Skip to content

Build & publish ECS/Fargate worker image to ECR #211

Build & publish ECS/Fargate worker image to ECR

Build & publish ECS/Fargate worker image to ECR #211

name: Build & publish ECS/Fargate worker image to ECR
on:
workflow_dispatch:
inputs:
SHOULD_BUILD_ARM64:
description: 'Whether to build the ARM64 image.'
type: boolean
default: false
workflow_call:
inputs:
COMMIT_SHA:
description: 'Branch ref to checkout. Needed for pull_request_target to be able to pull correct ref.'
type: string
required: true
USE_COMMIT_SHA_IN_VERSION:
description: 'Whether to use the commit sha in building the pkg version of the image.'
type: boolean
SHOULD_BUILD_ARM64:
description: 'Whether to build the ARM64 image.'
type: boolean
default: false
secrets:
ECR_WORKER_IMAGE_PUSH_ROLE_ARN:
description: 'ARN of the IAM role to assume to push the image to ECR.'
required: true
permissions:
id-token: write
contents: read
jobs:
build_docker_image_amd64:
runs-on: ubuntu-latest
env:
# Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch)
WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }}
strategy:
matrix:
registry: [ public, private ]
steps:
- uses: actions/checkout@v3
with:
ref: ${{ env.WORKER_VERSION }}
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Replace package version
if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }}
run: node .github/workflows/scripts/replace-package-versions.js
env:
COMMIT_SHA: ${{ env.WORKER_VERSION }}
REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces
- name: Get Artillery version
# we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches
# NOTE: can't check for refs/head/main because of pull_request_target used in some workflows
if: github.event.pull_request == null && github.event_name != 'workflow_dispatch'
run: |
echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV
- name: Show git ref
run: |
echo GITHUB REF ${{ github.ref }}
echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }}
echo GITHUB SHA ${{ github.sha }}
echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }}
- name: Configure AWS Credentials (Public ECR)
if: matrix.registry == 'public'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-east-1
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
role-session-name: OIDCSession
mask-aws-account-id: true
- name: Login to Amazon (Public ECR)
if: matrix.registry == 'public'
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build the Docker image (Public ECR)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
run: |
docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
- name: Push Docker image (Public ECR)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
run: |
docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }}
- name: Configure AWS Credentials (Private ECR)
if: matrix.registry == 'private'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: eu-west-1
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
role-session-name: OIDCSession
mask-aws-account-id: true
- name: Login to Amazon (Private ECR)
if: matrix.registry == 'private'
id: login-ecr-private
uses: aws-actions/amazon-ecr-login@v1
- name: Build the Docker image (Private ECR)
if: matrix.registry == 'private'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
run: |
docker build . --platform linux/amd64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
- name: Push Docker image (Private ECR)
if: matrix.registry == 'private'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-x86_64
run: |
docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }}
build_docker_image_arm64:
runs-on: ubuntu-latest
if: ${{ inputs.SHOULD_BUILD_ARM64 }}
env:
# Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch)
WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }}
strategy:
matrix:
registry: [ public, private ]
steps:
- uses: actions/checkout@v3
with:
ref: ${{ env.WORKER_VERSION }}
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Replace package version
if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }}
run: node .github/workflows/scripts/replace-package-versions.js
env:
COMMIT_SHA: ${{ env.WORKER_VERSION }}
REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces
- name: Get Artillery version
# we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches
# NOTE: can't check for refs/head/main because of pull_request_target used in some workflows
if: github.event.pull_request == null && github.event_name != 'workflow_dispatch'
run: |
echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV
- name: Show git ref
run: |
echo GITHUB REF ${{ github.ref }}
echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }}
echo GITHUB SHA ${{ github.sha }}
echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }}
- name: Configure AWS Credentials (Public ECR)
if: matrix.registry == 'public'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-east-1
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
role-session-name: OIDCSession
mask-aws-account-id: true
- name: Login to Amazon (Public ECR)
if: matrix.registry == 'public'
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build the Docker image (Public ECR)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
run: |
docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
- name: Push Docker image (Public ECR)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
run: |
docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }}
- name: Configure AWS Credentials (Private ECR)
if: matrix.registry == 'private'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: eu-west-1
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
role-session-name: OIDCSession
mask-aws-account-id: true
- name: Login to Amazon (Private ECR)
if: matrix.registry == 'private'
id: login-ecr-private
uses: aws-actions/amazon-ecr-login@v1
- name: Build the Docker image (Private ECR)
if: matrix.registry == 'private'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
run: |
docker build . --platform linux/arm64 --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
- name: Push Docker image (Private ECR)
if: matrix.registry == 'private'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-arm64
run: |
docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }}