deploy-to-ecr.yaml

name: Build Docker image and push

on:
  workflow_call:
    inputs:
      aws_account_id:
        required: true
        description: Destination AWS Account
        type: string

      environment:
        required: true
        description: "Build environment, effects image tag prefix."
        type: string

      runs-on:
        required: false
        description: 'Platform to execute on. Default ["self-hosted", "cere-io-large"]'
        type: string
        default: '["self-hosted", "cere-io-large"]'

      aws_region:
        required: false
        description: "Destination AWS region. Default us-west-2"
        type: string
        default: 'us-west-2'

      file:
        required: false
        description: "Path to the Dockerfile. Default: ./Dockerfile"
        type: string
        default: './Dockerfile'

      context:
        required: false
        description: "Build's context. Defaults ./"
        type: string
        default: './'

      repository:
        required: false
        description: "Image repository. Defaults to github repository name."
        type: string
        default: ${{ github.event.repository.name }}

      custom_tag:
        required: false
        description: "Additional custom tag for the built docker image."
        type: string
        default: ''

      build_artifact:
        required: false
        description: "Additional Persistent artifact from another job."
        type: string
        default: ''

      configure_host_command:
        required: false
        description: "Additional command to configure host"
        type: string
        default: ''

      timeout:
        required: false
        description: "Timeout in minutes for the job execution. Defaults 15."
        type: number
        default: 15

      tmate_on:
        required: false
        description: ''
        type: boolean
        default: false

    secrets:
      NPM_TOKEN:
        required: false
      DB_PASSWORD:
        required: false
      DB_USER:
        required: false
      DOCKERHUB_USERNAME:
        required: false
      DOCKERHUB_TOKEN:
        required: false


    outputs:
      version:
        description: Docker image tag.
        value: ${{ jobs.deploy-to-ecr.outputs.version }}

jobs:
  deploy-to-ecr:
    name: Build docker image, push to ECR.
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    permissions:
      contents: read
      id-token: write

    timeout-minutes: ${{ inputs.timeout }}

    steps:
      - uses: actions/checkout@v3

      - uses: actions/download-artifact@v3
        if: ${{ inputs.artifact != '' }}
        with:
          name: ${{ inputs.build_artifact }}

      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github
          role-session-name: ${{ github.event.repository.name }}
          aws-region: ${{ inputs.aws_region }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Configure host
        if: ${{ inputs.configure_host_command != '' }}
        run: ${{ inputs.configure_host_command }}
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN_READ }}

      - name: Setup tmate session
        if: ${{ inputs.tmate_on }}
        uses: mxschmitt/action-tmate@v3
        with:
          detached: true
          limit-access-to-actor: false

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Process version
        id: version
        run: |
          echo "image_tag=${{ inputs.environment }}-${{ github.run_attempt}}-$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"

      - name: Custom image tag
        if: ${{ inputs.custom_tag != '' }}
        run: |
          echo "custom_image_full_tag=${{ steps.login-ecr.outputs.registry }}/${{ inputs.repository }}:${{ inputs.custom_tag }}" >> "$GITHUB_ENV"

      - name: Build and push docker image to ECR
        uses: docker/build-push-action@v3
        with:
          context: ${{ inputs.context }}
          file: ${{ inputs.file }}
          push: true
          no-cache: true
          build-args: |
            NPM_TOKEN=${{ secrets.NPM_TOKEN_READ }}
            ENV_FILE_NAME=${{ inputs.environment }}
            DB_PASSWORD=${{ secrets.DB_PASSWORD }}
            DB_USER=${{ secrets.DB_USER }}
          tags: |
            ${{ steps.login-ecr.outputs.registry }}/${{ inputs.repository }}:${{ env.image_tag }}
            ${{ env.custom_image_full_tag }}

    outputs:
      version: ${{ env.image_tag }}