Skip to content

Toolkit

Toolkit #300

Workflow file for this run

name: Toolkit
on:
workflow_dispatch: {}
schedule:
- cron: "30 2 * * *" # 2:30AM UTC, 7:30PM PST
jobs:
git:
runs-on: [ubuntu-22.04]
steps:
- name: Checkout
uses: actions/checkout@v4
aws:
runs-on: [ubuntu-22.04]
permissions:
id-token: write # Necessary to get aws creds via oidc token exchange
contents: read
steps:
- name: AWS us-east-1 credentials
uses: aws-actions/configure-aws-credentials@v4
with:
# Defined at https://github.com/holos-run/holos-infra/blob/main/terraform/projects/nonprod-holos/shared_services/aws/github_oidc/main.tf#L90-L106
role-to-assume: arn:aws:iam::271053619184:role/gha-app-role
aws-region: us-east-1
output-credentials: true
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: AWS us-east2 credentials
uses: aws-actions/configure-aws-credentials@v4
with:
# Defined at https://github.com/holos-run/holos-infra/blob/main/terraform/projects/nonprod-holos/shared_services/aws/github_oidc/main.tf#L90-L106
role-to-assume: arn:aws:iam::271053619184:role/gha-app-role
aws-region: us-east-2
output-credentials: true
- name: Login to Amazon ECR Private
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Docker Login
id: docker-login
run: |
echo -n ${{ steps.login-ecr.outputs.docker_password_271053619184_dkr_ecr_us_east_2_amazonaws_com }} | docker login --password-stdin --username ${{ steps.login-ecr.outputs.docker_username_271053619184_dkr_ecr_us_east_2_amazonaws_com }} ${{ steps.login-ecr.outputs.registry }}
echo -n ${{ steps.login-ecr-public.outputs.docker_password_public_ecr_aws }} | docker login --password-stdin --username ${{ steps.login-ecr-public.outputs.docker_username_public_ecr_aws }} ${{ steps.login-ecr-public.outputs.registry }}
echo "docker-config=$(cat ~/.docker/config.json | base64 -w 0)" >> $GITHUB_OUTPUT
outputs:
registry: ${{ steps.login-ecr.outputs.registry }}
docker-config: ${{ steps.docker-login.outputs.docker-config }}
kaniko:
needs: [git, aws]
runs-on: [ubuntu-22.04]
container:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
permissions:
contents: read # read the repository
steps:
- name: Build and push container image
run: |
# Kaniko
echo -n ${{ needs.aws.outputs.docker-config }} | base64 -d > /kaniko/.docker/config.json
# Configure git credentials to access github private repositories.
export GIT_USERNAME='holos-server-go'
export GIT_PASSWORD='${{ secrets.GITHUB_TOKEN }}'
# Build and push
/kaniko/executor --dockerfile=toolkit/Dockerfile \
--context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \
--destination=${{ needs.aws.outputs.registry }}/holos-run/container-images/toolkit:latest \
--push-retry 5 \
--image-name-with-digest-file /workspace/image-digest.txt
# Make this an artifact?
cat /workspace/image-digest.txt