generated from amazon-archives/__template_Apache-2.0
-
Notifications
You must be signed in to change notification settings - Fork 237
53 lines (49 loc) · 1.75 KB
/
ci-main.yml
File metadata and controls
53 lines (49 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# This workflow differs from PR CI in that it uploads a Docker build image to public ECR.
# This should be done only on push to main so that PRs from forks can successfully run CI
# since GitHub secrets cannot be shared with a PR from a fork.
name: CI on Branch `main`
on:
workflow_dispatch:
push:
branches: [main]
# Allow only one Docker build image build to run at a time for the entire smithy-rs repo
concurrency:
group: ci-docker-build-yml
cancel-in-progress: true
env:
ecr_repository: public.ecr.aws/w0m4q9l7/github-awslabs-smithy-rs-ci
jobs:
# Rebuild and upload the Docker build image
rebuild-docker-build-image:
runs-on: ubuntu-latest
name: Rebuild image
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build image
run: |
IMAGE_TAG="$(./tools/ci-build/tools-hash)"
cd tools
docker build \
-t "${{ env.ecr_repository }}:${IMAGE_TAG}" \
-t "${{ env.ecr_repository }}:main" \
.
- name: Acquire credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
role-session-name: GitHubActions
aws-region: us-west-2
- name: Upload image
run: |
IMAGE_TAG="$(./tools/ci-build/tools-hash)"
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
docker push "${{ env.ecr_repository }}:${IMAGE_TAG}"
docker push "${{ env.ecr_repository }}:main"
# Run normal CI, which should pick up the updated build image
ci:
needs: rebuild-docker-build-image
uses: awslabs/smithy-rs/.github/worfklows/ci.yaml@main