Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.
Build, lint, push and sign vol-api Image

Build, lint, push and sign vol-api Image - CD #5

Sign in to view logs

Build, lint, push and sign vol-api Image - CD

Build, lint, push and sign vol-api Image - CD #5

Workflow file for this run

.github/workflows/vol-api-build-merge-main-cd.yml at fa7cc76
name: Build, lint, push and sign vol-api Image
run-name: Build, lint, push and sign vol-api Image - CD
on:
# pull_request:
push:
branches:
- AWSRESET1-313
jobs:
php-base-image-build:
runs-on: ubuntu-latest
env:
AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ vars.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
REPO_NAME: ${{vars.AWS_ECR_NP_VOLTOOLING_REPONAME}}
AWS_ACCOUNT_ID_SHAREDCOREECR: ${{vars.AWS_ACCOUNT_ID_SHAREDCOREECR}}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v3
- name: Get branch name
id: branch
run: echo "::set-output name=branch::$(git rev-parse --abbrev-ref HEAD)"
##create s3 bucket in vol-non-prod tooling and vol-prod tooling to get the composer
- name: Download the compose file
run: |
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"
- name: install composer dependency
run: |
composer install --optimize-autoloader --no-interaction --no-dev
- name: Build application
run: |
date > config/version
git describe --all >> config/version
tar cvzf backend.tar.gz --exclude=config/autoload/local.php --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor
- name: Lint check on dockerfile
run: docker run --rm --privileged -v `pwd`:/root/ projectatomic/dockerfile-lint dockerfile_lint -f dockerfile
continue-on-error: true #only for testing
# - uses: hadolint/[email protected]
# with:
# dockerfile: dockerfile
# failure-threshold: error
- name: Set IMAGE_TAG
run: |
IMAGE_SHA=$(git rev-parse --short HEAD)
echo "IMAGE_TAG=vol-api-7.4.33-alpine-fpm-$IMAGE_SHA" >> $GITHUB_ENV
- name: Setup Notation CLI
uses: notaryproject/notation-action/setup@v1
with:
version: "1.0.0"
# plugin_name: <notation_signing_plugin_name>
# plugin_url: <plugin_download_url >
- name: Set up Notation plugin
run: |
wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
sudo dpkg -i aws-signer-notation-cli_amd64.deb
notation version
notation plugin ls
- name: configure aws credentials on shared core ecr
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION }}
- name: Login to Shared Core ECR
id: login-ecr-sharedcoreecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build the Docker image
run: |
docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} -f dockerfile .
- name: configure aws credentials on Non Production account
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION}}
- name: Login to non prod vol tooling
id: login-ecr-vol-tooling-non-prod
uses: aws-actions/amazon-ecr-login@v2
- name: push the docker image
run: |
docker push $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG
#docker push 342926679414.dkr.ecr.eu-west-1.amazonaws.com/non-prod-vol-api:latest
- name: sign the base image
run: |
notation sign $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}"