diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d5dbb94..3bc9bdb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,34 +4,50 @@ name: docker-build-push on: workflow_call: inputs: - registry: - required: true + provider: + required: false type: string images: - required: true + required: false type: string - aws-region: - required: true + aws_region: + required: false type: string ECR_REPOSITORY: - required: true + required: false type: string IMAGE_TAG: - required: true + required: false + type: string + BUILD_PATH: + required: false + type: string + default: '.' + WORKING_DIRECTORY: + required: false + type: string + assume_role_arn: + required: false type: string secrets: AWS_ACCESS_KEY_ID: - description: 'aws access keys' - required: true + required: false + description: 'AWS Access Key ID to install AWS CLI.' + BUILD_ROLE: + required: false + description: 'AWS OIDC role for aws authentication.' AWS_SECRET_ACCESS_KEY: - description: 'aws secret access keys' - required: true + required: false + description: 'AWS Secret access key to install AWS CLI' + AWS_SESSION_TOKEN: + required: false + description: 'AWS Session Token to install AWS CLI' DOCKERHUB_USERNAME: description: 'dockerhub username' - required: true + required: false DOCKERHUB_PASSWORD: description: 'dockerhub password' - required: true + required: false jobs: build-image: @@ -44,54 +60,71 @@ jobs: uses: actions/checkout@v4 - name: Login to Docker Hub + if: ${{ inputs.provider == 'DOCKERHUB' }} uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Push docker image to DOCKERHUB - if: ${{ inputs.registry == 'DOCKERHUB' }} + if: ${{ inputs.provider == 'DOCKERHUB' }} env: IMAGE_TAG: ${{ inputs.IMAGE_TAG }} images: ${{ inputs.images }} + BUILD_PATH: ${{ inputs.BUILD_PATH }} run: | - docker build -t $images:$IMAGE_TAG . + docker build -t $images:$IMAGE_TAG $BUILD_PATH docker push $images:$IMAGE_TAG - name: Configure AWS credentials + if: ${{ inputs.provider == 'aws' }} uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ inputs.aws-region }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} + role-to-assume: ${{ secrets.BUILD_ROLE }} + aws-region: ${{ inputs.aws_region }} + role-duration-seconds: ${{ inputs.role-duration-seconds }} + role-skip-session-tagging: true + + - name: Verify awscli + if: ${{ inputs.provider == 'aws' }} + run: | + aws sts get-caller-identity + - name: Login to Amazon ECR + if: ${{ inputs.provider == 'aws' }} id: login-ecr uses: aws-actions/amazon-ecr-login@v2 - name: Push docker image to Amazon ECR - if: ${{ inputs.registry == 'ECR' }} + if: ${{ inputs.provider == 'aws' }} id: docker-build env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }} IMAGE_TAG: ${{ inputs.IMAGE_TAG }} + BUILD_PATH: ${{ inputs.BUILD_PATH }} + working-directory: ${{ inputs.WORKING_DIRECTORY }} run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $BUILD_PATH docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - name: Push docker image to Amazon ECR and DOCKERHUB - if: ${{ inputs.registry == 'DOCKERHUB,ECR' }} + if: ${{ inputs.provider == 'DOCKERHUB,aws' }} env: ## For ECR env variable ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }} IMAGE_TAG: ${{ inputs.IMAGE_TAG }} + BUILD_PATH: ${{ inputs.BUILD_PATH }} ## For DOCKERHUB env variable images: ${{ inputs.images }} run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $BUILD_PATH docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker build -t $images:$IMAGE_TAG . + docker build -t $images:$IMAGE_TAG $BUILD_PATH docker push $images:$IMAGE_TAG ...