROLE_TO_ASSUME: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/coderunner-pipeline-role

jobs:
  deploy-infrastructure:
    uses: ./.github/workflows/deploy-infrastructure.yml
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}

  push-image:
    runs-on: ubuntu-latest
    needs: [deploy-infrastructure]
    steps:
      - uses: actions/checkout@v4

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
          aws-region: ${{ env.AWS_REGION }}
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Login to Amazon ECR
        uses: aws-actions/amazon-ecr-login@v2
        with:
          mask-password: "false"

      - name: Set CONTAINER_TAG
        run: |
          CONTAINER_TAG=coderunner:${{ github.run_id }}
          echo "CONTAINER_TAG=$CONTAINER_TAG" >> "$GITHUB_ENV"

      - name: Set AWS_IMAGE_URI
        run: |
          AWS_IMAGE_URI="$AWS_REGISTRY_URI/$CONTAINER_TAG"
          echo "AWS_IMAGE_URI=$AWS_IMAGE_URI" >> "$GITHUB_ENV"

      - name: Push Image
        run: |
          cd container
          docker build --platform linux/amd64 -t $CONTAINER_TAG .
          docker tag $CONTAINER_TAG $AWS_IMAGE_URI
          docker push $AWS_IMAGE_URI