Update CHANGELOG #528
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: DOCKER | |
on: | |
push: | |
# Trigger this workflow on changes to `main` | |
branches: [ main ] | |
# Trigger this workflow if a semver tag is pushed | |
tags: [ 'v*.*.*' ] | |
env: | |
REPOSITORY: sroc-charging-module/sroc-charging-module-api | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# These permissions are needed to interact with GitHub's OIDC Token endpoint. | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones block `git describe --always --tags` from working later in 'Set all tags' | |
# Configure our AWS credentials and region environment variables for use in other GitHub Actions | |
# https://github.com/aws-actions/configure-aws-credentials | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_ENV_REGION }} | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ENV_ACCOUNT }}:role/${{ secrets.AWS_ENV_ROLE }} | |
# Login to AWS ECR private. It will use the credentials we configured in the previous step | |
# https://github.com/aws-actions/amazon-ecr-login | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
# Generate a unique tag | |
# Most tutorials will suggest you just use the commit sha as a way of creating a unique tag for your image. | |
# In our experience though this tells us nothing about the image we are working with. You have to search | |
# GitHub or the commit history to figure out what you have in the image. Instead, we use | |
# `git describe --always --tags` to generate a more meaningful tag, for example, `v3.2.1-162-g8ff3690`. | |
# This tag broken down means | |
# | |
# - the last tag created for my main branch was v3.2.1 | |
# - there have been 162 commits to that branch since that tag was created | |
# - the `g` just denotes that the source control system is git | |
# - the abbreviated commit reference for the lastest commit is 8ff3690 | |
# | |
# From this we get a better sense of just what version of the code the image was built on. For reference the | |
# `git describe --always --tags` command broken down means | |
# | |
# - `--always` If no tags existed nothing would be shown. As a fallback we include this argument to tell it to | |
# always return the abbreviated commit reference for the last commit. | |
# - `--tags` By default the command only works with annotated tags which is fine for us as that's all we use. But | |
# just in case we tell it to reference all tags created, both annotated and lightweight | |
# https://git-scm.com/docs/git-describe | |
- name: Generate raw tag | |
id: raw-tag | |
run: | |
echo "raw_tag=$(git describe --always --tags)" >> $GITHUB_OUTPUT | |
# Extract metadata from Git reference and GitHub events | |
# We use it to generate the tags and labels for our Docker image. For reference; | |
# | |
# - flavor: defines global behaviour for tags. By default a GitHub tag event would cause metadata-action to | |
# apply the `latest` tag. But as our AWS ECR has immutable tags we can't use `latest` | |
# - images: the base name to use for the full tag. The build-push-action will also use this to determine where | |
# to push the image to | |
# - tags: tell the action to generate certain tags dependent on the event. Our config says when a tag is pushed | |
# use the pushed git tag as the image tag. Else use the custom raw_tag we generated in the previous step | |
# - labels: because we don't use a common licence like MIT, the licences label doesn't get populated. We can | |
# overwrite any of the labels but in our case you just ensure this one gets set | |
# | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
flavor: | | |
latest=false | |
images: ${{ steps.login-ecr.outputs.registry }}/${{ env.REPOSITORY }} | |
tags: | | |
type=semver,priority=900,pattern={{raw}} | |
type=raw,priority=800,value=${{ steps.raw-tag.outputs.raw_tag }} | |
labels: | | |
org.opencontainers.image.licenses=OGL-UK-3.0 | |
# Build and push Docker image with Buildx | |
# Note: This will push to both GitHub Container registry and DockerHub thanks to the `Set all tags` step | |
# https://github.com/docker/build-push-action | |
# https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
target: production | |
build-args: | | |
GIT_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
DOCKER_TAG=${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
push: true | |
labels: ${{ steps.meta.outputs.labels }} | |
tags: ${{ steps.meta.outputs.tags }} | |
# Generate a summary that will be displayed against the Job when selected in the Actions tab. | |
# We this to quickly see details for the image generated instead of digging into the build output. | |
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary | |
- name: Generate job summary | |
id: summary | |
run: | | |
{ | |
echo "### Docker Image details" | |
echo "The tag is **${{ steps.raw-tag.outputs.raw_tag }}**" | |
echo "| Label | Value |" | |
echo "| ---------- | ----- |" | |
echo "| created | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} |" | |
echo "| description| ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} |" | |
echo "| licenses | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.licenses'] }} |" | |
echo "| revision | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} |" | |
echo "| source | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.source'] }} |" | |
echo "| title | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }} |" | |
echo "| url | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.url'] }} |" | |
echo "| version | ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} |" | |
} >> $GITHUB_STEP_SUMMARY |