Skip to content

Add a GitHub workflow

Step 1: Create a new configuration file

In the .github/workflows/_config/dev/ folder of the repo-apps repository, create a new configuration file for the build-push workflow:

repo-apps/.github/workflows/_config/dev/
ok pkg add docker-build-push too-tikki_docker-build-push

Step 2: Update the configuration file

Update the configuration file for the docker-build-push workflow:

repo-apps/.github/workflows/_config/dev/too-tikki_docker-build-push.yml
AppName: too-tikki
Dispatch:
  Enable: false
OnPushPaths:
  - "main.go"
OnPushBranches:
  - "main"
Cache:
  Enable: false
Ecr:
  Enable: true
  Login: true
  Push: true
Ghcr:
  Enable: false
DockerfilePath: Dockerfile

This configuration file result in the workflow being executed when main.go is updated in the main branch of the too-tikki application repository. The workflow will build the Docker image using the Dockerfile in the root of the repository and push it to ECR.

Step 2: Add Docker build secrets (optional)

Are you using RUN instructions in your Dockerfile that require secrets, such as when authenticating with GitHub Packages? If so you need add these to the workflow configuration file.

repo-apps/.github/workflows/_config/dev/too-tikki_docker-build-push.yml
DockerfilePath: Dockerfile
+DockerSecrets:
+  GPR_USERNAME: "secrets.GPR_USERNAME"
+  GPR_ACCESS_TOKEN: "secrets.GPR_ACCESS_TOKEN"

The example configuration will generate the following secret setup in the workflow:

Example secrets generated
DOCKER_SECRETS: |
  GPR_ACCESS_TOKEN=${{ secrets.GPR_ACCESS_TOKEN }}
  GPR_USERNAME=${{ secrets.GPR_USERNAME }}

Using secrets in RUN instructions

Secrets in DOCKER_SECRETS are available as volumes. Use the --mount option to mount them.

Example
RUN --mount=type=secret,id=GPR_USERNAME \
    --mount=type=secret,id=GPR_ACCESS_TOKEN \
    GPR_USERNAME=$(cat /run/secrets/GPR_USERNAME) \
    GPR_ACCESS_TOKEN=$(cat /run/secrets/GPR_ACCESS_TOKEN) \
    gradle buildFatJar --no-daemon

Ask in #origo-kjøremiljø-support if you need help with this.

Step 3: Install the docker-build-push package

repo-apps/.github/workflows/_config/dev
ok pkg install ../..

Step 4: Verify

The application repository should now contain a new workflow file located at .github/workflows/_gp_too-tikki_pirates-dev_build_and_push_image.yml.

Commit your files

At this stage it is a good idea to commit your files.

Step 5: Try to run the workflow

Try to run the workflow in the application repository under Actions . It will fail because the workflow is not able to authenticate with AWS yet. The next section will show you how to configure this.

Next step

Create the IAM roles that will allow the workflow to push the image to ECR.