feat(ci): Docker build rework #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| branches: [main, 'release-*', 'pre-release-*'] | |
| push: | |
| branches: [main, 'release-*', 'pre-release-*'] | |
| workflow_dispatch: | |
| inputs: | |
| projects: | |
| description: 'Comma-separated list of project names to build.' | |
| required: true | |
| concurrency: | |
| group: docker-build-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash -euo pipefail {0} | |
| env: | |
| PUSH_REGISTRY: ${{ vars.PUSH_REGISTRY }} | |
| DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY || 'docker.io' }} | |
| jobs: | |
| prepare_matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create matrix from input | |
| id: set-matrix | |
| run: | | |
| # Create a list of objects of the form: | |
| # [ | |
| # { | |
| # "name": "services-my-service", | |
| # "docker": "next|nest|mytype" | |
| # }, | |
| # ... | |
| # ] | |
| echo "matrix=$(git ls-files '**/project.json' | | |
| xargs cat | \ | |
| jq -s -c '{ include: [ | |
| .[] | |
| | { | |
| project: .name, | |
| docker: (.targets | keys | map(select(startswith("docker-"))) | map(sub("^docker-"; "")) | .[]) | |
| } | |
| ] | |
| }')" >>"$GITHUB_OUTPUT" | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: prepare_matrix | |
| strategy: | |
| fail-fast: true | |
| matrix: ${{ fromJson(needs.prepare_matrix.outputs.matrix) }} | |
| max-parallel: 1 | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| steps: | |
| - name: Debug inputs | |
| run: | | |
| echo "Matrix: ${{ toJSON(matrix) }}" | |
| - name: Check out repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| if: ${{ !env.ACT && env.PUSH_REGISTRY && env.PUSH_REGISTRY != 'ghcr.io' }} | |
| id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ vars.AWS_ECR_ROLE }} | |
| role-session-name: docker-build | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Log in to Amazon ECR | |
| if: ${{ steps.aws-creds.conclusion == 'success' }} | |
| id: ecr-login | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Log in to Docker | |
| if: ${{ !env.ACT && env.PUSH_REGISTRY == 'ghcr.io' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # Infix a slash when PUSH_REGISTRY is non-empty | |
| images: | | |
| ${{ env.PUSH_REGISTRY }}${{ env.PUSH_REGISTRY && '/' || '' }}${{ github.repository }}/${{ matrix.project }} | |
| tags: | | |
| type=ref,event=branch | |
| # Git SHA | |
| type=sha,format=short | |
| type=sha,format=long | |
| # SemVer by tag (e.g. v1.2.3) | |
| type=semver,pattern={{version}} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: scripts/ci/Dockerfile | |
| push: ${{ !env.ACT }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| build-args: | | |
| NODE_IMAGE_TAG=latest | |
| DOCKER_REGISTRY=${{ env.DOCKER_REGISTRY }} |