PLFM-8554: Run Synapse Docker registry using ECS #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: main | |
| on: | |
| pull_request: | |
| branches: ['*'] | |
| push: | |
| branches: ['*'] | |
| concurrency: ci-${{ github.ref }} | |
| jobs: | |
| tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Static Analysis | |
| uses: pre-commit/[email protected] | |
| - name: Install dependencies | |
| run: pip install -r requirements.txt -r requirements-dev.txt | |
| - name: Run unit tests | |
| run: python -m pytest tests/ -s -v | |
| # make sure tests pass for both dev and prod stacks | |
| synth-test: | |
| needs: tests | |
| strategy: | |
| matrix: | |
| stack: ['dev', 'prod'] | |
| uses: "./.github/workflows/synth-test.yml" | |
| with: | |
| CONTEXT: ${{ matrix.stack }} | |
| build-only-container: | |
| # build on PRs as well as on merges, but do not push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: create self-signed cert | |
| # the Dockerfile expects these files, but the content is not used | |
| # so we jsut put dummy information in them | |
| run: > | |
| cat "fake-key" > privatekey.pem | |
| cat "fake-cert" > certificate.pem | |
| - name: Build and push Docker image | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| build-args: stack=dev | |
| push: false | |
| build-and-publish-registry-container: | |
| needs: [tests, synth-test, build-only-container] | |
| # only run on a push/merge, not on a PR | |
| if: ${{ github.ref_name == 'dev' || github.ref_name == 'prod' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: create self-signed cert | |
| run: > | |
| openssl req -x509 -days 3650 -newkey rsa:2048 -sha256 | |
| -nodes -keyout privatekey.pem -out certificate.pem | |
| -subj "/C=US/ST=WA/L=Seattle/O=SageBionetworks/OU=IT/CN=www.synapse.org" | |
| - name: Build and push Docker image | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| build-args: stack=${{ github.ref_name }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cdk-deploy-dev: | |
| # only run on a push/merge, not on a PR | |
| if: ${{ github.ref_name == 'dev' }} | |
| needs: [tests, synth-test, build-and-publish-registry-container] | |
| uses: "./.github/workflows/aws-deploy.yml" | |
| secrets: inherit | |
| with: | |
| CONTEXT: ${{ github.ref_name }} | |
| ROLE_TO_ASSUME: arn:aws:iam::449435941126:role/sagebase-github-oidc-sage-bionetworks-synapse-docker-registry | |
| cdk-deploy-prod: | |
| # only run on a push/merge, not on a PR | |
| if: ${{ github.ref_name == 'prod' }} | |
| needs: [tests, synth-test, build-and-publish-registry-container] | |
| uses: "./.github/workflows/aws-deploy.yml" | |
| secrets: inherit | |
| with: | |
| CONTEXT: ${{ github.ref_name }} | |
| ROLE_TO_ASSUME: arn:aws:iam::325565585839:role/sagebase-github-oidc-sage-bionetworks-synapse-docker-registry |