Skip to content

Add a GitHub workflow

Step 1: Create a new configuration file

In the .github/workflows/_config/dev/ folder of the repo-apps repository, create a new configuration file for the build-push workflow:

repo-apps/.github/workflows/_config/dev/
ok pkg add docker-build-push too-tikki_docker-build-push

Step 2: Update the configuration file

Update the configuration file for the docker-build-push workflow:

repo-apps/.github/workflows/_config/dev/too-tikki_docker-build-push.yml
AppName: too-tikki
Dispatch:
  Enable: false
OnPushPaths:
  - "main.go"
OnPushBranches:
  - "main"
Cache:
  Enable: false
Ecr:
  Enable: true
  Login: true
  Push: true
Ghcr:
  Enable: false
DockerfilePath: Dockerfile

This configuration triggers the workflow when:

  • main.go is updated
  • Changes are pushed to the main branch
  • In the too-tikki application repository

The workflow will:

  • Build the Docker image using the Dockerfile in the repository root
  • Push the image to ECR

Step 2: Add Docker build secrets (optional)

Does your Dockerfile use secrets? Add them to your workflow configuration if you have RUN instructions that require authentication, such as GitHub Packages access.

repo-apps/.github/workflows/_config/dev/too-tikki_docker-build-push.yml
DockerfilePath: Dockerfile
+DockerSecrets:
+  GPR_USERNAME: "secrets.GPR_USERNAME"
+  GPR_ACCESS_TOKEN: "secrets.GPR_ACCESS_TOKEN"

The example configuration will generate the following secret setup in the workflow:

Example secrets generated
DOCKER_SECRETS: |
  GPR_ACCESS_TOKEN=${{ secrets.GPR_ACCESS_TOKEN }}
  GPR_USERNAME=${{ secrets.GPR_USERNAME }}

Using secrets in RUN instructions

Secrets in DOCKER_SECRETS are available as volumes. Use the --mount option to mount them.

Example
RUN --mount=type=secret,id=GPR_USERNAME \
    --mount=type=secret,id=GPR_ACCESS_TOKEN \
    GPR_USERNAME=$(cat /run/secrets/GPR_USERNAME) \
    GPR_ACCESS_TOKEN=$(cat /run/secrets/GPR_ACCESS_TOKEN) \
    gradle buildFatJar --no-daemon

Ask in #origo-kjøremiljø-support if you need help with this.

Step 3: Install the docker-build-push package

repo-apps/.github/workflows/_config/dev
ok pkg install ../..

Step 4: Verify

The application repository should now contain a new workflow file located at .github/workflows/_gp_too-tikki_pirates-dev_build_and_push_image.yml.

Commit your files

At this stage it is a good idea to commit your files.

Step 5: Try to run the workflow

Try to run the workflow in the application repository under Actions . It will fail because the workflow is not able to authenticate with AWS yet. The next section will show you how to configure this.

Next step

Create the IAM roles that will allow the workflow to push the image to ECR.