Skip to content

reduce

reduce #197

name: Build and push image
on:
push:
branches:
- staging
- master
workflow_dispatch:
permissions:
id-token: write # Required for requesting the JWT
contents: read # Required for actions/checkout
security-events: write # Required for uploading security scan results
env:
ECR_REPOSITORY_URL_APP: "${{ secrets.IMAGE_REGISTRY_URL }}/defi-providers"
ECR_REPOSITORY_URL_INFRA: "${{ secrets.IMAGE_REGISTRY_URL }}/defi-providers-infra"
IMAGE_TAG: "${{ github.ref_name }}-${{ github.sha }}"
MANIFESTS_PATH: "${{ github.ref_name == 'master' && './kubernetes/production' || './kubernetes/staging' }}"
AWS_DEFAULT_REGION: eu-central-1
AWS_IAM_ROLE_GITHUB: "${{ secrets.AWS_IAM_ROLE_GITHUB }}"
jobs:
build:
name: Build and push image
runs-on: dappradar-kubernetes-runner
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
role-to-assume: ${{ env.AWS_IAM_ROLE_GITHUB }}
- name: Authenticate to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: kubernetes
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
tags: "${{ env.ECR_REPOSITORY_URL_APP }}:${{ env.IMAGE_TAG }}"
push: false
- name: Push Docker image
uses: docker/build-push-action@v5
with:
context: .
tags: "${{ env.ECR_REPOSITORY_URL_APP }}:${{ env.IMAGE_TAG }}"
push: true
- name: Bake and push manifests
run: |
kubectl kustomize $MANIFESTS_PATH | \
envsubst '$CONTAINER_IMAGE' | \
flux push artifact oci://$OCI_IMAGE_URL_INFRA -f - \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" \
--provider=aws && \
flux tag artifact oci://$OCI_IMAGE_URL_INFRA \
--tag $GITHUB_REF_NAME \
--provider aws
env:
OCI_IMAGE_URL_INFRA: "${{ env.ECR_REPOSITORY_URL_INFRA }}:${{ env.IMAGE_TAG }}"
CONTAINER_IMAGE: "${{ env.ECR_REPOSITORY_URL_APP }}:${{ env.IMAGE_TAG }}"