initial tf and github workflow #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push RimWorld Hay Calc | ||
| on: | ||
| # Build on every merge to main *and* on version tags like v1.2.3 | ||
| push: | ||
| branches: [ main ] | ||
| tags: [ 'v*' ] | ||
| paths: | ||
| - 'frontend/**' | ||
| - 'Dockerfile' | ||
| - '.github/workflows/build-and-deploy.yml' | ||
| env: | ||
| AWS_REGION: us-east-1 | ||
| ECR_REPOSITORY: rimworld-hay-calc | ||
| # This can be set in repo → Settings → Environments → prod → vars | ||
| ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com | ||
|
Check failure on line 16 in .github/workflows/build-and-deploy.yml
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write # ✅ OIDC | ||
| contents: read | ||
| steps: | ||
| - name: 🛎️ Check out code | ||
| uses: actions/checkout@v4 | ||
| # ---------- ① Configure AWS creds via OIDC ---------- | ||
| - name: 🔐 Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubOIDCDeploy | ||
| aws-region: ${{ env.AWS_REGION }} | ||
| # ---------- ② Log in to ECR ---------- | ||
| - name: 🔑 Login to Amazon ECR | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| # ---------- ③ Set image tag ---------- | ||
| - name: 🏷️ Define image tag | ||
| id: meta | ||
| run: | | ||
| if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then | ||
| echo "IMAGE_TAG=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "IMAGE_TAG=sha-${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: 💬 Show tag | ||
| run: echo "Pushing tag ${{ steps.meta.outputs.IMAGE_TAG }}" | ||
| # ---------- ④ Build & push (uses Docker layer cache) ---------- | ||
| - name: 🐳 Build & push image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| file: ./Dockerfile # still at repo root | ||
| push: true | ||
| tags: | | ||
| ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.IMAGE_TAG }} | ||
| ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest | ||
| cache-from: type=registry,ref=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:buildcache | ||
| cache-to: type=registry,ref=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:buildcache,mode=max | ||
