Skip to main content

GitHub Action: ci-docker

Github Action CI Docker will build, test, and deploy a container image using Docker. The example showcases how to use private and public ECR repositories for storage. If desired, it will also trigger a deployment on another repository.

Usage

If you haven't already, follow the steps in the quickstart section.

Quick Start

Create a new workflow manifest at .github/workflows/docker.yml.

The following will build a container image based on ./Dockerfile, assume a role using OIDC, get credentials from the container registry, and then push once complete. Just make sure to replace the following with value specific to your setup: AWS_REGION, AWS_IAM_ROLE_ARN, and ECR_REGISTRY.

name: github-action-ci-docker

on:
  issue_comment:
    types: [created]
  pull_request:
    types: [opened, synchronize, reopened]

env:
  AWS_REGION: YOUR_AWS_REGION
  IAM_ROLE_ARN: YOUR_IAM_ROLE_ARN
  ECR_REGISTRY: YOUR_ECR_REGISTRY

# these permissions are needed to interact with GitHub's OIDC Token endpoint
permissions:
  id-token: write
  contents: read

jobs:
  docker:
    # only run on pull requests so long as they don't come from forks
    if: ( (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.full_name == github.repository) ) || (github.event_name != 'pull_request')
    runs-on: ubuntu-latest
    steps:
      - name: github-action-ci-docker
        uses: actions/checkout@v2

      - name: github-action-ci-docker
        uses: cloudposse/github-action-ci-docker@main
        with:
          aws-region: ${{ env.AWS_REGION }}
          aws-assume-role: "true"
          aws-iam-role-arn: ${{ env.IAM_ROLE_ARN }}
          aws-ecr-login: "true"
          docker-registry: ${{ env.ECR_REGISTRY }}

Examples

Here's a real world example: