Push to ECR #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push to ECR | |
| on: | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: ap-southeast-1 | |
| jobs: | |
| check-commit: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ENVIRONMENT: ${{ steps.check_commit.outputs.ENVIRONMENT }} | |
| REPO_NAME: ${{ steps.check_commit.outputs.REPO_NAME }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Determine Environment & Check Commit Message | |
| id: check_commit | |
| run: | | |
| COMMIT_MESSAGE=$(git log -1 --pretty=%B) | |
| CURRENT_BRANCH=${GITHUB_REF#refs/heads/} | |
| # Set environment based on branch | |
| if [[ "$CURRENT_BRANCH" == "main" ]]; then | |
| echo "ENVIRONMENT=prod" >> "$GITHUB_ENV" | |
| echo "ENVIRONMENT=prod" >> "$GITHUB_OUTPUT" | |
| elif [[ "$CURRENT_BRANCH" == "stg" ]]; then | |
| echo "ENVIRONMENT=stg" >> "$GITHUB_ENV" | |
| echo "ENVIRONMENT=stg" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "::error::Workflow can only run on main or stg branches" | |
| exit 1 | |
| fi | |
| # Set repository name | |
| echo "REPO_NAME=${{ github.event.repository.name }}" >> "$GITHUB_ENV" | |
| echo "REPO_NAME=${{ github.event.repository.name }}" >> "$GITHUB_OUTPUT" | |
| build-and-push: | |
| needs: check-commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Create ECR Repository if it doesn't exist | |
| run: | | |
| REPOSITORY="${{ needs.check-commit.outputs.REPO_NAME }}" | |
| # Check if repository exists | |
| if ! aws ecr describe-repositories --repository-names "$REPOSITORY" >/dev/null 2>&1; then | |
| echo "Repository $REPOSITORY does not exist. Creating it..." | |
| aws ecr create-repository --repository-name "$REPOSITORY" --image-scanning-configuration scanOnPush=true | |
| echo "Repository $REPOSITORY created successfully." | |
| else | |
| echo "Repository $REPOSITORY already exists." | |
| fi | |
| - name: Download Environment Variables from S3 | |
| run: | | |
| aws s3 cp s3://quantum3labs/${{ needs.check-commit.outputs.REPO_NAME }}.${{ needs.check-commit.outputs.ENVIRONMENT }}.env .env | |
| echo "Successfully downloaded environment variables from S3" | |
| - name: Build, Tag, and Push Docker Image to Amazon ECR | |
| id: build-image | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: ${{ needs.check-commit.outputs.REPO_NAME }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG-${{ needs.check-commit.outputs.ENVIRONMENT }} . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG-${{ needs.check-commit.outputs.ENVIRONMENT }} | |
| docker tag $REGISTRY/$REPOSITORY:$IMAGE_TAG-${{ needs.check-commit.outputs.ENVIRONMENT }} $REGISTRY/$REPOSITORY:latest-${{ needs.check-commit.outputs.ENVIRONMENT }} | |
| docker push $REGISTRY/$REPOSITORY:latest-${{ needs.check-commit.outputs.ENVIRONMENT }} | |
| echo "Successfully pushed image: $REGISTRY/$REPOSITORY:$IMAGE_TAG" | |
| echo "Successfully pushed image: $REGISTRY/$REPOSITORY:latest-${{ needs.check-commit.outputs.ENVIRONMENT }}" | |
| # For security, remove the .env file | |
| rm -f .env |