Build & publish ECS/Fargate worker image to ECR #196
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & publish ECS/Fargate worker image to ECR | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| inputs: | |
| COMMIT_SHA: | |
| description: 'Branch ref to checkout. Needed for pull_request_target to be able to pull correct ref.' | |
| type: string | |
| required: true | |
| USE_COMMIT_SHA_IN_VERSION: | |
| description: 'Whether to use the commit sha in building the pkg version of the image.' | |
| type: boolean | |
| secrets: | |
| ECR_WORKER_IMAGE_PUSH_ROLE_ARN: | |
| description: 'ARN of the IAM role to assume to push the image to ECR.' | |
| required: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build_docker_image: | |
| runs-on: ubuntu-latest | |
| env: | |
| # Set by the caller workflow, defaults to github.sha when not passed (e.g. workflow_dispatch against a branch) | |
| WORKER_VERSION: ${{ inputs.COMMIT_SHA || github.sha }} | |
| strategy: | |
| matrix: | |
| platform: [ linux/amd64 , linux/arm64 ] | |
| registry: [ public, private ] | |
| include: | |
| # sets platform_name to match AWS convention | |
| - platform: linux/amd64 | |
| registry: public | |
| platform_name: x86_64 | |
| - platform: linux/amd64 | |
| registry: private | |
| platform_name: x86_64 | |
| - platform: linux/arm64 | |
| registry: public | |
| platform_name: arm64 | |
| - platform: linux/arm64 | |
| registry: private | |
| platform_name: arm64 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.WORKER_VERSION }} | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v2 | |
| - name: Replace package version | |
| if: ${{ inputs.USE_COMMIT_SHA_IN_VERSION || false }} | |
| run: node .github/workflows/scripts/replace-package-versions.js | |
| env: | |
| COMMIT_SHA: ${{ env.WORKER_VERSION }} | |
| REPLACE_MAIN_VERSION_ONLY: true # we don't need to replace dependencies, as docker image builds using workspaces | |
| - name: Get Artillery version | |
| # we only want to tag with an actual version from pkg.json outside of PRs and manual dispatches | |
| # NOTE: can't check for refs/head/main because of pull_request_target used in some workflows | |
| if: github.event.pull_request == null && github.event_name != 'workflow_dispatch' | |
| run: | | |
| echo "WORKER_VERSION=$(node -e 'console.log(require("./packages/artillery/package.json").version)')" >> $GITHUB_ENV | |
| - name: Show git ref | |
| run: | | |
| echo GITHUB REF ${{ github.ref }} | |
| echo GITHUB PR HEAD SHA ${{ github.event.pull_request.head.sha }} | |
| echo GITHUB SHA ${{ github.sha }} | |
| echo WORKER_VERSION ENV ${{ env.WORKER_VERSION }} | |
| - name: Configure AWS Credentials (Public ECR) | |
| if: matrix.registry == 'public' | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: us-east-1 | |
| audience: sts.amazonaws.com | |
| role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
| role-session-name: OIDCSession | |
| mask-aws-account-id: true | |
| - name: Login to Amazon (Public ECR) | |
| if: matrix.registry == 'public' | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| registry-type: public | |
| - name: Build the Docker image (public) | |
| if: matrix.registry == 'public' | |
| env: | |
| DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }} | |
| run: | | |
| docker build . --platform ${{ matrix.platform }} --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
| - name: Push Docker image (Public - Fargate) | |
| if: matrix.registry == 'public' | |
| env: | |
| DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }} | |
| run: | | |
| docker push public.ecr.aws/d8a4z9o5/artillery-worker:${{ env.DOCKER_TAG }} | |
| - name: Configure AWS Credentials (Private ECR) | |
| if: matrix.registry == 'private' | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: eu-west-1 | |
| audience: sts.amazonaws.com | |
| role-to-assume: ${{ secrets.ECR_WORKER_IMAGE_PUSH_ROLE_ARN }} | |
| role-session-name: OIDCSession | |
| mask-aws-account-id: true | |
| - name: Login to Amazon (Private ECR) | |
| if: matrix.registry == 'private' | |
| id: login-ecr-private | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build the Docker image (Private) | |
| if: matrix.registry == 'private' | |
| env: | |
| DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }} | |
| run: | | |
| docker build . --platform ${{ matrix.platform }} --build-arg="WORKER_VERSION=${{ env.WORKER_VERSION }}" --tag 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} -f ./packages/artillery/lib/platform/aws-ecs/worker/Dockerfile | |
| - name: Push Docker image (Private - Fargate) | |
| if: matrix.registry == 'private' | |
| env: | |
| DOCKER_TAG: ${{ env.WORKER_VERSION }}-${{ matrix.platform_name }} | |
| run: | | |
| docker push 248481025674.dkr.ecr.eu-west-1.amazonaws.com/artillery-worker:${{ env.DOCKER_TAG }} | |