-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update existing GHA workflow & add the new workflows to the readme (#236
) * update this workflow * on * fix echo --------- Co-authored-by: nate nowack <[email protected]>
- Loading branch information
1 parent
0003394
commit 252409f
Showing
2 changed files
with
32 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 27 additions & 23 deletions
50
devops/github-actions/docker-build-push-gcp-artifact-registry.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,49 +1,53 @@ | ||
name: "Docker build / push a flow image to Google Artifact Registry" | ||
on: | ||
workflow_dispatch: # build new image manually | ||
name: Docker build / push a flow image to Google Artifact Registry | ||
"on": | ||
workflow_dispatch: {} # build new image manually | ||
push: # or automatically build upon change to Dockerfile / dependencies | ||
branches: | ||
- "main" | ||
- main | ||
paths: | ||
- "Dockerfile" | ||
- "requirements.txt" | ||
- Dockerfile | ||
- requirements.txt | ||
|
||
# Do not grant jobs any permissions by default | ||
permissions: {} | ||
|
||
env: | ||
FLOW_IMAGE: us-docker.pkg.dev/my_gcp_project/my_repo_name/my_image_name:latest | ||
|
||
|
||
jobs: | ||
build-docker-images: | ||
build_docker_images: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# required to read from the repo | ||
contents: read | ||
# required to obtain Google Cloud service account credentials | ||
id-token: write | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
# Change the path `./Dockerfile` as needed! | ||
- name: Build the Docker image | ||
run: | | ||
docker build . --tag ${{ env.FLOW_IMAGE }} -f ./Dockerfile | ||
# Generate a temporary access token from your service account's credentials | ||
- id: 'auth' | ||
name: 'Authenticate to Google Cloud' | ||
uses: 'google-github-actions/[email protected]' | ||
# Generate a temporary access token from your service accounts credentials | ||
- name: Authenticate to Google Cloud | ||
uses: google-github-actions/[email protected] | ||
with: | ||
# This service account must have the IAM permissions to push to | ||
# Google Artifact Registry and generate an access token | ||
credentials_json: '${{ secrets.PREFECT_GCP_SERVICE_ACCT_CREDENTIALS }}' | ||
token_format: 'access_token' | ||
# Google Artifact Registry | ||
workload_identity_provider: GCP_WORKLOAD_IDENTITY | ||
service_account: GCP_SERVICE_ACCOUNT | ||
|
||
# log into Google Artifact Registry with the temporary access token | ||
- uses: 'docker/login-action@v1' | ||
name: 'Docker login' | ||
with: | ||
registry: 'us-docker.pkg.dev' | ||
username: 'oauth2accesstoken' | ||
password: '${{ steps.auth.outputs.access_token }}' | ||
- name: Configure Google Cloud credential helper | ||
run: gcloud auth configure-docker --quiet us-docker.pkg.dev | ||
|
||
- name: Push to container registry | ||
run: | | ||
docker push ${{ env.FLOW_IMAGE }} | ||
- name: Output Success | ||
run: echo "Successfully built and pushed ${{ env.FLOW_IMAGE }} :rocket:" >> $GITHUB_STEP_SUMMARY | ||
run: echo "Successfully built and pushed ${{ env.FLOW_IMAGE }} :rocket:" >> $GITHUB_STEP_SUMMARY |