diff --git a/.github/workflows/build-and-push-image-to-ecr.yaml b/.github/workflows/preview.build-image.yaml similarity index 70% rename from .github/workflows/build-and-push-image-to-ecr.yaml rename to .github/workflows/preview.build-image.yaml index 5704a32..aa07910 100644 --- a/.github/workflows/build-and-push-image-to-ecr.yaml +++ b/.github/workflows/preview.build-image.yaml @@ -52,9 +52,20 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - name: Create ECR repository if it doesn't exist run: | - aws ecr describe-repositories --repository-names ${{ inputs.APPLICATION_NAME }} || \ - aws ecr create-repository --repository-name ${{ inputs.APPLICATION_NAME }} - LIFECYCLE_POLICY='{"rules":[{"rulePriority":1,"description":"Keep last 500 images","selection":{"tagStatus":"any","countType":"imageCountMoreThan","countNumber":500},"action":{"type":"expire"}}]}' + if ! aws ecr describe-repositories --repository-names ${{ inputs.APPLICATION_NAME }} 2>/dev/null; then + echo "Repository ${{ inputs.APPLICATION_NAME }} does not exist, creating it..." + aws ecr create-repository --repository-name ${{ inputs.APPLICATION_NAME }} + echo "Setting lifecycle policy..." + else + echo "Repository ${{ inputs.APPLICATION_NAME }} already exists, skipping creation" + fi + + echo "Applying lifecycle policies" + LIFECYCLE_POLICY='{"rules":[ + {"rulePriority":1,"description":"Preserve preview images","selection":{"tagStatus":"tagged","tagPatternList":["preview-*"],"countType":"sinceImagePushed","countNumber":365},"action":{"type":"expire"}}, + {"rulePriority":2,"description":"Preserve production images","selection":{"tagStatus":"tagged","tagPatternList":["v*"],"countType":"imageCountMoreThan","countNumber":50},"action":{"type":"expire"}} + {"rulePriority":3,"description":"Remove untagged images","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countNumber":7},"action":{"type":"expire"}} + ]}' aws ecr put-lifecycle-policy --repository-name ${{ inputs.APPLICATION_NAME }} --lifecycle-policy-text "$LIFECYCLE_POLICY" - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -70,7 +81,7 @@ jobs: provenance: false push: true tags: | - ${{ steps.login-ecr.outputs.registry }}/${{ inputs.APPLICATION_NAME }}:preview + ${{ steps.login-ecr.outputs.registry }}/${{ inputs.APPLICATION_NAME }}:preview-${{ github.event.pull_request.number }} ${{ steps.login-ecr.outputs.registry }}/${{ inputs.APPLICATION_NAME }}:${{ github.event.pull_request.head.sha }} comment-pr: if: ${{ inputs.GHA_TRIGGER_EVENT != 'synchronize' }} diff --git a/.github/workflows/preview.remove-tag.yaml b/.github/workflows/preview.remove-tag.yaml new file mode 100644 index 0000000..d9aea40 --- /dev/null +++ b/.github/workflows/preview.remove-tag.yaml @@ -0,0 +1,40 @@ +name: Remove preview tag from ECR + +on: + workflow_call: + inputs: + APPLICATION_NAME: + description: The name of the application + required: true + type: string + secrets: + AWS_ROLE_TO_ASSUME: + required: true + description: AWS OIDC role for GitHub to assume + +jobs: + remove-preview-tag: + permissions: + id-token: write + contents: read + runs-on: ubuntu-latest + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: eu-central-1 + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: Remove preview tag from ECR + run: | + # Check if repository exists + if aws ecr describe-repositories --repository-names ${{ inputs.APPLICATION_NAME }} 2>/dev/null; then + echo "Repository ${{ inputs.APPLICATION_NAME }} exists, attempting to remove preview-${{ github.event.pull_request.number }} tag..." + + # Remove the preview tag + aws ecr batch-delete-image \ + --repository-name ${{ inputs.APPLICATION_NAME }} \ + --image-ids imageTag=preview-${{ github.event.pull_request.number }} || \ + echo "Tag preview-${{ github.event.pull_request.number }} not found or already removed" + else + echo "Repository ${{ inputs.APPLICATION_NAME }} does not exist, nothing to remove" + fi