Merge pull request #4 from lambda-feedback/feature/licence #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Evaluation Function Image | ||
|
Check failure on line 1 in .github/workflows/lambda_build.yml
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| environment: | ||
| type: string | ||
| description: "The environment to deploy to" | ||
| required: true | ||
| region: | ||
| type: string | ||
| description: "The AWS region to deploy to" | ||
| default: "eu-west-2" | ||
| required: false | ||
| function-name: | ||
| type: string | ||
| description: "The name of the Lambda function to deploy" | ||
| required: true | ||
| build-file: | ||
| type: string | ||
| description: "The path to the Dockerfile to build" | ||
| required: false | ||
| default: "Dockerfile" | ||
| build-context: | ||
| type: string | ||
| description: "The context to use for the Docker build" | ||
| required: false | ||
| default: "." | ||
| build-target: | ||
| type: string | ||
| description: "The target stage of the image to build" | ||
| required: false | ||
| build-args: | ||
| type: string | ||
| description: "The build arguments to pass to the Docker build" | ||
| required: false | ||
| build-push: | ||
| type: boolean | ||
| description: "Whether to push the image to the registry" | ||
| required: false | ||
| default: true | ||
| build-platforms: | ||
| type: string | ||
| description: "The platforms to build the image for" | ||
| required: false | ||
| secrets: | ||
| aws-key-id: | ||
| description: "The AWS access key ID" | ||
| required: true | ||
| aws-secret-key: | ||
| description: "The AWS secret access key" | ||
| required: true | ||
| build-secrets: | ||
| description: "The Docker secrets to use for the build" | ||
| required: false | ||
| LICENSE: | ||
| description: "The licence file to bundle into the ECR image" | ||
| required: false | ||
| outputs: | ||
| registry: | ||
| description: "The registry where the image was pushed" | ||
| value: ${{ jobs.build.outputs.registry }} | ||
| jobs: | ||
| build: | ||
| name: Build (${{ inputs.environment }}) | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| id-token: write | ||
| outputs: | ||
| registry: ${{ steps.login-ecr.outputs.registry }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.aws-key-id }} | ||
| aws-secret-access-key: ${{ secrets.aws-secret-key }} | ||
| aws-region: ${{ inputs.region }} | ||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| - name: Login to Github Packages | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Extract metadata for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| flavor: | | ||
| latest=false | ||
| tags: | | ||
| type=raw,value=${{ inputs.function-name }} | ||
| images: | | ||
| ${{ steps.login-ecr.outputs.registry }}/lambda-feedback-${{ inputs.environment }}-functions-repository | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Write license file if secret exists | ||
| run: | | ||
| if [ -n "${{ secrets.LICENSE }}" ]; then | ||
| echo "${{ secrets.LICENSE }}" > dist/LICENSE.txt | ||
| echo "License file created at dist/LICENSE.txt" | ||
| echo "target=with-licence" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "LICENSE_TEXT secret not provided. Skipping license file creation." | ||
| fi | ||
| - name: Build and push with licence | ||
| if: ${{ secrets.LICENSE != '' }} | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| file: ${{ inputs.build-file || 'Dockerfile' }} | ||
| context: ${{ inputs.build-context || '.'}} | ||
| target: ${{ steps.license.outputs.target }} | ||
| push: ${{ inputs.build-push }} | ||
| provenance: false | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max,ignore-error=true | ||
| platforms: ${{ inputs.build-platforms }} | ||
| build-args: ${{ inputs.build-args }} | ||
| secrets: ${{ secrets.build-secrets }} | ||
| - name: Build and push without licence | ||
| if: ${{ secrets.LICENSE != '' }} | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| file: ${{ inputs.build-file || 'Dockerfile' }} | ||
| context: ${{ inputs.build-context || '.'}} | ||
| target: ${{ inputs.build-target }} | ||
| push: ${{ inputs.build-push }} | ||
| provenance: false | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max,ignore-error=true | ||
| platforms: ${{ inputs.build-platforms }} | ||
| build-args: ${{ inputs.build-args }} | ||
| secrets: ${{ secrets.build-secrets }} | ||
