diff --git a/build/depot/action.yml b/build/depot/action.yml new file mode 100644 index 0000000..575d1de --- /dev/null +++ b/build/depot/action.yml @@ -0,0 +1,108 @@ +name: Docker Build using Depot + +inputs: + # Build + context: + description: 'Docker context for the build' + required: false + default: '.' + dockerfile: + description: 'Path to Dockerfile' + required: false + default: 'Dockerfile' + push: + description: 'Whether to push the image to the registry' + required: true + default: 'true' + tag: + description: 'Optional Docker tag' + required: false + default: '' + + # Custom variables + sentry-auth-token: + description: 'Auth token for sentry (optional)' + required: false + minify: + description: 'Whether to minify the build' + required: false + default: true + + # Deploy + repository: + description: 'Name of the ECR repository' + required: true + aws-role: + description: 'AWS Role to assume' + required: true + default: arn:aws:iam::986677156374:role/actions/build/container_pusher + aws-region: + description: 'AWS Region' + required: true + default: us-east-1 + depot-project: + description: 'Depot project name' + required: true + default: '' + +runs: + using: 'composite' + steps: + - uses: aws-actions/configure-aws-credentials@v3 + with: + role-session-name: container_pusher + role-to-assume: ${{ inputs.aws-role }} + aws-region: ${{ inputs.aws-region }} + + - uses: aws-actions/amazon-ecr-login@v1 + id: ecr + with: + mask-password: true + + - uses: docker/metadata-action@v4 + id: meta + with: + images: ${{ steps.ecr.outputs.registry }}/${{ inputs.repository }} + flavor: | + latest=false + tags: | + type=raw,enable=${{ inputs.tag != '' }},value=${{ inputs.tag }} + type=semver,pattern={{version}} + type=sha,enable=${{ !startsWith(github.ref, 'refs/tags') }},prefix=,format=long + + - name: Set BUILD_DATE + id: meta_date + shell: bash + run: | + export TZ=America/Toronto + echo "timestamp=$(date +"%Y-%m-%d %H:%M:%S")" >> "$GITHUB_OUTPUT" + + - name: Create ECR Registry + shell: bash + env: + ECR_REPOSITORY: ${{ inputs.repository }} + ECR_REGISTRY: ${{ steps.ecr.outputs.registry }} + run: | + aws --version + aws ecr create-repository --repository-name $ECR_REPOSITORY || true + aws ssm get-parameter --name '/cloud/container-registry/ecr-policy-document' --query 'Parameter.Value' | jq -r > repository-policy.json + aws ecr set-repository-policy --repository-name $ECR_REPOSITORY --policy-text file://repository-policy.json &> /dev/null + + - name: Set up Depot CLI + uses: depot/setup-action@v1 + + - uses: depot/build-push-action@v1 + with: + build-args: | + SENTRY_AUTH_TOKEN=${{ inputs.sentry-auth-token }} + SENTRY_ORGANIZATION_SLUG=botpress-rm + SENTRY_RELEASE=${{ github.sha }} + MINIFY=${{ inputs.minify }} + DOCKER_TAG=${{ inputs.tag }} + BUILD_DATE=${{ steps.meta_date.outputs.timestamp }} + file: ${{ inputs.dockerfile }} + context: ${{ inputs.context }} + push: ${{ inputs.push }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + project: ${{ inputs.depot-project }} diff --git a/build/docker/action.yml b/build/docker/action.yml index ebbafa3..ffeb383 100644 --- a/build/docker/action.yml +++ b/build/docker/action.yml @@ -1,21 +1,37 @@ name: Docker to ECR description: Push Docker image to ECR inputs: - push: - description: 'Push to registry' - required: true - default: 'true' - repository: - description: 'Repository name' - required: true + # Build context: description: 'Docker context for the build' - required: true + required: false default: '.' dockerfile: description: 'Path to Dockerfile' + required: false + default: 'Dockerfile' + push: + description: 'Whether to push the image to the registry' required: true + default: 'true' + tag: + description: 'Optional Docker tag' + required: false default: '' + + # Custom variables + sentry-auth-token: + description: 'Auth token for sentry (optional)' + required: false + minify: + description: 'Whether to minify the build' + required: false + default: true + + # Deploy + repository: + description: 'Name of the ECR repository' + required: true aws-role: description: 'AWS Role to assume' required: true @@ -24,10 +40,6 @@ inputs: description: 'AWS Region' required: true default: us-east-1 - tag: - description: 'Optional Docker tag' - required: false - default: '' runs: using: 'composite' @@ -42,6 +54,8 @@ runs: - uses: aws-actions/amazon-ecr-login@v1 id: ecr + with: + mask-password: true - uses: docker/metadata-action@v4 id: meta @@ -76,13 +90,17 @@ runs: env: DOCKER_BUILDKIT: '1' with: - context: ${{ inputs.context }} + build-args: | + SENTRY_AUTH_TOKEN=${{ inputs.sentry-auth-token }} + SENTRY_ORGANIZATION_SLUG=botpress-rm + SENTRY_RELEASE=${{ github.sha }} + MINIFY=${{ inputs.minify }} + DOCKER_TAG=${{ inputs.tag }} + BUILD_DATE=${{ steps.meta_date.outputs.timestamp }} file: ${{ inputs.dockerfile }} + context: ${{ inputs.context }} push: ${{ inputs.push }} cache-from: type=gha cache-to: type=gha,mode=max tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - build-args: | - DOCKER_TAG=${{ inputs.tag }} - BUILD_DATE=${{ steps.meta_date.outputs.timestamp }} diff --git a/full-service-deploy/action.yml b/full-service-deploy/action.yml new file mode 100644 index 0000000..18e7582 --- /dev/null +++ b/full-service-deploy/action.yml @@ -0,0 +1,89 @@ +name: 'Full Service Deploy' +description: 'Checks out code, gets commit SHA, optionally tags, builds image and deploys to ECS' + +inputs: + # Checkout + ref: + required: false + default: '' + description: 'Git ref to checkout (branch, commit, tag). default is the current SHA' + + # Build + dockerfile: + description: 'Path to Dockerfile' + required: true + context: + description: 'Docker context for the build' + required: true + default: '.' + repository: + description: 'ECR repository name' + required: true + environment: + description: 'Environment to deploy (staging or production)' + required: true + create-tag: + description: 'Create a tag for the service with the date/time (ex: when deploying to prod)' + required: false + default: 'false' + sentry-auth-token: + description: 'Sentry auth token (optional)' + required: false + + # Deploy + service: + description: 'Name of the ECS service to deploy (must be in services.json in the repository)' + required: true + role-ecs-update: + description: 'Role for the ECS update (skynet_infra_update, sauron_infra_update, realtime_infra_update)' + required: true + skip-ecs-update: + description: 'Build, tag and push the image, but skip updating the ECS services' + required: false + default: 'false' + +outputs: + sha: + description: 'Checked out commit SHA' + value: ${{ steps.commit.outputs.sha }} + +runs: + using: 'composite' + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref != '' && inputs.ref || github.sha }} + + - name: Get checked out commit SHA + id: commit + run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" + shell: bash + + - name: Create and push service tag + if: ${{ inputs.create-tag == 'true' }} + run: | + export TZ="America/New_York" + tag_name="${{ inputs.service }}-$(date +"%Y-%m-%d_%H-%M-%S")" + git config user.name "github-actions" + git config user.email "github-actions@github.com" + git tag "$tag_name" ${{ steps.commit.outputs.sha }} + git push origin "$tag_name" + shell: bash + + - name: Build and Push Docker Image + uses: botpress/gh-actions/build/docker@v3 + with: + dockerfile: ${{ inputs.dockerfile }} + repository: ${{ inputs.repository }} + tag: ${{ steps.commit.outputs.sha }} + push: true + sentry-auth-token: ${{ inputs.sentry-auth-token }} + + - name: Deploy to ECS + uses: botpress/gh-actions/tag-and-deploy@v3 + with: + service: ${{ inputs.service }} + role-ecs-update: ${{ inputs.role-ecs-update }} + image-tag: ${{ steps.commit.outputs.sha }} + environment: ${{ inputs.environment }} + skip-ecs-update: ${{ inputs.skip-ecs-update }}