Skip to content
.github/workflows/stage-3-build-images-devtest.yaml

feat: test the tag #2

Sign in to view logs

feat: test the tag

feat: test the tag #2

Workflow file for this run

.github/workflows/stage-3-build-images-devtest.yaml at 7a0313d
name: Docker Image CI

Check failure on line 1 in .github/workflows/stage-3-build-images-devtest.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/stage-3-build-images-devtest.yaml

Invalid workflow file 

(Line: 70, Col: 9): There's not enough info to determine what you meant. Add one of these properties: run, shell, uses, with, working-directory
on:
workflow_call:
inputs:
environment_tag:
description: Environment of the deployment
required: true
type: string
default: development
docker_compose_file:
description: The path of the compose.yaml file needed to build docker images
required: true
type: string
function_app_source_code_path:
description: The source path of the function app source code for the docker builds
required: true
type: string
project_name:
description: The name of the project
required: true
type: string
excluded_containers_csv_list:
description: Excluded containers in a comma separated list
required: true
type: string
build_all_images:
description: Build all images (true) or only changed ones (false)
required: false
type: boolean
default: false
secrets:
client_id:
description: 'The Azure Client ID.'
required: true
tenant_id:
description: 'The Azure Tenant ID.'
required: true
subscription_id:
description: 'The Azure Subscription ID.'
required: true
acr_name:
description: 'The name of the Azure Container Registry.'
required: true
jobs:
get-functions:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
id-token: write
outputs:
FUNC_NAMES: ${{ steps.get-function-names.outputs.FUNC_NAMES }}
DOCKER_COMPOSE_DIR: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout dtos-devops-templates repository
uses: actions/checkout@v4
with:
repository: NHSDigital/dtos-devops-templates
path: templates
ref: main
- name: Determine which Docker container(s) to build
build-and-push:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
needs: get-functions
strategy:
matrix:
function: ${{ fromJSON(needs.get-functions.outputs.FUNC_NAMES) }}
if: needs.get-functions.outputs.FUNC_NAMES != '[]'
outputs:
pr_num_tag: ${{ env.PR_NUM_TAG }}
short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 1
submodules: 'true'
- name: Checkout dtos-devops-templates repository
uses: actions/checkout@v4
with:
repository: NHSDigital/dtos-devops-templates
path: templates
ref: main
- name: Az CLI login
if: github.ref == 'refs/heads/main'
uses: azure/login@v2
with:
client-id: ${{ secrets.client_id }}
tenant-id: ${{ secrets.tenant_id }}
subscription-id: ${{ secrets.subscription_id }}
- name: Azure Container Registry login
if: github.ref == 'refs/heads/main'
env:
ACR_NAME: ${{ secrets.acr_name }}
run: az acr login --name ${ACR_DEVTEST_NAME}
- name: Create Tags
env:
GH_TOKEN: ${{ github.token }}
ENVIRONMENT_TAG: ${{ inputs.environment_tag }}
continue-on-error: false
run: |
echo "The branch is: ${GITHUB_REF}"
if [[ "${GITHUB_REF}" == refs/pull/*/merge ]]; then
PR_NUM_TAG=$(echo "${GITHUB_REF}" | sed 's/refs\/pull\/\([0-9]*\)\/merge/\1/')
else
PULLS_JSON=$(gh api /repos/{owner}/{repo}/commits/${GITHUB_SHA}/pulls)
ORIGINATING_BRANCH=$(echo ${PULLS_JSON} | jq -r '.[].head.ref' | python3 -c "import sys, urllib.parse; print(urllib.parse.quote_plus(sys.stdin.read().strip()))")
echo "ORIGINATING_BRANCH: ${ORIGINATING_BRANCH}"
PR_NUM_TAG=$(echo ${PULLS_JSON} | jq -r '.[].number')
fi
echo "PR_NUM_TAG: pr${PR_NUM_TAG}"
echo "PR_NUM_TAG=pr${PR_NUM_TAG}" >> ${GITHUB_ENV}
SHORT_COMMIT_HASH=$(git rev-parse --short ${GITHUB_SHA})
echo "Commit hash tag: ${SHORT_COMMIT_HASH}"
echo "COMMIT_HASH_TAG=${SHORT_COMMIT_HASH}" >> ${GITHUB_ENV}
echo "ENVIRONMENT_TAG=${ENVIRONMENT_TAG}" >> ${GITHUB_ENV}
- name: Build and Push Image
working-directory: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
continue-on-error: false
env:
COMPOSE_FILE: ${{ inputs.docker_compose_file }}
PROJECT_NAME: ${{ inputs.project_name }}
ACR_NAME: ${{ secrets.acr_name }}
run: |
function=${{ matrix.function }}
echo PROJECT_NAME: ${PROJECT_NAME}
if [ -z "${function}" ]; then
echo "Function variable is empty. Skipping Docker build."
exit 0
fi
# Build the image
docker compose -f ${COMPOSE_FILE//,/ -f } -p ${PROJECT_NAME} --profile "*" build --no-cache --pull ${function}
repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
echo $(repo_name)
# Tag the image
echo "Tag the image:"
docker tag ${PROJECT_NAME}-$ {function}:latest "$repo_name:${COMMIT_HASH_TAG}"
docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${PR_NUM_TAG}"
docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${ENVIRONMENT_TAG}"
# If this variable is set, the create-sbom-report.sh script will scan this docker image instead.
export CHECK_DOCKER_IMAGE=${PROJECT_NAME}-${function}:latest
export FORCE_USE_DOCKER=true
export PR_NUM_TAG=${PR_NUM_TAG}
echo "PR_NUM_TAG=${PR_NUM_TAG}" >> ${GITHUB_ENV}
# Push the image to the repository
docker push "${repo_name}:${COMMIT_HASH_TAG}"
if [ "${PR_NUM_TAG}" != 'pr' ]; then
docker push "${repo_name}:${PR_NUM_TAG}"
fi
docker push "${repo_name}:${ENVIRONMENT_TAG}"
- name: Cleanup the docker images
env:
PROJECT_NAME: ${{ inputs.project_name }}
ACR_NAME: ${{ secrets.acr_name }}
run: |
function=${{ matrix.function }}
repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
# Remove the images
docker rmi "${repo_name}:${COMMIT_HASH_TAG}"
docker rmi "${repo_name}:${PR_NUM_TAG}"
docker rmi "${repo_name}:${ENVIRONMENT_TAG}"
docker rmi ${PROJECT_NAME}-${function}:latest