action.yaml

name: build
description: Build and update task definition
inputs:
  aws_region: 
    default: ap-northeast-1
  aws_role_arn:
    require: true
  git_user_name:
    require: true
  git_user_email: 
    require: true
  git_personal_access_token:
    require: true
  deploy_ssh_key:
    default: ""
  task_definition_repo:
    require: true
  task_definition_repo_ref:
    require: true
  task_definition_file:
    require: true
  target: 
    require: true
  build_args: 
    default: ""
  ecr_repository: 
    require: true
  gitsha_image_tag:
    require: true
  target_image_tag:
    require: true
  container_name:
    require: true

runs:
  using: "composite"
  steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS Credentials From Web Identity
      uses: aws-actions/configure-aws-credentials@v1-node16
      with:
        role-to-assume: ${{ inputs.aws_role_arn }}
        aws-region: ${{ inputs.aws_region }}

    - name: Login to ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to ECR
      id: build
      shell: bash
      run: |
        # Image URL
        GITSHA_IMAGE_URL=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr_repository }}:${{ inputs.gitsha_image_tag }}
        TARGET_IMAGE_URL=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr_repository }}:${{ inputs.target_image_tag }}
        # SSHエージェント起動
        eval "$(ssh-agent)"
        # SSHエージェントにキーを登録
        # golangのビルド時に、private repositoryにあるパッケージを参照する際に必要
        if [ "${{ inputs.deploy_ssh_key }}" != "" ]; then
          echo "${{ inputs.deploy_ssh_key }}" > deploy_ssh_key
          chmod 600 deploy_ssh_key
          ssh-add -k deploy_ssh_key
        fi
        # Docker build
        DOCKER_BUILDKIT=1 docker build \
          --ssh default \
          --target ${{ inputs.target }} \
          ${{ inputs.build_args }} \
          -t $GITSHA_IMAGE_URL \
          .
        # Docker push
        docker tag $GITSHA_IMAGE_URL $TARGET_IMAGE_URL
        docker push $TARGET_IMAGE_URL

    - name: Checkout task definition repository
      uses: actions/checkout@v3
      with:
        repository: ${{ github.repository_owner }}/${{ inputs.task_definition_repo }}
        ref: ${{ inputs.task_definition_repo_ref }}
        token: ${{ inputs.git_personal_access_token }}
        path: task-definitions

    - name: Update task definition
      uses: nick-fields/retry@v2
      with:
        max_attempts: 3
        timeout_seconds: 15
        retry_on: error
        shell: bash
        command: |
          cd task-definitions
          git config --local user.email ${{ inputs.git_user_email }}
          git config --local user.name ${{ inputs.git_user_name }}
          git config pull.rebase false
          mv ${{ inputs.task_definition_file }} tmp.json
          IMAGE_URL=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr_repository }}:${{ inputs.target_image_tag }}
          cat tmp.json | jq '(.containerDefinitions[] | select(.name == "${{ inputs.container_name }}") | .image) |= "'$IMAGE_URL'"' > ${{ inputs.task_definition_file }}
          cat ${{ inputs.task_definition_file }}
          git pull
          git add ${{ inputs.task_definition_file }}
          git commit -m "[UpdateImageTag] ${{ inputs.task_definition_file }} ${{ inputs.container_name }} ${{ inputs.target_image_tag }}"
          git push