-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #153 from JupiterOne/SRE-1276_promote_docker_image…
…_action SRE-1276 Promote docker images composite action
- Loading branch information
Showing
2 changed files
with
100 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Promote Docker Image | ||
|
||
This [composite action](./action.yml) is responsible copying docker images from one ECR registry to another (typically from jupiterone-infra to the destination environment where the app is run). | ||
|
||
## Inputs | ||
|
||
This action takes the following inputs: | ||
|
||
| Name | Type | Default | Required | Description | | ||
| --------------------------- | ------- | ---------------------------- | --------- | --------------------------------------------------------- | | ||
| `project_name` | String | | True | The project name | ||
| `codeowner` | String | | True | The designated project codeowners (CODEOWNERS file) | ||
| `image_name` | String | | True | The name of the image to copy | ||
| `source_account_id` | String | | False | The AWS account id of the source ECR registry | ||
| `source_region` | String | | False | The AWS region of the source ECR registry | ||
| `target_account_id` | String | | True | The AWS account id of the target ECR registry | ||
| `target_region` | String | | True | The AWS region of the target ECR registry | ||
| `target_environment` | String | | True | The target Jupiterone environment to deploy to | ||
|
||
## Outputs | ||
|
||
No outputs provided. | ||
|
||
## Example Usage | ||
|
||
```yaml | ||
- name: promote_docker_image | ||
uses: jupiterone/.github/.github/actions/promote_docker_image@main | ||
if: always() | ||
with: | ||
image-name: builder-node18-test | ||
image-tags: 4-arm64, 4.7.1-arm64, 4.7-arm64 | ||
destination-account-id: 564077667165 | ||
destination-region: us-east-1 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
name: Promotes built Docker images to target environment registries for consumption | ||
|
||
inputs: | ||
project_name: | ||
required: true | ||
codeowner: | ||
required: true | ||
image_name: | ||
required: true | ||
image_tags: | ||
required: true | ||
description: A comma separated list of image tags to promote. | ||
source_account_id: | ||
required: false | ||
default: "081157560428" | ||
source_region: | ||
required: false | ||
default: us-east-1 | ||
target_account_id: | ||
required: true | ||
target_region: | ||
required: true | ||
target_environment: | ||
required: true | ||
default: dev | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: configure_source_account_aws_credentials | ||
uses: aws-actions/configure-aws-credentials@v3 | ||
with: | ||
role-to-assume: arn:aws:iam::${{ inputs.source_account_id }}:role/github-main-role | ||
role-session-name: main-role-session-${{ inputs.image_name }} | ||
aws-region: us-east-1 | ||
- name: ecr_login | ||
uses: aws-actions/amazon-ecr-login@v2 | ||
- name: pull_source_images | ||
shell: bash | ||
run: | | ||
docker pull 081157560428.dkr.ecr.us-east-1.amazonaws.com/terraform-deploy-slim:lts-0 | ||
for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do | ||
docker pull ${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag | ||
done | ||
- name: bootstrap_target_ecr_registry | ||
uses: jupiterone/.github/.github/actions/create_ecr_repo@v3 | ||
with: | ||
codeowner: ${{ inputs.codeowner }} | ||
image_names: ${{ inputs.image_name }} | ||
project_name: ${{ inputs.project_name }} | ||
target_environment: ${{ inputs.target_environment }} | ||
- name: configure_target_account_aws_credentials | ||
uses: aws-actions/configure-aws-credentials@v3 | ||
with: | ||
role-to-assume: arn:aws:iam::${{ inputs.target_account_id }}:role/github-main-role | ||
role-session-name: main-role-session-${{ inputs.image_name }} | ||
aws-region: us-east-1 | ||
- name: copy_to_target_registry | ||
shell: bash | ||
run: | | ||
for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do | ||
docker buildx imagetools create \ | ||
--tag ${{ inputs.target_account_id }}.dkr.ecr.${{ inputs.target_region }}.amazonaws.com/${{ inputs.image_name }}:$tag \ | ||
${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag | ||
done |