|
17 | 17 | env: |
18 | 18 | REGISTRY: ghcr.io |
19 | 19 | IMAGE_PREFIX: ${{ github.repository }} |
| 20 | + ECR_REGISTRY: 524473328983.dkr.ecr.us-west-2.amazonaws.com |
| 21 | + ECR_IMAGE_PREFIX: nemoclaw-community |
20 | 22 |
|
21 | 23 | permissions: |
22 | 24 | contents: read |
@@ -243,3 +245,78 @@ jobs: |
243 | 245 | BASE_IMAGE=${{ steps.base.outputs.image }} |
244 | 246 | cache-from: type=gha,scope=${{ matrix.sandbox }} |
245 | 247 | cache-to: type=gha,mode=max,scope=${{ matrix.sandbox }} |
| 248 | + |
| 249 | + # --------------------------------------------------------------------------- |
| 250 | + # Publish images to ECR (re-tag from GHCR, no rebuild required) |
| 251 | + # --------------------------------------------------------------------------- |
| 252 | + publish-ecr: |
| 253 | + name: Publish to ECR |
| 254 | + needs: [detect-changes, build-base, build] |
| 255 | + if: | |
| 256 | + always() && |
| 257 | + github.ref == 'refs/heads/main' && |
| 258 | + needs.detect-changes.result == 'success' && |
| 259 | + (needs.build-base.result == 'success' || needs.build-base.result == 'skipped') && |
| 260 | + (needs.build.result == 'success' || needs.build.result == 'skipped') |
| 261 | + runs-on: ubuntu-latest |
| 262 | + env: |
| 263 | + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 264 | + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 265 | + AWS_DEFAULT_REGION: us-west-2 |
| 266 | + steps: |
| 267 | + - name: Lowercase image prefix |
| 268 | + id: repo |
| 269 | + run: echo "image_prefix=${IMAGE_PREFIX,,}" >> "$GITHUB_OUTPUT" |
| 270 | + |
| 271 | + - name: Set up Docker Buildx |
| 272 | + uses: docker/setup-buildx-action@v3 |
| 273 | + |
| 274 | + - name: Log in to GHCR |
| 275 | + uses: docker/login-action@v3 |
| 276 | + with: |
| 277 | + registry: ${{ env.REGISTRY }} |
| 278 | + username: ${{ github.actor }} |
| 279 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 280 | + |
| 281 | + - name: Log in to ECR |
| 282 | + run: aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} |
| 283 | + |
| 284 | + - name: Copy base image to ECR |
| 285 | + if: needs.detect-changes.outputs.base-changed == 'true' |
| 286 | + run: | |
| 287 | + set -euo pipefail |
| 288 | + GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/base" |
| 289 | + ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/base" |
| 290 | + SHA="${{ github.sha }}" |
| 291 | +
|
| 292 | + echo "Copying ${GHCR_IMAGE}:${SHA} -> ${ECR_IMAGE}:${SHA}" |
| 293 | + docker buildx imagetools create \ |
| 294 | + -t "${ECR_IMAGE}:${SHA}" \ |
| 295 | + "${GHCR_IMAGE}:${SHA}" |
| 296 | +
|
| 297 | + echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
| 298 | + docker buildx imagetools create \ |
| 299 | + -t "${ECR_IMAGE}:latest" \ |
| 300 | + "${GHCR_IMAGE}:latest" |
| 301 | +
|
| 302 | + - name: Copy sandbox images to ECR |
| 303 | + if: needs.detect-changes.outputs.sandboxes != '[]' |
| 304 | + run: | |
| 305 | + set -euo pipefail |
| 306 | + SANDBOXES='${{ needs.detect-changes.outputs.sandboxes }}' |
| 307 | + SHA="${{ github.sha }}" |
| 308 | +
|
| 309 | + for SANDBOX in $(echo "$SANDBOXES" | jq -r '.[]'); do |
| 310 | + GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/${SANDBOX}" |
| 311 | + ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/${SANDBOX}" |
| 312 | +
|
| 313 | + echo "Copying ${GHCR_IMAGE}:${SHA} -> ${ECR_IMAGE}:${SHA}" |
| 314 | + docker buildx imagetools create \ |
| 315 | + -t "${ECR_IMAGE}:${SHA}" \ |
| 316 | + "${GHCR_IMAGE}:${SHA}" |
| 317 | +
|
| 318 | + echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
| 319 | + docker buildx imagetools create \ |
| 320 | + -t "${ECR_IMAGE}:latest" \ |
| 321 | + "${GHCR_IMAGE}:latest" |
| 322 | + done |
0 commit comments