feat: deploy containers to ecr TDE-689 (#408)

* feat: deploy container.yml versions to ecr


d

* feat: deploy release-please.yml versions to ecr

* chore: remove comments

* fix: better name for step

* fix: push all tags rather than each one separately

* feat: reuse git_version variables using github_env

* fix: improve names of steps

* feat: update readme

.github/workflows/containers.yml

@@ -17,15 +17,44 @@ jobs:
         run: |
           docker build . --tag topo-imagery --label "github_run_id=${GITHUB_RUN_ID}"
 
-      - name: Log in to registry
+      - name: Log in to Registry
         if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}}
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
-      - name: Publish Containers
+      - name: Publish Containers to GHCR
         if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}}
         run: |
           GIT_VERSION=$(git describe --tags --always --match 'v*')
+          echo "GIT_VERSION=$GIT_VERSION" >> $GITHUB_ENV
+
           docker tag topo-imagery ghcr.io/linz/topo-imagery:latest
           docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION}
 
           docker push --all-tags ghcr.io/linz/topo-imagery
+
+      - name: Configure AWS Credentials
+        if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}}
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: ap-southeast-2
+          mask-aws-account-id: true
+          role-to-assume: ${{ secrets.AWS_CI_ROLE }}
+
+      - name: Login to Amazon ECR
+        if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}}
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Publish Containers to ECR
+        if: ${{(github.ref == 'refs/heads/master') && !(startsWith(github.event.head_commit.message, 'release:'))}}
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: eks
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker pull ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }}
+
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION }}
+
+          docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks

.github/workflows/release-please.yml

@@ -34,15 +34,45 @@ jobs:
       - name: Log in to registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
-      - name: Publish Containers
+      - name: Publish Containers to GHCR
         run: |
           GIT_VERSION=$(git describe --tags --always --match 'v*')
           GIT_VERSION_MAJOR=$(echo $GIT_VERSION | cut -d. -f1)
           GIT_VERSION_MAJOR_MINOR=$(echo $GIT_VERSION | cut -d. -f1,2)
+          echo "GIT_VERSION=$GIT_VERSION" >> $GITHUB_ENV
+          echo "GIT_VERSION_MAJOR=$GIT_VERSION_MAJOR" >> $GITHUB_ENV
+          echo "GIT_VERSION_MAJOR_MINOR=$GIT_VERSION_MAJOR_MINOR" >> $GITHUB_ENV
 
           docker tag topo-imagery ghcr.io/linz/topo-imagery:latest
           docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION_MAJOR}
           docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION_MAJOR_MINOR}
           docker tag topo-imagery ghcr.io/linz/topo-imagery:${GIT_VERSION}
 
           docker push --all-tags ghcr.io/linz/topo-imagery
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: ap-southeast-2
+          mask-aws-account-id: true
+          role-to-assume: ${{ secrets.AWS_CI_ROLE }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Publish Containers to ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: eks
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+
+          docker pull ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }}
+
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-latest
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION_MAJOR }}
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION_MAJOR_MINOR }}
+          docker tag ghcr.io/linz/topo-imagery:${{ env.GIT_VERSION }} ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks:topo-imagery-${{ env.GIT_VERSION }}
+
+          docker push --all-tags ${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.ap-southeast-2.amazonaws.com/eks

README.md

@@ -38,7 +38,7 @@ docker run -v ${HOME}/.aws/credentials:/root/.aws/credentials:ro -e AWS_PROFILE
 
 ## Container package
 
-Publishing a container to the GitHub Package registry (`ghcr`) is handled automatically by GitHub Actions in this repo.
+GitHub Actions automatically handles publishing a container to the GitHub Package Registry (`ghcr`) and AWS Elastic Container Registry (ECR).
 
 A new container is published everytime a change is [merged to the `master` branch](https://github.com/linz/topo-imagery/blob/master/.github/workflows/containers.yml). This container will be tagged with the following: