Skip to content

Bump amazonlinux from 2023.6.20241031.0 to 2023.6.20241111.0 in /s3-p… #26

Bump amazonlinux from 2023.6.20241031.0 to 2023.6.20241111.0 in /s3-p…

Bump amazonlinux from 2023.6.20241031.0 to 2023.6.20241111.0 in /s3-p… #26

name: Deploy S3 Proxy to ECR
on:
push:
branches:
- master
paths:
- .github/workflows/deploy-s3-proxy.yaml
- 's3-proxy/**'
jobs:
deploy-s3-proxy:
runs-on: ubuntu-latest
defaults:
run:
working-directory: s3-proxy
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials from Prod account
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::730278974607:role/github/GitHub-Quilt
aws-region: us-east-1
- name: Login to Prod ECR
id: login-prod-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to MP ECR
id: login-mp-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registries: 709825985650
- name: Configure AWS credentials from GovCloud account
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws-us-gov:iam::313325871032:role/github/GitHub-Quilt
aws-region: us-gov-east-1
- name: Login to GovCloud ECR
id: login-govcloud-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push Docker image to ECR
env:
ECR_REGISTRY_PROD: ${{ steps.login-prod-ecr.outputs.registry }}
ECR_REGISTRY_GOVCLOUD: ${{ steps.login-govcloud-ecr.outputs.registry }}
ECR_REGISTRY_MP: ${{ steps.login-mp-ecr.outputs.registry }}
ECR_REPOSITORY: quiltdata/s3-proxy
ECR_REPOSITORY_MP: quilt-data/quilt-payg-s3-proxy
IMAGE_TAG: ${{ github.sha }}
run: |
docker buildx build \
-t $ECR_REGISTRY_PROD/$ECR_REPOSITORY:$IMAGE_TAG \
-t $ECR_REGISTRY_GOVCLOUD/$ECR_REPOSITORY:$IMAGE_TAG \
-t $ECR_REGISTRY_MP/$ECR_REPOSITORY_MP:$IMAGE_TAG \
.
docker push $ECR_REGISTRY_PROD/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY_GOVCLOUD/$ECR_REPOSITORY:$IMAGE_TAG
# push to MP last because it can't be re-pushed using the same tag
# so we can re-run the job in case something has failed
docker push $ECR_REGISTRY_MP/$ECR_REPOSITORY_MP:$IMAGE_TAG