Skip to content

Commit 806376e

Browse files
gregaliagregalia
committed
feat: Publish to GHCR rather than ECR
GHCR: GitHub Container Registry ECR: AWS Elastic Container Registry https://firetail-io.atlassian.net/browse/FIRE-1839
1 parent 398103a commit 806376e

File tree

2 files changed

+92
-66
lines changed

2 files changed

+92
-66
lines changed

.github/workflows/draft-release.yml

Lines changed: 52 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
1-
name: Draft Release On Push To Main And Push Prerelease Image To ECR
1+
name: Draft Release
2+
run-name: '@${{ github.triggering_actor }}: ${{ github.ref_name }}: ${{ github.event_name }}'
23

34
on:
45
push:
56
branches:
67
- main
78

89
env:
9-
AWS_REGION: us-east-1
10-
ECR_REGISTRY: public.ecr.aws/x7v5r9e4
11-
ECR_REPOSITORY: firetail-code-repository-scanner
12-
10+
REGISTRY: ghcr.io
11+
IMAGE_NAME: firetail-code-repository-scanner
12+
1313
jobs:
1414
draft-release:
1515
name: Draft Release
@@ -23,34 +23,58 @@ jobs:
2323

2424
steps:
2525
- name: Checkout
26-
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
26+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2727

2828
- name: Draft Release
2929
id: draft_release
30-
uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e
30+
uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0
3131
env:
3232
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3333

34-
- name: Configure AWS Credentials
35-
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
36-
with:
37-
aws-region: ${{ env.AWS_REGION }}
38-
role-to-assume: ${{ secrets.AWS_ACCOUNT_ROLE_ARN }}
39-
role-session-name: git-api-discovery-publish-action-draft
34+
- name: Set Image Tags From Release Output
35+
run: |
36+
cat <<HEREDOC >>${{ github.env }}
37+
PRERELEASE_IMAGE_TAG=${{ steps.draft_release.outputs.tag_name }}-prerelease
38+
PRERELEASE_LAMBDA_IMAGE_TAG=${{ steps.draft_release.outputs.tag_name }}-lambda-prerelease
39+
HEREDOC
4040
41-
- name: Login to ECR and build, tag & push prerelease images
42-
env:
43-
PRERELEASE_IMAGE_TAG: ${{ steps.draft_release.outputs.tag_name }}-prerelease
44-
PRERELEASE_LAMBDA_IMAGE_TAG: ${{ steps.draft_release.outputs.tag_name }}-lambda-prerelease
41+
- name: Log In to the Container Registry
42+
run: |
43+
docker login ${{ env.REGISTRY }} \
44+
--username ${{ github.actor }} \
45+
--password-stdin <<<${{ secrets.GITHUB_TOKEN }}
46+
47+
- name: Build and Push Runtime Image
4548
run: |
46-
aws ecr-public get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin public.ecr.aws
47-
docker build --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG -f build_setup/Dockerfile .
48-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
49-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-prerelease
50-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
51-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-prerelease
52-
docker build --target runtime-lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG -f build_setup/Dockerfile .
53-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda-prerelease
54-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG
55-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda-prerelease
56-
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG" >> $GITHUB_OUTPUT
49+
docker build \
50+
--target runtime \
51+
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }} \
52+
--file build_setup/Dockerfile \
53+
"${PWD}"
54+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }} \
55+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
56+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }}
57+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
58+
59+
- name: Build and Push Lambda Image
60+
run: |
61+
docker build \
62+
--target runtime-lambda \
63+
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }} \
64+
--file build_setup/Dockerfile \
65+
"${PWD}"
66+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }} \
67+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
68+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }}
69+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
70+
71+
- name: Summarize Workflow Run
72+
run: |
73+
cat <<HEREDOC >>${GITHUB_STEP_SUMMARY}
74+
## Successfully Pushed:
75+
76+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }}
77+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
78+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }}
79+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
80+
HEREDOC

.github/workflows/publish-release.yml

Lines changed: 40 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,56 +1,58 @@
1-
name: Pull Prerelease Image From ECR And Push As Release Image When Draft Release Is Published
2-
1+
name: Publish Release
2+
run-name: '@${{ github.triggering_actor }}: ${{ github.ref_name }}: ${{ github.event_name }}: ${{ github.event.action }}'
33
on:
44
release:
55
types: [published]
66

77
env:
8-
AWS_REGION: us-east-1
9-
ECR_REGISTRY: public.ecr.aws/x7v5r9e4
10-
ECR_REPOSITORY: firetail-code-repository-scanner
8+
REGISTRY: ghcr.io
9+
IMAGE_NAME: firetail-code-repository-scanner
1110

1211
jobs:
1312
publish-release:
1413
name: Publish Release
15-
1614
environment: prod
17-
1815
runs-on: ubuntu-latest
1916
permissions:
2017
id-token: write
2118
contents: read
2219
pull-requests: write
2320

2421
steps:
25-
- name: Get release
26-
id: get_release
27-
uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f
28-
env:
29-
GITHUB_TOKEN: ${{ github.token }}
30-
- name: Configure AWS Credentials
31-
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
32-
with:
33-
aws-region: ${{ env.AWS_REGION }}
34-
role-to-assume: ${{ secrets.AWS_ACCOUNT_ROLE_ARN }}
35-
role-session-name: git-api-discovery-publish-action-prod
36-
37-
- name: Pull prerelease images from ECR, retag them as a releases, and push them back to ECR with their new tags
38-
id: build-image
39-
env:
40-
PRERELEASE_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-prerelease
41-
PRERELEASE_LAMBDA_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-lambda-prerelease
42-
IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}
43-
LAMBDA_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-lambda
22+
23+
- name: Log In to the Container Registry
24+
run: |
25+
docker login ${{ env.REGISTRY }} \
26+
--username ${{ github.actor }} \
27+
--password-stdin <<<${{ secrets.GITHUB_TOKEN }}
28+
29+
- name: Publish Prelease Lambda Image as Full Release
4430
run: |
45-
aws ecr-public get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin public.ecr.aws
46-
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
47-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
48-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
49-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
50-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
51-
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG
52-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$LAMBDA_IMAGE_TAG
53-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$LAMBDA_IMAGE_TAG
54-
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda
55-
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda
56-
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
31+
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease
32+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease \
33+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
34+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease \
35+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
36+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
37+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
38+
39+
- name: Publish Prelease Lambda Image as Full Release
40+
run: |
41+
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease
42+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease \
43+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
44+
docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease \
45+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
46+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
47+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
48+
49+
- name: Summarize Workflow Run
50+
run: |
51+
cat <<HEREDOC >>${GITHUB_STEP_SUMMARY}
52+
## Successfully Pushed:
53+
54+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
55+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
56+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
57+
- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
58+
HEREDOC

0 commit comments

Comments
 (0)