copy env vars for vault #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| push: | |
| # branches: | |
| # - main | |
| # pull_request: | |
| workflow_call: | |
| inputs: | |
| branch: | |
| description: "Branch name for build" | |
| required: true | |
| type: string | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| VAULT_PW: ${{ secrets.VAULT_PW }} | |
| REPORT_COVERAGE: true | |
| DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }} | |
| ENV: "github-ci" | |
| jobs: | |
| docker_build: | |
| runs-on: self-hosted | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/checkout@v4 | |
| with: | |
| # path: dpc-app | |
| ref: ${{ github.ref_name }} | |
| - name: Check docker version | |
| run: docker --version | |
| - name: Install docker compose manually | |
| # run: sudo mkdir -p /usr/local/lib/docker/cli-plugins | | |
| # curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-"$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose | |
| # sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose | |
| run: | | |
| sudo mkdir -p /usr/local/lib/docker/cli-plugins | |
| sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose | |
| sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose | |
| sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose | |
| - name: Docker compose version | |
| run: docker compose version | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-dev-github-actions | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: "Set up JDK 11" | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: "11" | |
| - name: Run docker command manually on self-hosted | |
| run: docker compose -f ./docker-compose.base.yml build base | |
| - name: Build app | |
| run: make ci-app | |
| - name: Build portal # this is run in parallel with the app build on jenkins, might break out to separate job | |
| run: make ci-portals-v1 | |
| # - name: Build, tag, and push docker image to Amazon ECR | |
| # env: | |
| # REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| # REPOSITORY: my-ecr-repo | |
| # IMAGE_TAG: ${{ github.sha }} | |
| # run: | | |
| # IMAGE_TAG=hardocedstringfornow | |
| # REPOSITORIES=['api', 'attribution', 'aggregation', 'consent', 'web', 'web-admin', 'web-portal'] | |
| # docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
| # docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| # - name: Tag images | |
| # run: | # tag | |
| # echo "hi" | |
| # | |
| - name: Push artifacts | |
| run: | # tag | |
| # use ECR to save the artifacts | |
| # TODO convert over to GHA | |
| # - name: ECR Login | |
| # run: "log into ECR here and then push up images" | |
| # docker.withRegistry("https://$docker_ecr") { | |
| # for (component in ['web', 'web-admin', 'web-portal']) { | |
| # docker.image("${docker_ecr}/dpc-${component}:latest").push() | |
| # docker.image("${docker_ecr}/dpc-${component}:$version_tag").push() | |
| # } | |
| # } |