Build Image #2837
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Image | |
| on: | |
| push: | |
| branches: | |
| - master | |
| repository_dispatch: | |
| workflow_dispatch: | |
| inputs: | |
| image: | |
| description: Image name | |
| type: string | |
| version: | |
| description: Image version tag | |
| type: string | |
| frappe-repo: | |
| description: Frappe repo | |
| type: string | |
| frappe-version: | |
| description: Frappe branch | |
| type: string | |
| py-version: | |
| description: Python version | |
| type: string | |
| nodejs-version: | |
| description: NodeJS version | |
| type: string | |
| apps-json-base64: | |
| description: base64 encoded string of apps.json | |
| type: string | |
| context: | |
| description: kaniko context | |
| type: string | |
| dockerfile: | |
| description: dockerfile path from context | |
| type: string | |
| registry-user: | |
| description: user name | |
| required: false | |
| env: | |
| TOKEN: ${{ secrets.TOKEN }} | |
| IMAGE_NAME: ${{ inputs.image }} | |
| IMAGE_VERSION: ${{ inputs.version }} | |
| AWS_REGION: me-central-1 | |
| ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.me-central-1.amazonaws.com | |
| jobs: | |
| build: | |
| # runs-on: ubuntu-latest | |
| runs-on: self-hosted | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Clean Git Cache | |
| run: git clean -ffdx && git reset --hard | |
| - name: Run Python Script to Update JSON | |
| env: | |
| TOKEN: ${{ secrets.TOKEN }} | |
| run: python ci/script.py | |
| # Load repo defaults (fallbacks). Inputs will still win in Kaniko args. | |
| - name: Source Build Env | |
| run: | | |
| [ -f ./ci/build.env ] && cat ./ci/build.env >> $GITHUB_ENV | |
| [ -f ./ci/version.txt ] && echo "VERSION=$(cat ./ci/version.txt)" >> $GITHUB_ENV | |
| [ -f ./ci/apps.json ] && echo "APPS_JSON_BASE64=$(base64 -w 0 ./ci/apps.json)" >> $GITHUB_ENV | |
| # --- ECR auth & push --- | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Ensure ECR repository exists | |
| run: | | |
| set -e | |
| if ! aws ecr describe-repositories --repository-names "$IMAGE_NAME" --region "$AWS_REGION" >/dev/null 2>&1; then | |
| aws ecr create-repository \ | |
| --repository-name "$IMAGE_NAME" \ | |
| --region "$AWS_REGION" \ | |
| --image-scanning-configuration scanOnPush=true \ | |
| --encryption-configuration encryptionType=AES256 | |
| echo "Created ECR repository: $IMAGE_NAME" | |
| else | |
| echo "ECR repository already exists: $IMAGE_NAME" | |
| fi | |
| - name: Login to Amazon ECR | |
| run: | | |
| aws ecr get-login-password --region "$AWS_REGION" \ | |
| | docker login --username AWS --password-stdin "$ECR_REGISTRY" | |
| - name: Build and push Docker image with Kaniko | |
| uses: int128/kaniko-action@v1 | |
| with: | |
| push: true | |
| cache: false | |
| kaniko-args: | | |
| --build-arg=FRAPPE_PATH=${{ inputs.frappe-repo || env.FRAPPE_REPO }} | |
| --build-arg=FRAPPE_BRANCH=${{ inputs.frappe-version || env.FRAPPE_VERSION }} | |
| --build-arg=PYTHON_VERSION=${{ inputs.py-version || env.PY_VERSION }} | |
| --build-arg=NODE_VERSION=${{ inputs.nodejs-version || env.NODEJS_VERSION }} | |
| --build-arg=APPS_JSON_BASE64=${{ inputs.apps-json-base64 || env.APPS_JSON_BASE64 }} | |
| --context=${{ inputs.context || env.CONTEXT }} | |
| --destination=${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} | |
| --dockerfile=${{ inputs.dockerfile || env.DOCKERFILE }} | |