1+ # This workflow will trigger when it detects that a new github runner image was built in the
2+ # github-runner-image-build.yml workflow. It will download the artifacts built from that workflow
3+ # and push it to an ECR in each region
4+ name : Push Github Runner Image
5+
6+ on :
7+ workflow_run :
8+ workflows :
9+ - " Build Github Runner Image"
10+ types :
11+ - " completed"
12+
13+ permissions :
14+ id-token : write
15+ contents : read
16+
17+ env :
18+ E2E_TEST_ACCOUNT_ID : ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}
19+ E2E_TEST_ROLE_NAME : ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }}
20+ E2E_RUNNER_ECR_NAME : github-runner-image-ecr
21+ RUN_ID : ${{ github.event.workflow_run.id }}
22+
23+ jobs :
24+ push-images :
25+ if : ${{ github.event.workflow_run.conclusion == 'success' }}
26+ runs-on : ubuntu-latest
27+ strategy :
28+ matrix :
29+ aws-region : [ 'af-south-1','ap-east-1','ap-northeast-1','ap-northeast-2','ap-northeast-3','ap-south-1','ap-south-2','ap-southeast-1',
30+ ' ap-southeast-2' ,'ap-southeast-3','ap-southeast-4','ca-central-1','eu-central-1','eu-central-2','eu-north-1',
31+ ' eu-south-1' ,'eu-south-2','eu-west-1','eu-west-2','eu-west-3','il-central-1','me-central-1','me-south-1', 'sa-east-1',
32+ ' us-east-1' ,'us-east-2','us-west-1','us-west-2' ]
33+ steps :
34+ - name : Configure AWS Credentials
35+ uses : aws-actions/configure-aws-credentials@v4
36+ with :
37+ role-to-assume : arn:aws:iam::${{ env.E2E_TEST_ACCOUNT_ID }}:role/${{ env.E2E_TEST_ROLE_NAME }}
38+ aws-region : us-east-1
39+
40+ - name : Retrieve account
41+ uses : aws-actions/aws-secretsmanager-get-secrets@v1
42+ with :
43+ secret-ids : |
44+ ACCOUNT_ID, region-account/${{ matrix.aws-region }}
45+
46+ name : Configure AWS Credentials
47+ uses : aws-actions/configure-aws-credentials@v4
48+ with :
49+ role-to-assume : arn:aws:iam::${{ env.ACCOUNT_ID }}:role/${{ env.E2E_TEST_ROLE_NAME }}
50+ aws-region : us-east-1
51+
52+ - name : Output Public ECR Url
53+ id : get-public-ecr-url
54+ run : |
55+ echo "public_ecr_url=$(aws ecr-public describe-repositories --repository-names ${{ env.E2E_RUNNER_ECR_NAME }} --query "repositories[0].repositoryUri" --output text)" >> $GITHUB_OUTPUT
56+
57+ name : Login to Amazon ECR
58+ id : login-ecr-public
59+ uses : aws-actions/amazon-ecr-login@v2
60+ with :
61+ registry-type : public
62+
63+ - name : Build, tag, and push image to Amazon ECR
64+ id : build-image
65+ env :
66+ GITHUB_REPOSITORY : ${{ github.repository }}
67+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
68+ REGISTRY_URL : ${{ steps.get-public-ecr-url.outputs.public_ecr_url }}
69+ run : |
70+ # Get list of artifacts generated by this workflow run from previous step
71+ artifact_list=$(curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$GITHUB_REPOSITORY/actions/runs/${{ env.RUN_ID }}/artifacts)
72+
73+ # Filter out the artifact names from the list
74+ artifact_names=$(echo "$artifact_list" | jq -r '[.artifacts[].name] | join(",")')
75+ echo $artifact_names
76+
77+ # Iterate through each artifact to download them, then upload them to ECR
78+ IFS=',' read -ra artifacts <<< "$artifact_names"
79+ for artifact in "${artifacts[@]}"; do
80+ echo "Processing artifact: $artifact"
81+
82+ artifact_url=$(echo "$artifact_list" | jq -r --arg artifact "$artifact" '.artifacts[] | select(.name == $artifact) | .archive_download_url')
83+ echo "$artifact_url"
84+
85+ # Download the artifact
86+ curl -O -J -L -H "Authorization: token $GITHUB_TOKEN" "$artifact_url"
87+
88+ # Unzip the downloaded artifact
89+ unzip "$artifact".zip
90+
91+ # Remove the artifact zip to clean up disk space
92+ rm "$artifact".zip
93+
94+ # Push artifact to ECR
95+ image_name=$(echo $artifact | cut -f 1 -d '.')
96+ docker load -i $artifact
97+ docker tag $image_name $REGISTRY_URL:$image_name
98+ docker push $REGISTRY_URL:$image_name
99+
100+ # Remove docker image to clean up disk space
101+ docker rmi $image_name $REGISTRY_URL:$image_name
102+
103+ # Remove artifact to clean up disk space
104+ rm "$artifact"
105+ done
0 commit comments