Skip to content

Docker

Docker #1883

Workflow file for this run

name: Docker
on:
check_run:
types:
- completed
workflow_dispatch:
inputs:
git_tag:
type: string
required: true
jobs:
tag:
name: Determine tag to build
runs-on: ubuntu-latest
permissions: {}
outputs:
TAG: ${{ steps.determine.outputs.tag }}
if: |
github.event_name == 'workflow_dispatch'
|| (
github.event_name == 'check_run'
&& github.event.check_run.conclusion == 'success'
&& github.event.check_run.app.client_id == 'Iv1.44befee49e3e76a4'
&& github.event.check_run.name == 'test_and_deploy_tag'
)
env:
CIRCLECI_EXTERNAL_ID: ${{ github.event.check_run.external_id }}
steps:
- id: determine
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.git_tag }}" != "" ]]; then
tag="${{ inputs.git_tag }}"
elif [[ "${{ github.event_name }}" == "check_run" ]]; then
echo ${CIRCLECI_EXTERNAL_ID}
CIRCLECI_WORKFLOW_ID=$(echo "${CIRCLECI_EXTERNAL_ID}" | jq -r '."workflow-id"')
CIRCLECI_WORKFLOW_DATA=$(curl "https://circleci.com/api/v2/workflow/${CIRCLECI_WORKFLOW_ID}")
CIRCLECI_PIPELINE_ID=$(echo "${CIRCLECI_WORKFLOW_DATA}" | jq -r '.pipeline_id')
CIRCLECI_PIPELINE_DATA=$(curl "https://circleci.com/api/v2/pipeline/${CIRCLECI_PIPELINE_ID}")
TAG=$(echo "${CIRCLECI_PIPELINE_DATA}" | jq -r '.vcs.tag')
if [[ "${TAG}" != "" ]]; then
tag="${TAG}"
fi
fi
if [[ "${tag}" != "" ]]; then
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "Trigger docker build & push on ${{ github.event_name }} and found tag ${TAG}" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "Cannot determine tag"
echo "Trigger docker build & push on ${{ github.event_name }} and cannot determine tag" >> $GITHUB_STEP_SUMMARY
exit 1
fi
docker:
name: Docker build and push to GAR
runs-on: ubuntu-latest
environment: build
permissions:
contents: read
id-token: write
env:
GAR_LOCATION: us
GAR_REPOSITORY: fxa-prod
GCP_PROJECT_ID: moz-fx-fxa-prod
IMAGE: fxa-mono
RUN_ID: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GIT_TAG: ${{ needs.tag.outputs.TAG }}
needs:
- tag
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_TAG }}
- uses: actions/setup-node@v4
with:
cache: yarn
- run: ./_scripts/l10n/clone.sh
- run: ./.circleci/base-install.sh
- run: ./_scripts/create-version-json.sh
- uses: docker/setup-buildx-action@v3
- id: gcp-auth
uses: google-github-actions/auth@v2
with:
token_format: 'access_token'
service_account: artifact-writer@${{ env.GCP_PROJECT_ID}}.iam.gserviceaccount.com
workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
- uses: docker/login-action@v3
with:
registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}
- id: build-and-push
uses: docker/build-push-action@v6
with:
context: .
file: _dev/docker/mono/Dockerfile
tags: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY}}/${{ env.IMAGE}}:${{ env.GIT_TAG }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max