Added dive and mint to image #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.docker.com/build/ci/github-actions/multi-platform/ | |
| # https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
| # "token.actions.githubusercontent.com:sub" =~ "repo:erhhung/al2023-devops:ref:refs/tags/*" | |
| name: CI Pipeline | |
| on: | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#push | |
| push: | |
| tags: | |
| # match on year.month[.day]: YY.MM[.dd] | |
| # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
| - '[2-9][0-9].[0-1][0-9].?[0-3]?[0-9]?' | |
| env: | |
| IMAGE_LABELS: |- | |
| org.opencontainers.image.authors=Erhhung Yuan <[email protected]> | |
| # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication | |
| # https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps | |
| permissions: | |
| id-token: write # obtain JWT via OIDC | |
| contents: read # repository checkout | |
| packages: write # push image to GHCR | |
| actions: write # caches & artifacts | |
| jobs: | |
| launch-runner: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/aws-actions/configure-aws-credentials | |
| - name: Configure AWS Credentials | |
| id: aws | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ vars.RUNNER_AWS_REGION }} | |
| role-to-assume: ${{ vars.RUNNER_OIDC_ROLE_ARN }} | |
| # https://github.com/erhhung/ec2-github-runner | |
| - name: Launch Temporary EC2 Runner | |
| id: runner | |
| uses: erhhung/ec2-github-runner@v3 | |
| env: | |
| RUN_INFO: ${{ github.run_id }}-${{ github.run_attempt }} | |
| with: | |
| mode: start | |
| # cannot use github.token as it does not support | |
| # required metadata & administration permissions | |
| github-token: ${{ secrets.RUNNER_GITHUB_REPOS_PAT }} | |
| labels: Linux,ARM64,AL2023 | |
| image-id: ${{ vars.RUNNER_ARM64_AMI_ID }} | |
| # runner could lose connection to GitHub Actions | |
| # if using instance type smaller than t4g.xlarge | |
| instance-type: ${{ vars.RUNNER_ARM64_INSTANCE_TYPE }} | |
| spot-instance: 'true' | |
| root-volume-size: '${{ vars.RUNNER_ROOT_VOLUME_SIZE }}' | |
| subnet-id: ${{ vars.RUNNER_SUBNET_ID }} | |
| security-group-id: ${{ vars.RUNNER_SECURITY_GROUP_ID }} | |
| iam-role-name: ${{ vars.RUNNER_INSTANCE_ROLE_NAME }} | |
| aws-resource-tags: >- | |
| [ | |
| {"Key": "Name", "Value": "github-runner-${{ env.RUN_INFO }}"}, | |
| {"Key": "GitHubRepo", "Value": "${{ github.repository }}"} | |
| ] | |
| pre-runner-script: |- | |
| hostname="runner-$(date '+%y%m%d%H%M')-${{ env.RUN_INFO }}" && \ | |
| hostnamectl set-hostname $hostname # host name == runner name | |
| # iptables is required to set up Docker | |
| # libicu is required by GHA Dotnet Core | |
| dnf update && dnf install -y git iptables libicu | |
| - name: Prepare Job Output Values | |
| id: output | |
| run: |- | |
| csv="self-hosted,${{ steps.runner.outputs.labels }}" | |
| cat <<EOF >> $GITHUB_OUTPUT | |
| labels-csv=$csv | |
| labels-json=["${csv//,/\",\"}"] | |
| EOF | |
| outputs: | |
| runner-name: ${{ steps.runner.outputs.runner-name }} | |
| instance-id: ${{ steps.runner.outputs.instance-id }} | |
| labels-json: '${{ steps.output.outputs.labels-json }}' | |
| labels-csv: '${{ steps.output.outputs.labels-csv }}' | |
| # because env cannot be passed to reusable workflows: | |
| # https://github.com/orgs/community/discussions/26671 | |
| prepare-inputs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set env Variables as Outputs | |
| run: '#' | |
| outputs: | |
| image-labels: ${{ env.IMAGE_LABELS }} | |
| build-amd64: | |
| needs: prepare-inputs | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| platform: linux/amd64 | |
| image-labels: ${{ needs.prepare-inputs.outputs.image-labels }} | |
| secrets: inherit | |
| build-arm64: | |
| needs: | |
| - launch-runner | |
| - prepare-inputs | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| platform: linux/arm64 | |
| runs-on: ${{ needs.launch-runner.outputs.labels-json }} | |
| image-labels: ${{ needs.prepare-inputs.outputs.image-labels }} | |
| secrets: inherit | |
| merge-manifests: | |
| needs: | |
| - build-amd64 | |
| - build-arm64 | |
| - prepare-inputs | |
| uses: ./.github/workflows/merge.yml | |
| with: | |
| image-labels: ${{ needs.prepare-inputs.outputs.image-labels }} | |
| secrets: inherit | |
| terminate-runner: | |
| if: always() | |
| needs: | |
| - launch-runner | |
| - build-arm64 | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/aws-actions/configure-aws-credentials | |
| - name: Configure AWS Credentials | |
| id: aws | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ vars.RUNNER_AWS_REGION }} | |
| role-to-assume: ${{ vars.RUNNER_OIDC_ROLE_ARN }} | |
| # https://github.com/erhhung/ec2-github-runner | |
| - name: Terminate Temporary EC2 Runner | |
| id: runner | |
| uses: erhhung/ec2-github-runner@v3 | |
| with: | |
| mode: stop | |
| # cannot use github.token as it does not support | |
| # required metadata & administration permissions | |
| github-token: ${{ secrets.RUNNER_GITHUB_REPOS_PAT }} | |
| labels: ${{ needs.launch-runner.outputs.labels-csv }} | |
| instance-id: ${{ needs.launch-runner.outputs.instance-id }} |