Merge pull request #184 from communitiesuk/update-register-validation #289
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "auth service publish" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| publish_image: | |
| name: Push auth service image to ECR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: publish | |
| env: | |
| AWS_REGION: "eu-west-1" | |
| VERSION: "20.1" | |
| REPOSITORY: "delta-auth-service" | |
| ECR_PATH: "468442790030.dkr.ecr.eu-west-1.amazonaws.com" | |
| outputs: | |
| image_tag: ${{ steps.determine_tag.outputs.tag }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # Use deploy key so we have write access for pushing the git tag later | |
| ssh-key: ${{ secrets.REPO_WRITE_DEPLOY_KEY }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: arn:aws:iam::468442790030:role/github-actions-delta-auth-ci | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Docker login | |
| run: aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_PATH | |
| - name: Determine tag | |
| id: determine_tag | |
| run: | | |
| aws ecr describe-images --repository-name $REPOSITORY --image-ids imageTag=release-$VERSION \ | |
| && echo "tag=snapshot-$VERSION-${{ github.sha }}" >> $GITHUB_OUTPUT \ | |
| || echo "tag=release-$VERSION" >> $GITHUB_OUTPUT | |
| - run: docker pull amazoncorretto:17 | |
| - name: Build image | |
| run: docker build -t $ECR_PATH/$REPOSITORY:${{ steps.determine_tag.outputs.tag }} . | |
| working-directory: auth-service/ | |
| - name: Pushing tag ${{ steps.determine_tag.outputs.tag }} | |
| run: docker push $ECR_PATH/$REPOSITORY:${{ steps.determine_tag.outputs.tag }} | |
| - name: Push git tag | |
| if: ${{ startsWith(steps.determine_tag.outputs.tag, 'release-') }} | |
| run: | | |
| TAG="${{ steps.determine_tag.outputs.tag }}-$(date +%Y-%m-%d)" | |
| git tag $TAG | |
| git push origin $TAG | |
| deploy_to_test: | |
| name: Deploy new image to test environment | |
| permissions: | |
| id-token: write | |
| contents: read | |
| uses: "./.github/workflows/terraform_deploy.yml" | |
| needs: publish_image | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| image_tag: ${{ needs.publish_image.outputs.image_tag}} | |
| secrets: inherit |