Mirror restyler images to ECR #1925
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
DOCKER_BUILD_SUMMARY: "false" | |
DOCKER_BUILD_RECORD_UPLOAD: "false" | |
LOG_COLOR: always | |
LOG_CONCURRENCY: 1 | |
LOG_BREAKPOINT: 200 | |
jobs: | |
tools: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: stack | |
uses: freckle/stack-action@v5 | |
with: | |
working-directory: _tools | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: tools | |
path: ${{ steps.stack.outputs.local-install-root }}/bin/restylers | |
if-no-files-found: error | |
changes: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: changes | |
uses: dorny/paths-filter@v3 | |
with: | |
filters: | | |
all: '**/*' | |
list-files: shell | |
- id: filtered | |
name: Identify Restyler changes | |
run: ./.github/bin/filter-changes ${{ steps.changes.outputs.all_files }} | |
outputs: | |
restylers: ${{ steps.filtered.outputs.restylers }} | |
restylers: | |
permissions: | |
contents: read | |
pull-requests: read | |
id-token: write | |
needs: | |
- tools | |
- changes | |
if: ${{ needs.changes.outputs.restylers }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: tools | |
- name: Install tools | |
run: | | |
chmod +x ./restylers | |
sudo mv -v restylers /usr/local/bin | |
curl --proto '=https' --tlsv1.2 -sSf \ | |
https://raw.githubusercontent.com/restyled-io/restyler/main/install | sudo sh | |
- uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Necessary if pushing, but best-effort if pulling (rate limits) | |
continue-on-error: ${{ github.ref_name != 'main' }} | |
# TODO: lint | |
- name: "Build, test, and push (if main) sha-tagged images" | |
run: >- | |
restylers | |
${{ runner.debug && '--debug' || '' }} | |
--sha ${{ github.sha }} | |
--write tested.yaml | |
--no-pull | |
${{ github.ref_name == 'main' && '--push' || '' }} | |
${{ needs.changes.outputs.restylers }} | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ vars.AWS_REGION }} | |
role-to-assume: ${{ vars.AWS_ROLE }} | |
# - if: ${{ github.ref_name == 'main' }} | |
# id: ecr-login | |
- id: ecr-login | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
# - if: ${{ github.ref_name == 'main' }} | |
# name: Create ECR repositories if necessary | |
- name: Create ECR repositories if necessary | |
run: | | |
for name in ${{ needs.changes.outputs.restylers }}; do | |
rname=restyler-$name | |
if ! aws ecr-public describe-repositories --repository-names "$rname" &>/dev/null; then | |
echo "Creating ECR repository for $rname" | |
aws ecr-public create-repository --repository-name "$rname" | |
fi | |
done | |
# - if: ${{ github.ref_name == 'main' }} | |
# name: Mirror image to ECR | |
- name: Mirror image to ECR | |
run: >- | |
restylers | |
${{ runner.debug && '--debug' || '' }} | |
--sha ${{ github.sha }} | |
--no-pull | |
--no-test | |
--push | |
--prefix "$PREFIX" | |
${{ needs.changes.outputs.restylers }} | |
env: | |
# TODO: use restyled-io alias once available | |
PREFIX: ${{ steps.ecr-login.outputs.registry }}/y2t3n2b1 | |
- name: Build merged restylers.yaml | |
run: | | |
gh release download dev -p restylers.yaml | |
mv -v restylers.yaml base.yaml | |
ruby -r yaml > restylers.yaml <<'EOM' | |
base = YAML.safe_load_file("./base.yaml") | |
tested = YAML.safe_load_file("./tested.yaml") | |
merged = base.map do |b| | |
tested.find { _1.fetch("name") == b.fetch("name") } || b | |
end | |
puts YAML.dump(merged) | |
EOM | |
echo "::group::Merged manifest" | |
cat restylers.yaml | |
echo "::endgroup::" | |
echo "::group::Changes" | |
diff -U 3 base.yaml restylers.yaml || true | |
echo "::endgroup::" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: manifest | |
path: restylers.yaml | |
if-no-files-found: error | |
- uses: restyled-io/actions/setup-demo@v4 | |
- uses: restyled-io/actions/setup@v4 | |
- uses: restyled-io/actions/run@v4 | |
with: | |
paths: . | |
manifest: ./restylers.yaml | |
dry-run: true | |
release: | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: [restylers] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: tag | |
name: Tag | |
uses: mathieudutour/github-tag-action@v6.2 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/download-artifact@v4 | |
with: | |
name: manifest | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: ${{ steps.tag.outputs.new_tag }} | |
name: Release ${{ steps.tag.outputs.new_tag }} | |
body: ${{ steps.tag.outputs.changelog }} | |
files: | | |
restylers.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update dev tag | |
uses: rickstaa/action-create-tag@v1 | |
with: | |
tag: dev | |
force_push_tag: true | |
commit_sha: ${{ github.sha }} | |
- name: Update dev release | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: dev | |
files: | | |
restylers.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |