Sync #386
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI Earthly | |
on: push | |
# on: | |
# push: | |
# branches: [main] | |
# paths-ignore: | |
# - 'README.md' | |
# - '.github/**' | |
# - '.vscode' | |
# - '.gitignore' | |
# pull_request: | |
# # branches: [main] | |
# types: [opened,synchronize,reopened,labeled,unlabeled] | |
env: | |
IMAGE_NAME: foo-app | |
IMAGE_OWNER: ${{ github.repository_owner }} | |
# Registry for public images, default is docker.io | |
PUBLIC_REGISTRY: "" | |
# Give GitHub Actions access to AWS | |
AWS_ROLE_TO_ASSUME: arn:aws:iam::770916339360:role/foo-dev-ecr-github-action-role | |
AWS_REGION: ap-northeast-1 | |
FORCE_COLOR: 1 | |
jobs: | |
build-prod: | |
name: Build image and push | |
runs-on: ubuntu-latest | |
permissions: | |
# Interact with GitHub OIDC Token endpoint for AWS | |
id-token: write | |
contents: read | |
# Upload JUnit report files | |
# https://github.com/EnricoMi/publish-unit-test-result-action#permissions | |
checks: write | |
pull-requests: write | |
issues: read | |
steps: | |
- name: Cancel previous runs in progress | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ github.token }} | |
# https://github.com/marketplace/actions/setup-earthly | |
- uses: earthly/actions-setup@v1 | |
- name: Earthly version | |
run: earthly --version | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
# https://github.com/aws-actions/configure-aws-credentials | |
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Log in to Amazon ECR | |
id: ecr-login | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Set vars | |
run: echo "ECR_REGISTRY=${{ steps.ecr-login.outputs.registry }}" >> $GITHUB_ENV | |
# - name: Log in to ECR | |
# uses: docker/login-action@v2 | |
# with: | |
# registry: ${{ env.ECR_REGISTRY }} | |
# username: ${{ steps.ecr-login.outputs.username }} | |
# # username: AWS | |
# password: ${{ steps.ecr-login.outputs.password }} | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Check out source | |
uses: actions/checkout@v3 | |
- name: Set variables | |
id: vars | |
run: | | |
echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV | |
echo "run_id=${GITHUB_RUN_ID}" >> $GITHUB_OUTPUT | |
echo "run_num=${GITHUB_RUN_NUMBER}" >> $GITHUB_OUTPUT | |
- name: Put git branch back into git (Earthly uses it for tagging) | |
run: | | |
branch="" | |
if [ -n "$GITHUB_HEAD_REF" ]; then | |
branch="$GITHUB_HEAD_REF" | |
else | |
branch="${GITHUB_REF##*/}" | |
fi | |
git checkout -b "$branch" || true | |
echo "branch=${branch}" >> $GITHUB_OUTPUT | |
- name: Set up Docker buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
driver-opts: network=host | |
- name: Build with Earthly | |
env: | |
REGISTRY: "${{ env.ECR_REGISTRY }}/" | |
REGISTRY_NAME: ${{ env.ECR_REGISTRY }} | |
PUBLIC_REGISTRY: "" | |
# run: earthly --ci --push +build | |
# run: earthly -P -V +all | |
# run: earthly -P -V --build-arg REGISTRY --build-arg AWS_ACCESS_KEY_ID --build-arg AWS_SECRET_ACCESS_KEY --strict +deploy | |
run: earthly -P -V --build-arg REGISTRY --build-arg PUBLIC_REGISTRY --strict --push +all | |
# run: earthly -P -V --build-arg REGISTRY --strict +deploy | |
# run: earthly -P -V --build-arg REGISTRY --strict --push +all | |
# run: earthly -P -V --build-arg REGISTRY --remote-cache="${REGISTRY}/${IMAGE_NAME}:cache" --ci --push +all | |
# run: earthly -P -V +all-platforms | |
# run: earthly -P -V --platform=linux/arm64 +deploy | |
# run: earthly -P -V --platform=linux/arm64 +deploy-scan | |
- name: Publish unit test results to GitHub | |
uses: EnricoMi/publish-unit-test-result-action@v2 | |
# Run even if tests fail | |
if: always() | |
with: | |
# Volume mounted from local filesystem into build | |
junit_files: ./junit-reports/*.xml |