Build and Push to ECR #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_run: | |
| workflows: | |
| - "Check Code Quality" | |
| branches: | |
| - main | |
| types: | |
| - completed | |
| release: | |
| types: | |
| - published | |
| name: Build and Push to ECR | |
| jobs: | |
| build-and-push: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' || github.event.action == 'published' }} | |
| name: Build and Push | |
| environment: ${{ startsWith(github.ref, 'refs/tags/') && 'prod' || 'dev' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.get-version.outputs.version }} | |
| commit: ${{ steps.get-commit-id.outputs.commit }} | |
| environment: ${{ steps.set-environment.outputs.environment }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Configure Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 16.13 | |
| registry-url: 'https://npm.pkg.github.com' | |
| scope: '@zeplin' | |
| cache: 'npm' | |
| - id: get-commit-id | |
| name: Get commit id | |
| run: echo "commit=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
| - name: Create revision file | |
| run: echo $(date +%s)-${{ steps.get-commit-id.outputs.commit }} >./revision.txt | |
| - id: get-version | |
| name: Get version | |
| run: echo "version=${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || '' }}" >> $GITHUB_OUTPUT | |
| - name: Set package version | |
| if: ${{ steps.get-version.outputs.version }} # ${GITHUB_REF} does not have a tag if this is not set above | |
| run: npm version ${GITHUB_REF#refs/tags/v} --no-git-tag-version --allow-same-version | |
| - id: set-environment | |
| name: Set environment | |
| run: echo "environment=${{ startsWith(github.ref, 'refs/tags/') && 'prod' || 'dev' }}" >> $GITHUB_OUTPUT | |
| - name: Install all dependencies | |
| run: npm ci --ignore-scripts | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| - name: Run post install scripts of dependencies | |
| run: npm rebuild && npm run prepare --if-present | |
| - name: Build | |
| run: npm run build | |
| env: | |
| NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_PROD }} | |
| NEXT_PUBLIC_IS_SENTRY_ENABLED: ${{ secrets.NEXT_PUBLIC_IS_SENTRY_ENABLED_PROD }} | |
| NEXT_PUBLIC_ZEPLIN_WEB_APP_BASE_URL: ${{ secrets.NEXT_PUBLIC_ZEPLIN_WEB_APP_BASE_URL_PROD }} | |
| NEXT_PUBLIC_ZEPLIN_APP_URI_SCHEME: ${{ secrets.NEXT_PUBLIC_ZEPLIN_APP_URI_SCHEME_PROD }} | |
| NEXT_PUBLIC_ENVIRONMENT: ${{ inputs.environment }} | |
| - name: Install dependencies without devDependencies | |
| run: npm ci --omit=dev --ignore-scripts | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| - name: Run post install scripts of dependencies | |
| run: npm rebuild && npm run prepare --if-present | |
| - name: Build and push Docker image to AWS ECR | |
| run: | | |
| REPO="${{ vars.AWS_ACCOUNT_ID || '915497967985' }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com" | |
| IMAGE="$REPO/microsoft-teams-app:${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || steps.get-commit-id.outputs.commit }}" | |
| IMAGE_WITH_ENV_TAG="$REPO/microsoft-teams-app:${{ steps.set-environment.outputs.environment }}" | |
| docker build -t $IMAGE . | |
| docker tag $IMAGE $IMAGE_WITH_ENV_TAG | |
| aws ecr get-login-password --region ${{ vars.AWS_REGION }} | docker login --username AWS --password-stdin $REPO | |
| docker push $IMAGE | |
| docker push $IMAGE_WITH_ENV_TAG | |
| - name: Trigger infra workflow to deploy new image version | |
| run: | | |
| JSON_DATA=$( | |
| jq -n -c \ | |
| --arg a "${{ env.APP_NAME }}" \ | |
| --arg b "${{ github.ref_name }}" \ | |
| --arg t "${{ github.ref_name }}" \ | |
| --arg v "${{ steps.get-version.outputs.version }}" \ | |
| --arg c "${{ steps.get-commit-id.outputs.commit }}" \ | |
| --arg e "${{ steps.set-environment.outputs.environment }}" \ | |
| --arg n "${{ vars.NEWRELIC_APPLICATION_GUID }}" \ | |
| --arg s "${{ env.APP_NAME }}" \ | |
| '{"app-name": $a, "branch": $b, "version": $v, "tag": $t, "commit-id": $c, "environment": $e, "newrelic-guid": $n, "sentry-project": $s }' | |
| ) | |
| echo $JSON_DATA | gh workflow run deploy-app.yaml --repo zeplin/infra --json | |
| echo "Workflow is triggered: https://github.com/zeplin/infra/actions/workflows/deploy-app.yaml" | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| APP_NAME: microsoft-teams-app |