Skip to content

Build & publish ECS/Fargate worker image to ECR #193

Build & publish ECS/Fargate worker image to ECR

Build & publish ECS/Fargate worker image to ECR #193

name: Build & publish ECS/Fargate worker image to ECR
on:
workflow_dispatch:
workflow_call:
inputs:
COMMIT_SHA:
description: 'Branch ref to checkout. Needed for pull_request_target to be able to pull correct ref.'
type: string
required: true
USE_COMMIT_SHA_IN_VERSION:
description: 'Whether to use the commit sha in building the pkg version of the image.'
type: boolean
secrets:
ECR_WORKER_IMAGE_PUSH_ROLE_ARN:
description: 'ARN of the IAM role to assume to push the image to ECR.'
required: true
permissions:
id-token: write
contents: read
jobs:
build_docker_image:
runs-on: ubuntu-latest
env:
# Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch)
WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }}
strategy:
matrix:
platform: [ linux/amd64 , linux/arm64 ]
registry: [ public, private ]
include:
# sets platform_name to match AWS convention
- platform: linux/amd64
registry: public
platform_name: x86_64
- platform: linux/amd64
registry: private
platform_name: x86_64
- platform: linux/arm64
registry: public
platform_name: arm64
- platform: linux/arm64
registry: private
platform_name: arm64
steps:
- uses: actions/checkout@v3
with:
ref: ${{ env.WORKER_VERSION }}
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2
- name: Replace package version
if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }}
run: node .github/workflows/scripts/replace-package-versions.js
env:
COMMIT_SHA: ${{ env.WORKER_VERSION }}
REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces
- name: Get Artillery version
# we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches
# NOTE: can't check for refs/head/main because of pull_request_target used in some workflows
if: github.event.pull_request == null && github.event_name != 'workflow_dispatch'
run: |
echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV
- name: Show git ref
run: |
echo GITHUB REF ${{ github.ref }}
echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }}
echo GITHUB SHA ${{ github.sha }}
echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }}
- name: Configure AWS Credentials (Public ECR)
if: matrix.registry == 'public'
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-east-1
audience: sts.amazonaws.com
role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
role-session-name: OIDCSession
mask-aws-account-id: true
- name: Login to Amazon (Public ECR)
if: matrix.registry == 'public'
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build the Docker image (public)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }}
run: |
docker build . --platform ${{ matrix.platform }} --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
- name: Push Docker image (Public - Fargate)
if: matrix.registry == 'public'
env:
DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }}
run: |
docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }}
# - name: Configure AWS Credentials (Private ECR)
# if: matrix.registry == 'private'
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-region: eu-west-1
# audience: sts.amazonaws.com
# role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }}
# role-session-name: OIDCSession
# mask-aws-account-id: true
# - name: Login to Amazon (Private ECR)
# if: matrix.registry == 'private'
# id: login-ecr-private
# uses: aws-actions/amazon-ecr-login@v1
# - name: Build the Docker image (Private)
# env:
# DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }}
# run: |
# docker build . --platform ${{ matrix.platform }} --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.WORKER_VERSION }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile
# - name: Push Docker image (Private - Fargate)
# run: |
# docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.WORKER_VERSION }}