-
Notifications
You must be signed in to change notification settings - Fork 2
139 lines (121 loc) · 4.56 KB
/
build-push-amd64-arm64-docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Multi-arch Docker Image Build & Push
on:
workflow_call:
inputs:
tag:
description: Tag to be assigned when pushing the image to ECR repo
required: true
type: string
latest:
description: Tag as latest, if enabled image will be also tagged as 'latest' in ECR repo
required: false
type: boolean
default: false
image-target:
description: Target for image build, selects stage for a multi-stage Dockefile
required: true
type: string
Dockerfile:
description: Dockerfile to be used for the build, accepts path to file
required: true
type: string
build-context:
description: Build context to be used by 'docker build' command
required: false
type: string
default: .
secrets:
AWS_ECR_REPOSITORY_URL:
required: true
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
AWS_REGION:
required: true
jobs:
build-push:
name: Docker image to ECR
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- amd64
- arm64
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build environment
uses: docker/build-push-action@v4
with:
target: ${{ inputs.image-target}}
platforms: linux/${{ matrix.platform }}
outputs: type=docker
tags: env-container:${{ matrix.platform }}
file: ${{ inputs.Dockerfile }}
context: ${{ inputs.build-context }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Log in to Amazon ECR
id: ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Docker login to ECR
uses: docker/login-action@v1
with:
registry: ${{ steps.ecr.outputs.registry }}
username: ${{ steps.ecr.outputs.username }}
password: ${{ steps.ecr.outputs.password }}
- name: Tag & Push image
run: |
docker tag env-container:${{ matrix.platform }} ${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-${{ matrix.platform }}
docker push ${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-${{ matrix.platform }}
merge:
name: Merge multi-arch images
needs: build-push
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Log in to Amazon ECR
id: ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Create manifest for '${{ inputs.tag }}'
run: |
# Create manifest
docker manifest create ${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }} \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-amd64 \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-arm64
# Annotate architectures
for arch in amd64 arm64; do
docker manifest annotate --arch ${arch} ${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }} \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-${arch}
done
# Push manifest
docker manifest push ${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}
- name: Create manifest for 'latest'
if: ${{ inputs.latest == true }}
run: |
# Create manifest
docker manifest create ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-amd64 \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-arm64
# Annotate architectures
for arch in amd64 arm64; do
docker manifest annotate --arch ${arch} ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest \
${{ secrets.AWS_ECR_REPOSITORY_URL }}:${{ inputs.tag }}-${arch}
done
# Push manifest
docker manifest push ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest