From d9c5fd959270d9d0e9520723c4e90b1277dd87bb Mon Sep 17 00:00:00 2001 From: MDavidson Date: Wed, 22 Mar 2023 14:59:38 +1300 Subject: [PATCH 1/8] feat: deploy container.yml versions to ecr d --- .github/workflows/containers.yml | 33 +++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index fde14249..df3c9dce 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,7 +17,7 @@ jobs: run: | docker build . --tag topo-imagery --label "github_run_id=${GITHUB_RUN_ID}" - - name: Log in to registry + - name: Log in to Registry if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin @@ -29,3 +29,34 @@ jobs: docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION} docker push --all-tags ghcr.io/linz/topo-imagery + + - name: Configure AWS Credentials + if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: ap-southeast-2 + mask-aws-account-id: true + role-to-assume: ${{ secrets.AWS_CI_ROLE }} + + - name: Login to Amazon ECR + if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push docker image to Amazon ECR + if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} + env: + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + REPOSITORY: eks + IMAGE_TAG: ${{ github.sha }} + run: | + # Q: do we need to reset this or will it be remembered from above? + GIT_VERSION=$(git describe --tags --always --match 'v*') + docker pull ghcr.io/linz/topo-imagery:${GIT_VERSION} + + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery + # Q: do we want to push all containers? What is the cost and should we set up a mechanism to delete older versions? + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} From 2cb0e58d488b9112eeeef574d4ec93b5f15d6233 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Wed, 22 Mar 2023 15:23:06 +1300 Subject: [PATCH 2/8] feat: deploy release-please.yml versions to ecr --- .github/workflows/release-please.yml | 34 ++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 7c96b963..dea1fd6f 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -46,3 +46,37 @@ jobs: docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION} docker push --all-tags ghcr.io/linz/topo-imagery + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: ap-southeast-2 + mask-aws-account-id: true + role-to-assume: ${{ secrets.AWS_CI_ROLE }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push docker image to Amazon ECR + env: + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + REPOSITORY: eks + IMAGE_TAG: ${{ github.sha }} + run: | + # Q: do we need to reset this or will it be remembered from above? + GIT_VERSION=$(git describe --tags --always --match 'v*') + GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1) + GIT_VERSION_MAJOR_MINOR=$(echo $GIT_VERSION | cut -d. -f1,2) + + docker pull ghcr.io/linz/topo-imagery:${GIT_VERSION} + + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR} + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR_MINOR} + docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR} + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR_MINOR} + docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} From 477705c4311a88366036489fde1d4018ee417dec Mon Sep 17 00:00:00 2001 From: MDavidson Date: Thu, 23 Mar 2023 11:16:04 +1300 Subject: [PATCH 3/8] chore: remove comments --- .github/workflows/containers.yml | 2 -- .github/workflows/release-please.yml | 1 - 2 files changed, 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index df3c9dce..dbcbeb38 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -50,7 +50,6 @@ jobs: REPOSITORY: eks IMAGE_TAG: ${{ github.sha }} run: | - # Q: do we need to reset this or will it be remembered from above? GIT_VERSION=$(git describe --tags --always --match 'v*') docker pull ghcr.io/linz/topo-imagery:${GIT_VERSION} @@ -58,5 +57,4 @@ jobs: docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery - # Q: do we want to push all containers? What is the cost and should we set up a mechanism to delete older versions? docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index dea1fd6f..b318a5e6 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -64,7 +64,6 @@ jobs: REPOSITORY: eks IMAGE_TAG: ${{ github.sha }} run: | - # Q: do we need to reset this or will it be remembered from above? GIT_VERSION=$(git describe --tags --always --match 'v*') GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1) GIT_VERSION_MAJOR_MINOR=$(echo $GIT_VERSION | cut -d. -f1,2) From 2ebdf0c90f0f64d3fd66d9a1e956fb1168553bb7 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Fri, 24 Mar 2023 11:19:50 +1300 Subject: [PATCH 4/8] fix: better name for step --- .github/workflows/containers.yml | 2 +- .github/workflows/release-please.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index dbcbeb38..3c92e025 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -43,7 +43,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Build, tag, and push docker image to Amazon ECR + - name: Tag and push docker image to Amazon ECR if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index b318a5e6..83faeef2 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -58,7 +58,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Build, tag, and push docker image to Amazon ECR + - name: Tag and push docker image to Amazon ECR env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} REPOSITORY: eks From 6e0cfebdf535389620626edb331da8b7506a0285 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Fri, 24 Mar 2023 11:58:35 +1300 Subject: [PATCH 5/8] fix: push all tags rather than each one separately --- .github/workflows/containers.yml | 3 +-- .github/workflows/release-please.yml | 5 +---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 3c92e025..b4f9d300 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -56,5 +56,4 @@ jobs: docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 83faeef2..36501e96 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -75,7 +75,4 @@ jobs: docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR_MINOR} docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR} - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR_MINOR} - docker push ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks From d1d2a3afce344a523eb24c2b0f6c6c05468c1109 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Fri, 24 Mar 2023 12:40:48 +1300 Subject: [PATCH 6/8] feat: reuse git_version variables using github_env --- .github/workflows/containers.yml | 9 +++++---- .github/workflows/release-please.yml | 16 ++++++++-------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index b4f9d300..125fab4e 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -25,6 +25,8 @@ jobs: if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} run: | GIT_VERSION=$(git describe --tags --always --match 'v*') + echo "GIT_VERSION=$GIT_VERSION" >> $GITHUB_ENV + docker tag topo-imagery ghcr.io/linz/topo-imagery:latest docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION} @@ -50,10 +52,9 @@ jobs: REPOSITORY: eks IMAGE_TAG: ${{ github.sha }} run: | - GIT_VERSION=$(git describe --tags --always --match 'v*') - docker pull ghcr.io/linz/topo-imagery:${GIT_VERSION} + docker pull ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION }} docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 36501e96..4e946762 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -39,6 +39,9 @@ jobs: GIT_VERSION=$(git describe --tags --always --match 'v*') GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1) GIT_VERSION_MAJOR_MINOR=$(echo $GIT_VERSION | cut -d. -f1,2) + echo "GIT_VERSION=$GIT_VERSION" >> $GITHUB_ENV + echo "GIT_VERSION_MAJOR=$GIT_VERSION_MAJOR" >> $GITHUB_ENV + echo "GIT_VERSION_MAJOR_MINOR=$GIT_VERSION_MAJOR_MINOR" >> $GITHUB_ENV docker tag topo-imagery ghcr.io/linz/topo-imagery:latest docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION_MAJOR} @@ -64,15 +67,12 @@ jobs: REPOSITORY: eks IMAGE_TAG: ${{ github.sha }} run: | - GIT_VERSION=$(git describe --tags --always --match 'v*') - GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1) - GIT_VERSION_MAJOR_MINOR=$(echo $GIT_VERSION | cut -d. -f1,2) - docker pull ghcr.io/linz/topo-imagery:${GIT_VERSION} + docker pull ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR} - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION_MAJOR_MINOR} - docker tag ghcr.io/linz/topo-imagery:${GIT_VERSION} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${GIT_VERSION} + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION_MAJOR }} + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION_MAJOR_MINOR }} + docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION }} docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks From 4340aa96026babc741bab495431029d285f2e2e0 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Fri, 24 Mar 2023 14:17:02 +1300 Subject: [PATCH 7/8] fix: improve names of steps --- .github/workflows/containers.yml | 4 ++-- .github/workflows/release-please.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 125fab4e..04a6a4ce 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,7 +21,7 @@ jobs: if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - name: Publish Containers + - name: Publish Containers to GHCR if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} run: | GIT_VERSION=$(git describe --tags --always --match 'v*') @@ -45,7 +45,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Tag and push docker image to Amazon ECR + - name: Publish Containers to ECR if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}} env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 4e946762..94f32199 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -34,7 +34,7 @@ jobs: - name: Log in to registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - name: Publish Containers + - name: Publish Containers to GHCR run: | GIT_VERSION=$(git describe --tags --always --match 'v*') GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1) @@ -61,7 +61,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Tag and push docker image to Amazon ECR + - name: Publish Containers to ECR env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} REPOSITORY: eks From 3e8137371a79cb7be79d52d179e1694e7023dfc0 Mon Sep 17 00:00:00 2001 From: MDavidson Date: Fri, 24 Mar 2023 15:21:50 +1300 Subject: [PATCH 8/8] feat: update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 513d6221..8fb72e53 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ docker run -v ${HOME}/.aws/credentials:/root/.aws/credentials:ro -e AWS_PROFILE ## Container package -Publishing a container to the GitHub Package registry (`ghcr`) is handled automatically by GitHub Actions in this repo. +GitHub Actions automatically handles publishing a container to the GitHub Package Registry (`ghcr`) and AWS Elastic Container Registry (ECR). A new container is published everytime a change is [merged to the `master` branch](https://github.com/linz/topo-imagery/blob/master/.github/workflows/containers.yml). This container will be tagged with the following: