DECODE_Cloud_UserAPI/.github/workflows/publish-version-ecr.yaml at main · ries-lab/DECODE_Cloud_UserAPI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: Publish version to AWS ECR

on:
  workflow_dispatch:  # manual trigger to publish prod/dev version
  workflow_run:  # trigger on GH version to publish prod version
    workflows: ["Publish version to GitHub"]
    types:
      - completed
    branches:
      - main

jobs:
  build-and-push:
    name: Build and push Docker image
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set version
        id: set-version
        run: |
          if [ "${{ github.event_name }}" == "workflow_run" ]; then
            POETRY_VERSION=$(grep -E '^requires-poetry = ' pyproject.toml | sed -E 's/requires-poetry = "(.*)"/\1/')
            pip install poetry==$POETRY_VERSION
            PROD=true
            VERSION=$(poetry version -s)
            REF=refs/tags/$VERSION
          else
            REF=$GITHUB_REF
            if [[ "$GITHUB_REF" == refs/tags/* ]]; then
              PROD=true
              VERSION=${GITHUB_REF#refs/tags/}
            else
              PROD=false
              VERSION=dev-${GITHUB_REF#refs/heads/}-${GITHUB_SHA::7}
            fi
          fi
          echo "PROD=$PROD" >> $GITHUB_OUTPUT
          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
          echo "REF=$REF" >> $GITHUB_OUTPUT

      # on main, we do not want necessarily the latest commit, but the one that was tagged
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          ref: ${{ steps.set-version.outputs.REF }}
          fetch-depth: 0

      - name: Get Python version
        id: get-python-version
        run: |
          pip install toml
          PYTHON_VERSION=$(python -c 'import scripts.vars; scripts.vars.get_python_version()')
          echo "PYTHON_VERSION=$PYTHON_VERSION" >> $GITHUB_OUTPUT

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1  # required for Public ECR

      - name: Login to AWS Public ECR
        uses: aws-actions/amazon-ecr-login@v1
        with:
          registry-type: public

      - name: Build and push Docker image
        id: build-and-push
        env:
          VERSION: ${{ steps.set-version.outputs.VERSION }}
          PROD: ${{ steps.set-version.outputs.PROD }}
          ECR_REGISTRY: public.ecr.aws/w2b7b8c0
          ECR_REPOSITORY: decode-cloud/user-api
          PYTHON_VERSION: ${{ steps.get-python-version.outputs.PYTHON_VERSION }}
        run: |
          if ! aws ecr-public describe-repositories --repository-names $ECR_REPOSITORY --region us-east-1 2>/dev/null; then
            aws ecr-public create-repository --repository-name $ECR_REPOSITORY --region us-east-1
          fi
          IMAGE_REF=$ECR_REGISTRY/$ECR_REPOSITORY:$VERSION
          echo "IMAGE_REF=$IMAGE_REF" >> $GITHUB_OUTPUT
          if docker manifest inspect $IMAGE_REF > /dev/null 2>&1; then
            NEW_IMAGE=false
            echo "Image $IMAGE_REF already exists, nothing pushed" >> $GITHUB_STEP_SUMMARY
          else
            NEW_IMAGE=true
            docker build --build-arg PYTHON_VERSION=$PYTHON_VERSION -t $IMAGE_REF .
            docker push $IMAGE_REF
            echo "## 🚀 Published Docker Image: $IMAGE_REF" >> $GITHUB_STEP_SUMMARY
            if [[ $PROD == "true" ]]; then
              SET_LATEST=true
              LATEST_EXISTS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest > /dev/null 2>&1 && echo "true" || echo "false")
              if [[ $LATEST_EXISTS == "true" ]]; then
                LATEST_LABELS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest | grep -o '"org.opencontainers.image.version":"[^"]*"' | cut -d'"' -f4 || echo "")
                if printf '%s\n%s\n' "$LATEST_LABELS" "$VERSION" | sort -V | head -n1 | grep -q "^$VERSION$"; then
                  SET_LATEST=false
                fi
              fi
              if [[ $SET_LATEST == "true" ]]; then
                docker tag $IMAGE_REF $ECR_REGISTRY/$ECR_REPOSITORY:latest
                docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
                echo "Also tagged as: \`$ECR_REGISTRY/$ECR_REPOSITORY:latest\`" >> $GITHUB_STEP_SUMMARY
              fi
            fi
          fi
          echo "NEW_IMAGE=$NEW_IMAGE" >> $GITHUB_OUTPUT

      - name: Add to GH release
        if: steps.build-and-push.outputs.NEW_IMAGE == 'true' && steps.set-version.outputs.PROD == 'true'
        uses: tubone24/update_release@v1.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAG_NAME: ${{ steps.set-version.outputs.VERSION }}
        with:
          body: "**Published image (AWS ECR Public):** `${{ steps.build-and-push.outputs.IMAGE_REF }}`"
          is_append_body: true