Add a GitHub workflow
Step 1: Create a new configuration file
In the .github/workflows/_config/dev/
folder of the repo-apps
repository, create a new configuration file for the build-push workflow:
Step 2: Update the configuration file
Update the configuration file for the docker-build-push
workflow:
AppName: too-tikki
Dispatch:
Enable: false
OnPushPaths:
- "main.go"
OnPushBranches:
- "main"
Cache:
Enable: false
Ecr:
Enable: true
Login: true
Push: true
Ghcr:
Enable: false
DockerfilePath: Dockerfile
This configuration file result in the workflow being executed when main.go
is updated in the main
branch of the too-tikki
application repository.
The workflow will build the Docker image using the Dockerfile
in the root of the repository and push it to ECR.
Step 2: Add Docker build secrets (optional)
Are you using RUN
instructions in your Dockerfile
that require secrets, such as when authenticating with GitHub Packages? If so you need add these to the workflow configuration file.
DockerfilePath: Dockerfile
+DockerSecrets:
+ GPR_USERNAME: "secrets.GPR_USERNAME"
+ GPR_ACCESS_TOKEN: "secrets.GPR_ACCESS_TOKEN"
The example configuration will generate the following secret setup in the workflow:
DOCKER_SECRETS: |
GPR_ACCESS_TOKEN=${{ secrets.GPR_ACCESS_TOKEN }}
GPR_USERNAME=${{ secrets.GPR_USERNAME }}
Using secrets in RUN
instructions
Secrets in DOCKER_SECRETS
are available as volumes. Use the --mount
option to mount them.
RUN --mount=type=secret,id=GPR_USERNAME \
--mount=type=secret,id=GPR_ACCESS_TOKEN \
GPR_USERNAME=$(cat /run/secrets/GPR_USERNAME) \
GPR_ACCESS_TOKEN=$(cat /run/secrets/GPR_ACCESS_TOKEN) \
gradle buildFatJar --no-daemon
Ask in #origo-kjøremiljø-support
if you need help with this.
Step 3: Install the docker-build-push
package
Step 4: Verify
The application repository should now contain a new workflow file located at .github/workflows/_gp_too-tikki_pirates-dev_build_and_push_image.yml
.
Commit your files
At this stage it is a good idea to commit your files.
Step 5: Try to run the workflow
Try to run the workflow in the application repository under Actions . It will fail because the workflow is not able to authenticate with AWS yet. The next section will show you how to configure this.
Want to know more?
Check out the reference material for more information about building Docker images with reusable workflows.
Next step
Create the IAM roles that will allow the workflow to push the image to ECR.