Change AWS ECR account #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python CI with Docker (AWS) | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| # permission can be added at job level or workflow level | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_MWP }} | |
| ECR_REGISTRY: 207912665906.dkr.ecr.ap-northeast-2.amazonaws.com | |
| ECR_REPOSITORY: mwp/tails | |
| IMAGE_TAG: ${{ github.sha }} | |
| DOCKERFILE_PATH: docker/Dockerfile.tails-server | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Slack message - start | |
| uses: act10ns/[email protected] | |
| with: | |
| status: starting | |
| if: always() | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ap-northeast-2 | |
| role-to-assume: arn:aws:iam::207912665906:role/mobilewallet-github-actions-role | |
| role-session-name: MobileWalletEcrAccess | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-and-push-to-ecr | |
| run: | | |
| docker build -f $DOCKERFILE_PATH -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| - name: Slack messsae - end | |
| uses: act10ns/[email protected] | |
| with: | |
| status: ${{ job.status }} | |
| steps: ${{ toJson(steps) }} | |
| if: always() | |
| update-configuration: | |
| needs: build-and-push-image | |
| runs-on: ubuntu-20.04 | |
| concurrency: kustomize | |
| steps: | |
| - name: Checkout mwp-config | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: sktston/mwp-config | |
| token: ${{ secrets.PAT }} | |
| - name: Setup Kustomize | |
| id: setup-kustomize | |
| uses: imranismail/setup-kustomize@v1 | |
| with: | |
| kustomize-version: "3.9.4" | |
| - name: Update the image tag with Kustomize | |
| id: update-config-with-kustomize | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git checkout ${GITHUB_REF##*/} | |
| git pull origin ${GITHUB_REF##*/} | |
| cd overlays/${GITHUB_REF##*/} | |
| kustomize edit set image $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| git add kustomization.yaml | |
| git commit -m "Deploying image $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
| git push origin ${GITHUB_REF##*/} | |
| - name: Slack messsae - end | |
| uses: act10ns/[email protected] | |
| with: | |
| status: ${{ job.status }} | |
| steps: ${{ toJson(steps) }} | |
| if: always() |