feat(ci): Docker build rework #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| branches: [main, 'release-*', 'pre-release-*'] | |
| push: | |
| branches: [main, 'release-*', 'pre-release-*'] | |
| workflow_dispatch: | |
| inputs: | |
| projects: | |
| description: 'Comma-separated list of project names to build.' | |
| required: true | |
| concurrency: | |
| group: docker-build-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash -euo pipefail {0} | |
| env: | |
| PUSH_REGISTRY: ${{ vars.PUSH_REGISTRY }} | |
| DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY || 'docker.io' }} | |
| jobs: | |
| prepare_matrix: | |
| name: Prepare workflow Docker build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create matrix from input | |
| id: set-matrix | |
| env: | |
| # Check for 'small debug' label | |
| small_debug: ${{ github.event.pull_request.labels.*.name == 'small-debug' }} | |
| run: | | |
| if [[ ${small_debug} == true ]]; then | |
| output="matrix=$( | |
| echo '{ | |
| "include":[ | |
| {"project":"web","docker":"next"}, | |
| {"project":"api","docker":"nest"}, | |
| {"project":"service-portal","docker":"static"} | |
| ] | |
| }' | jq -c | |
| )" | |
| echo "$output" >>"$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| # Create a list of objects of the form: | |
| # [ | |
| # { | |
| # "name": "services-my-service", | |
| # "docker": "next|nest|mytype" | |
| # }, | |
| # ... | |
| # ] | |
| echo "matrix=$(git ls-files '**/project.json' | | |
| xargs cat | \ | |
| jq -s -c '{ include: [ | |
| .[] | |
| | { | |
| project: .name, | |
| docker: (.targets | keys | map(select(startswith("docker-"))) | map(sub("^docker-"; "")) | .[]) | |
| } | |
| ] | |
| }')" >>"$GITHUB_OUTPUT" | |
| build: | |
| name: Build ${{ matrix.project }} | |
| runs-on: ubuntu-latest | |
| needs: prepare_matrix | |
| strategy: | |
| fail-fast: true | |
| matrix: ${{ fromJson(needs.prepare_matrix.outputs.matrix) }} | |
| max-parallel: 1 | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| steps: | |
| - name: Debug inputs | |
| run: | | |
| echo "Matrix: ${{ toJSON(matrix) }}" | |
| - name: Check out repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| if: ${{ !env.ACT && env.PUSH_REGISTRY && env.PUSH_REGISTRY != 'ghcr.io' }} | |
| id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: docker-build | |
| aws-region: ${{ vars.AWS_REGION }} | |
| # Identical to usage in push.yml | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # Use this instead of aws-{access,secret}, but needs proper roles & policies | |
| # role-to-assume: ${{ vars.AWS_ECR_ROLE }} | |
| - name: Log in to Amazon ECR | |
| if: ${{ steps.aws-creds.conclusion == 'success' }} | |
| id: ecr-login | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Log in to Docker | |
| if: ${{ !env.ACT && env.PUSH_REGISTRY == 'ghcr.io' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| env: | |
| # Append a slash when PUSH_REGISTRY is non-empty | |
| registry: "${{ env.PUSH_REGISTRY }}${{ env.PUSH_REGISTRY && '/' || '' }}" | |
| # We don't use a repository prefix, just the raw project | |
| # repository: '${{ github.repository }}/${{ matrix.project }}' | |
| repository: '${{ matrix.project }}' | |
| with: | |
| images: | | |
| ${{ env.registry }}${{ env.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| # Git SHA | |
| type=sha,format=short | |
| type=sha,format=long | |
| # SemVer by tag (e.g. v1.2.3) | |
| type=semver,pattern={{version}} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: scripts/ci/Dockerfile | |
| push: ${{ !env.ACT }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| build-args: | | |
| NODE_IMAGE_TAG=latest | |
| DOCKER_REGISTRY=${{ env.DOCKER_REGISTRY }} | |
| status: | |
| name: Collect statuses | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: | |
| - prepare_matrix | |
| - build | |
| steps: | |
| - name: Check statuses | |
| env: | |
| dependencies: ${{ toJSON(needs) }} | |
| run: | | |
| # Debug inputs | |
| echo "$dependencies" | jq | |
| # Loop through each job and ensure .result == "success" | |
| for job in $(echo "$dependencies" | jq -r 'keys[]'); do | |
| result=$(echo "$dependencies" | jq -r ".[\"$job\"].result") | |
| echo "Job $job => $result" | |
| if [ "$result" != "success" ]; then | |
| echo "Dependency $job failed." | |
| exit 1 | |
| fi | |
| done | |
| echo "All dependencies succeeded!" |