Merge pull request #11 from manics/dev

Move CHANGELOG to top level, update tag in variables.tf
hic-infra · Nov 23, 2023 · ebc7640 · ebc7640
2 parents fa0bb7b + 1797958
commit ebc7640
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 61 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,6 +13,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Check tag updated if this is a tag
+        run: |
+          ./ci/check_tag.sh
+
       - name: Install terraform
         uses: hashicorp/setup-terraform@v2
 
@@ -28,3 +32,57 @@ jobs:
 
       - name: pre-commit
         uses: pre-commit/[email protected]
+
+  container-build:
+    runs-on: ubuntu-22.04
+    needs:
+      - validate
+    permissions:
+      contents: read
+      packages: write
+    env:
+      REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}
+      # Set this to `main` to rebuild container on every push to main
+      # instead of just tags
+      PUBLISH_BRANCH: ""
+      PLATFORMS: linux/amd64,linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        if: >
+          github.event_name == 'push' &&
+          (github.ref == format('refs/heads/{0}', env.PUBLISH_BRANCH) ||
+          startsWith(github.ref, 'refs/tags/'))
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # https://github.com/docker/metadata-action
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: ./container
+          platforms: ${{ env.PLATFORMS }}
+          push: >
+            ${{ github.ref == format('refs/heads/{0}', env.PUBLISH_BRANCH) ||
+            startsWith(github.ref, 'refs/tags/') }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
diff --git a/ecs-cluster/CHANGELOG.md → CHANGELOG.md b/ecs-cluster/CHANGELOG.md → CHANGELOG.md
diff --git a/ci/check_tag.sh b/ci/check_tag.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/bash
+# If this is a git tag then check the container image tag has been updated
+set -eu
+
+if [[ "$GITHUB_REF" =~ ^refs/tags/ ]]; then
+  GITHUB_TAG="${GITHUB_REF#refs/tags/}"
+else
+  echo "No tag detected"
+  exit 0
+fi
+
+CONTAINER_TAG=$(grep ghcr.io/hic-infra/ecs-keycloak ecs-cluster/variables.tf | sed -re 's|.*:(.+)"|\1|')
+
+if [[ "$GITHUB_TAG" != "$CONTAINER_TAG" ]]; then
+  echo "ERROR: Container tag '$CONTAINER_TAG' does not match GitHub tag: '$GITHUB_TAG'"
+  exit 1
+fi
diff --git a/ecs-cluster/variables.tf b/ecs-cluster/variables.tf
@@ -12,7 +12,7 @@ variable "region" {
 
 variable "keycloak-image" {
   type        = string
-  default     = "ghcr.io/hic-infra/ecs-keycloak:1.0.0-beta.3"
+  default     = "ghcr.io/hic-infra/ecs-keycloak:1.0.0"
   description = "Keycloak image including registry"
 }