diff --git a/.github/workflows/build-production.yml b/.github/workflows/build-production.yml new file mode 100644 index 0000000..e09ece1 --- /dev/null +++ b/.github/workflows/build-production.yml @@ -0,0 +1,102 @@ +# Merge changes to support target back to: +# https://raw.githubusercontent.com/mlibrary/platform-engineering-workflows/main/.github/workflows/build-production.yml +# Problem statement: +# - We need to pass target to build-push-action for lauth; not for others +# - Normally, the last stage is built, but we can't refer to "last" or its index to supply it generically by default +# - We don't know how to detect an input here and conditionally pass it to the build-push-action. +# - So, we have the condition at a rather funky spot... two mutually exclusive build steps, one with target and one without +# +# Maybe always passing inputs.target would just work (by being shuttled around as undefined)? +name: Build production image + +on: + workflow_call: + inputs: + docker_context: + type: string + default: "." + required: false + dockerfile: + type: string + default: Dockerfile.prod + required: false + image_name: + type: string + required: true + description: The base name of the image. + tag: + description: tag + required: true + type: string + target: + description: Target stage within the Dockerfile + required: false + type: string + secrets: + GH_PACKAGE_READ_TOKEN: + required: true + +jobs: + build_production: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Check that the tag exists in repo + id: tag_check + run: | + if git rev-parse 'refs/tags/${{ inputs.tag }}' &> /dev/null; then + echo 'tag=${{ inputs.tag }}' >> $GITHUB_OUTPUT + else + echo "Couldn't figure out tag from input: ${{ inputs.tag }}" + echo "Aborting deployment." + false + fi + - name: Log into Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Check that the tag exists in container registry + id: image_check + run: | + if docker manifest inspect ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }} > /dev/null; then + echo 'image_exists=true' >> $GITHUB_OUTPUT + echo "image exists!" + else + echo "image doesn't exist; Starting to Build and push image" + fi + - name: Checkout Correct repository + if: ${{ steps.image_check.outputs.image_exists != 'true' }} + uses: actions/checkout@v4 + with: + ref: ${{ steps.tag_check.outputs.tag }} + - name: Build and Push (without target) + if: ${{ steps.image_check.outputs.image_exists != 'true' && !inputs.target }} + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.docker_context }} + file: ${{ inputs.dockerfile }} + secrets: | + "gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}" + "github_token=${{ secrets.GITHUB_TOKEN }}" + push: true + tags: | + ghcr.io/mlibrary/${{ inputs.image_name }}:latest + ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }} + - name: Build and Push (with target) + if: ${{ steps.image_check.outputs.image_exists != 'true' && !!inputs.target }} + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.docker_context }} + file: ${{ inputs.dockerfile }} + target: ${{ inputs.target }} + secrets: | + "gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}" + "github_token=${{ secrets.GITHUB_TOKEN }}" + push: true + tags: | + ghcr.io/mlibrary/${{ inputs.image_name }}:latest + ghcr.io/mlibrary/${{ inputs.image_name }}:${{ steps.tag_check.outputs.tag }} diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 4abf911..46d147f 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -7,7 +7,8 @@ on: jobs: build-staging: name: Build staging ${{ github.event.release.tag_name }} - uses: mlibrary/platform-engineering-workflows/.github/workflows/build-production.yml@v1 + # uses: mlibrary/lauth/.github/workflows/build-production.yml@v1 + uses: ./.github/workflows/build-production.yml@v1 with: image_name: ${{ vars.IMAGE_NAME }} tag: ${{ github.event.release.tag_name }}