Skip to content

remote sql same as prod for GHA purposes...? #23

remote sql same as prod for GHA purposes...?

remote sql same as prod for GHA purposes...? #23

name: Build and Publish Images to GCR
on:
pull_request:
branches: [main]
workflow_call:
outputs:
image_name:
value: ${{ jobs.build_and_publish_images.outputs.image_name }}
description: "Name of the image that was built and pushed to Google's Container Registry"
short_sha_tag:
value: ${{ jobs.build_and_publish_images.outputs.short_sha_tag }}
description: "short_sha_tag"
workflow_dispatch: {}
jobs:
build_and_publish_images:
name: "Build and Publish Images"
runs-on: ubuntu-latest
strategy:
matrix:
service:
- worker
- website
permissions:
id-token: write
contents: read
outputs:
image_name: ${{ fromJSON(steps.publish.outputs.metadata)['image.name'] }}
short_sha_tag: ${{ steps.record_summary.outputs.short_sha_tag }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Authenticate to Google Cloud
if: github.event_name != 'pull_request'
uses: google-github-actions/auth@v2
id: auth
with:
workload_identity_provider: "projects/567739286055/locations/global/workloadIdentityPools/los-verdes-digital-membership/providers/los-verdes-digital-membership"
service_account: "[email protected]"
access_token_scopes: "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/devstorage.read_write"
token_format: access_token
- name: Login to GCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: gcr.io
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Generate Docker Tags
id: meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
"${{ vars.CONTAINER_IMAGE_REPO }}/${{ matrix.service }}"
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
- name: Build and Push to GCR
id: publish
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
target: ${{ matrix.service }}
# Using native GitHub action caching as shown here:
# https://github.com/docker/build-push-action/issues/252#issuecomment-889339470
cache-from: type=gha,scope=$${{ github.workflow }}
cache-to: type=gha,scope=$${{ github.workflow }},mode=max
- name: Record Step Summary
id: record_summary
env:
image_details: "${{ steps.publish.outputs.metadata }}"
image_id: "${{ steps.publish.outputs.imageid }}"
image_name: "${{ fromJSON(steps.publish.outputs.metadata)['image.name'] }}"
metadata: "${{ steps.meta.outputs.json }}"
run: |
echo "short_sha_tag=$(git rev-parse --short HEAD)" | tee -a $GITHUB_OUTPUT
cat << SUMMARY | tee --append "$GITHUB_STEP_SUMMARY"
## Image Build - ${{ matrix.service }}
- **ID / Digest**:
\`$image_id\`
- **Image Name**:
\`$image_name\`
### Details
<details>
<summary>Expand Metadata</summary>
\`\`\`json
$(jq -r '.' <<<"$metadata")
\`\`\`
</details>
<details>
<summary>Expand Image Details</summary>
\`\`\`json
$(jq -r '.' <<<"$image_details")
\`\`\`
</details>
SUMMARY