Publish Image to ECR #9687
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Image to ECR | |
on: | |
workflow_dispatch: | |
inputs: | |
image_name: | |
description: 'The name of the docker image to be publish' | |
required: false | |
type: string | |
default: coordinator | |
existing_tag: | |
description: 'The existing tag of the docker image to publish' | |
required: true | |
type: string | |
ecr_repo: | |
description: 'The AWS ECR repo name to be published' | |
required: false | |
type: string | |
default: pl-coordinator-env | |
ecr_repo_type: | |
description: 'The type of ECR repository it is (private or public)' | |
required: true | |
type: choice | |
default: private | |
options: | |
- private | |
- public | |
new_tag: | |
description: 'The new tag of the docker image' | |
required: true | |
type: string | |
aws_region: | |
description: 'The AWS region where the ECR is defined' | |
required: false | |
type: string | |
default: us-west-2 | |
tracker_hash: | |
description: '[Internal usage] Used for tracking workflow job status within Meta infra' | |
required: false | |
type: string | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ inputs.image_name }} | |
IMAGE_TAG: ${{ inputs.existing_tag }} | |
# The line below is intended to make it easier for developers to understand the inputs that they are putting in for the ECR repo. | |
# Our public ECR registry has the prefix of t7b1w5a4 and this code prepends that to the actual name of the image repository | |
# if the developer puts in the repostiory type of "public". This allows the developer to just specify the image repository like | |
# onedocker-prod or pc-coordinator-prod | |
ECR_REPOSITORY: ${{ inputs.ecr_repo_type == 'private' && inputs.ecr_repo || format('t7b1w5a4/{0}', inputs.ecr_repo) }} | |
NEW_IMAGE_TAG: ${{ inputs.new_tag }} | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Print Tracker Hash | |
run: echo ${{ inputs.tracker_hash}} | |
- uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull image from rc registry | |
run: docker pull ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
- name: Set AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
aws-region: ${{ inputs.aws_region }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: ${{ inputs.ecr_repo_type }} | |
- name: Tag docker image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.NEW_IMAGE_TAG }} | |
docker tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
- name: Push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.NEW_IMAGE_TAG }} | |
docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} |