remote sql same as prod for GHA purposes...? #23
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish Images to GCR | |
on: | |
pull_request: | |
branches: [main] | |
workflow_call: | |
outputs: | |
image_name: | |
value: ${{ jobs.build_and_publish_images.outputs.image_name }} | |
description: "Name of the image that was built and pushed to Google's Container Registry" | |
short_sha_tag: | |
value: ${{ jobs.build_and_publish_images.outputs.short_sha_tag }} | |
description: "short_sha_tag" | |
workflow_dispatch: {} | |
jobs: | |
build_and_publish_images: | |
name: "Build and Publish Images" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
service: | |
- worker | |
- website | |
permissions: | |
id-token: write | |
contents: read | |
outputs: | |
image_name: ${{ fromJSON(steps.publish.outputs.metadata)['image.name'] }} | |
short_sha_tag: ${{ steps.record_summary.outputs.short_sha_tag }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Authenticate to Google Cloud | |
if: github.event_name != 'pull_request' | |
uses: google-github-actions/auth@v2 | |
id: auth | |
with: | |
workload_identity_provider: "projects/567739286055/locations/global/workloadIdentityPools/los-verdes-digital-membership/providers/los-verdes-digital-membership" | |
service_account: "[email protected]" | |
access_token_scopes: "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/devstorage.read_write" | |
token_format: access_token | |
- name: Login to GCR | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Generate Docker Tags | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
"${{ vars.CONTAINER_IMAGE_REPO }}/${{ matrix.service }}" | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
- name: Build and Push to GCR | |
id: publish | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
builder: ${{ steps.buildx.outputs.name }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
target: ${{ matrix.service }} | |
# Using native GitHub action caching as shown here: | |
# https://github.com/docker/build-push-action/issues/252#issuecomment-889339470 | |
cache-from: type=gha,scope=$${{ github.workflow }} | |
cache-to: type=gha,scope=$${{ github.workflow }},mode=max | |
- name: Record Step Summary | |
id: record_summary | |
env: | |
image_details: "${{ steps.publish.outputs.metadata }}" | |
image_id: "${{ steps.publish.outputs.imageid }}" | |
image_name: "${{ fromJSON(steps.publish.outputs.metadata)['image.name'] }}" | |
metadata: "${{ steps.meta.outputs.json }}" | |
run: | | |
echo "short_sha_tag=$(git rev-parse --short HEAD)" | tee -a $GITHUB_OUTPUT | |
cat << SUMMARY | tee --append "$GITHUB_STEP_SUMMARY" | |
## Image Build - ${{ matrix.service }} | |
- **ID / Digest**: | |
\`$image_id\` | |
- **Image Name**: | |
\`$image_name\` | |
### Details | |
<details> | |
<summary>Expand Metadata</summary> | |
\`\`\`json | |
$(jq -r '.' <<<"$metadata") | |
\`\`\` | |
</details> | |
<details> | |
<summary>Expand Image Details</summary> | |
\`\`\`json | |
$(jq -r '.' <<<"$image_details") | |
\`\`\` | |
</details> | |
SUMMARY |