Skip to content

Commit

Permalink
Merge pull request #153 from JupiterOne/SRE-1276_promote_docker_image…
Browse files Browse the repository at this point in the history
…_action

SRE-1276 Promote docker images composite action
  • Loading branch information
tyanko1 authored Dec 4, 2023
2 parents e330223 + c7215fd commit f68c31f
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 0 deletions.
35 changes: 35 additions & 0 deletions .github/actions/promote_docker_image/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Promote Docker Image

This [composite action](./action.yml) is responsible copying docker images from one ECR registry to another (typically from jupiterone-infra to the destination environment where the app is run).

## Inputs

This action takes the following inputs:

| Name | Type | Default | Required | Description |
| --------------------------- | ------- | ---------------------------- | --------- | --------------------------------------------------------- |
| `project_name` | String | | True | The project name
| `codeowner` | String | | True | The designated project codeowners (CODEOWNERS file)
| `image_name` | String | | True | The name of the image to copy
| `source_account_id` | String | | False | The AWS account id of the source ECR registry
| `source_region` | String | | False | The AWS region of the source ECR registry
| `target_account_id` | String | | True | The AWS account id of the target ECR registry
| `target_region` | String | | True | The AWS region of the target ECR registry
| `target_environment` | String | | True | The target Jupiterone environment to deploy to

## Outputs

No outputs provided.

## Example Usage

```yaml
- name: promote_docker_image
uses: jupiterone/.github/.github/actions/promote_docker_image@main
if: always()
with:
image-name: builder-node18-test
image-tags: 4-arm64, 4.7.1-arm64, 4.7-arm64
destination-account-id: 564077667165
destination-region: us-east-1
```
65 changes: 65 additions & 0 deletions .github/actions/promote_docker_image/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: Promotes built Docker images to target environment registries for consumption

inputs:
project_name:
required: true
codeowner:
required: true
image_name:
required: true
image_tags:
required: true
description: A comma separated list of image tags to promote.
source_account_id:
required: false
default: "081157560428"
source_region:
required: false
default: us-east-1
target_account_id:
required: true
target_region:
required: true
target_environment:
required: true
default: dev

runs:
using: "composite"
steps:
- name: configure_source_account_aws_credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::${{ inputs.source_account_id }}:role/github-main-role
role-session-name: main-role-session-${{ inputs.image_name }}
aws-region: us-east-1
- name: ecr_login
uses: aws-actions/amazon-ecr-login@v2
- name: pull_source_images
shell: bash
run: |
docker pull 081157560428.dkr.ecr.us-east-1.amazonaws.com/terraform-deploy-slim:lts-0
for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do
docker pull ${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag
done
- name: bootstrap_target_ecr_registry
uses: jupiterone/.github/.github/actions/create_ecr_repo@v3
with:
codeowner: ${{ inputs.codeowner }}
image_names: ${{ inputs.image_name }}
project_name: ${{ inputs.project_name }}
target_environment: ${{ inputs.target_environment }}
- name: configure_target_account_aws_credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::${{ inputs.target_account_id }}:role/github-main-role
role-session-name: main-role-session-${{ inputs.image_name }}
aws-region: us-east-1
- name: copy_to_target_registry
shell: bash
run: |
for tag in $(echo ${{ inputs.image_tags }} | sed "s/,/ /g"); do
docker buildx imagetools create \
--tag ${{ inputs.target_account_id }}.dkr.ecr.${{ inputs.target_region }}.amazonaws.com/${{ inputs.image_name }}:$tag \
${{ inputs.source_account_id }}.dkr.ecr.${{ inputs.source_region }}.amazonaws.com/${{ inputs.image_name }}:$tag
done

0 comments on commit f68c31f

Please sign in to comment.