From a1369ace13a475186b74e31d239e22addf56ec7c Mon Sep 17 00:00:00 2001 From: Alex Marcotte Date: Fri, 10 Jan 2025 15:03:03 -0500 Subject: [PATCH 1/5] feat: containerize cubecobra so we can run automated jobs (from scripts) in ECS --- .dockerignore | 17 +++++++++++++++++ Dockerfile | 11 +++++++++++ 2 files changed, 28 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..699c09d04 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,17 @@ +node_modules/ +dist +build + +.git +.gitignore + +public +lambda +docs +emails + +docker +docker-compose.yml +Dockerfile + +views \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..e55c0f7e2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM node:20.18.0 + +WORKDIR "/app" + +COPY package*.json ./ + +RUN npm install + +COPY . . + +CMD ["echo", "hello, world"] \ No newline at end of file From 9ea890fa006b5ddaee3f210417357994b34c5d3e Mon Sep 17 00:00:00 2001 From: Alex Marcotte Date: Fri, 10 Jan 2025 15:30:21 -0500 Subject: [PATCH 2/5] feat: add github action --- .github/workflows/image-push.yml | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/image-push.yml diff --git a/.github/workflows/image-push.yml b/.github/workflows/image-push.yml new file mode 100644 index 000000000..043af5faa --- /dev/null +++ b/.github/workflows/image-push.yml @@ -0,0 +1,34 @@ +name: Build and Push Docker Image to ECR + +on: + push: + branches: + - master + +jobs: + build-and-push-prod: + name: Build and Push to ECR + runs-on: ubuntu-latest + + env: + role: arn:aws:iam::123456789012:role/replace-me + region: us-east-2 + repository: "replace-me!" + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.role }} + aws-region: ${{ env.region }} + + - id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - env: + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + REPOSITORY: ${{ env.repository }} + run: | + docker build -t $REGISTRY/$REPOSITORY:latest . + docker push $REGISTRY/$REPOSITORY:latest From f2886c8bcf63732503242b9bc6a00e9c64011e25 Mon Sep 17 00:00:00 2001 From: Alex Marcotte Date: Fri, 10 Jan 2025 16:59:21 -0500 Subject: [PATCH 3/5] feat: make sure the action can read the code and auth with iodc --- .github/workflows/image-push.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/image-push.yml b/.github/workflows/image-push.yml index 043af5faa..8cdb01213 100644 --- a/.github/workflows/image-push.yml +++ b/.github/workflows/image-push.yml @@ -10,6 +10,10 @@ jobs: name: Build and Push to ECR runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + env: role: arn:aws:iam::123456789012:role/replace-me region: us-east-2 From d3eacae23d1b2b20d5c258b884e71a7fa5b25b58 Mon Sep 17 00:00:00 2001 From: Alex Marcotte Date: Fri, 10 Jan 2025 22:40:46 -0500 Subject: [PATCH 4/5] feat: get the repository from the cloudformation stack --- .github/workflows/image-push.yml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/image-push.yml b/.github/workflows/image-push.yml index 8cdb01213..7094da5f6 100644 --- a/.github/workflows/image-push.yml +++ b/.github/workflows/image-push.yml @@ -1,5 +1,9 @@ name: Build and Push Docker Image to ECR +permissions: + contents: read + id-token: write + on: push: branches: @@ -10,14 +14,9 @@ jobs: name: Build and Push to ECR runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - env: - role: arn:aws:iam::123456789012:role/replace-me - region: us-east-2 - repository: "replace-me!" + role: ${{ secrets.GITHUB_ROLE_ARN }} + region: us-east-1 steps: - uses: actions/checkout@v4 @@ -27,12 +26,19 @@ jobs: role-to-assume: ${{ env.role }} aws-region: ${{ env.region }} + - run: | + ECR_REPO_NAME=$(aws cloudformation describe-stacks \ + --stack-name CubeCobraDevStack \ + --query "Stacks[0].Outputs[?OutputKey=='EcrRepositoryName'].OutputValue" \ + --output text) + + echo "ECR_REPO_NAME=${ECR_REPO_NAME}" >> $GITHUB_ENV + - id: login-ecr uses: aws-actions/amazon-ecr-login@v2 - env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} - REPOSITORY: ${{ env.repository }} run: | - docker build -t $REGISTRY/$REPOSITORY:latest . - docker push $REGISTRY/$REPOSITORY:latest + docker build -t $REGISTRY/$ECR_REPO_NAME:latest . + docker push $REGISTRY/$ECR_REPO_NAME:latest From 7a7421b265a7246b0d0f32cee1a87cf009af40f1 Mon Sep 17 00:00:00 2001 From: Alex Marcotte Date: Sat, 11 Jan 2025 07:38:45 -0500 Subject: [PATCH 5/5] build: restrict jobs to main repository --- .github/workflows/actions.yml | 2 ++ .github/workflows/image-push.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 51e60d96e..5e36167f1 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -10,6 +10,8 @@ on: jobs: build: + if: github.repository == 'dekkerglen/CubeCobra' + runs-on: ubuntu-latest timeout-minutes: 30 diff --git a/.github/workflows/image-push.yml b/.github/workflows/image-push.yml index 7094da5f6..d98324d8d 100644 --- a/.github/workflows/image-push.yml +++ b/.github/workflows/image-push.yml @@ -11,6 +11,7 @@ on: jobs: build-and-push-prod: + if: github.repository == 'dekkerglen/CubeCobra' name: Build and Push to ECR runs-on: ubuntu-latest