ci: Another round of tweaks
ZeroDownTime/sns-alert-hub/pipeline/head This commit looks good
Details
ZeroDownTime/sns-alert-hub/pipeline/head This commit looks good
Details
This commit is contained in:
parent
32f3efe7a8
commit
be7d9eed5f
|
|
@ -13,6 +13,7 @@ RUN apk upgrade -U --available --no-cache && \
|
|||
|
||||
# Stage 2 - build function and dependencies
|
||||
FROM python-alpine AS build-image
|
||||
ARG TAG="latest"
|
||||
|
||||
# Install aws-lambda-cpp build dependencies
|
||||
RUN apk upgrade -U --available --no-cache && \
|
||||
|
|
@ -37,6 +38,8 @@ RUN export MAKEFLAGS="-j$(nproc)" && \
|
|||
# Install our app
|
||||
COPY app.py /app
|
||||
|
||||
# Ser version to our TAG
|
||||
RUN sed -i -e "s/^__version__ =.*/__version__ = \"${TAG}\"/" /app/app.py
|
||||
|
||||
# Stage 3 - final runtime image
|
||||
FROM python-alpine
|
||||
|
|
@ -46,3 +49,6 @@ COPY --from=build-image /app /app
|
|||
|
||||
ENTRYPOINT [ "/usr/local/bin/python", "-m", "awslambdaric" ]
|
||||
CMD [ "app.handler" ]
|
||||
|
||||
LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \
|
||||
zero-downtime.net.image.license="AGPLv3"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
ARG REPOSITORY="sns-alert-hub"
|
||||
ARG TAG="latest"
|
||||
|
||||
FROM ${REPOSITORY}:${TAG}
|
||||
FROM setviacmdline:latest
|
||||
|
||||
# Install additional tools for tests
|
||||
COPY dev-requirements.txt .flake8 .
|
||||
|
|
|
|||
56
Makefile
56
Makefile
|
|
@ -1,5 +1,5 @@
|
|||
REGISTRY := public.ecr.aws/zero-downtime
|
||||
REPOSITORY := sns-alert-hub
|
||||
IMAGE := sns-alert-hub
|
||||
REGION := us-east-1
|
||||
|
||||
# Parse version from latest git semver tag
|
||||
|
|
@ -12,33 +12,41 @@ else
|
|||
TRIVY_OPTS := client --remote ${TRIVY_REMOTE}
|
||||
endif
|
||||
|
||||
.PHONY: build push scan test
|
||||
.PHONY: build test scan push clean
|
||||
|
||||
all: test
|
||||
|
||||
|
||||
build:
|
||||
docker image exists $(IMAGE):$(TAG) || \
|
||||
docker build --rm -t $(IMAGE):$(TAG) --build-arg TAG=$(TAG) .
|
||||
|
||||
test: build rm-test-image
|
||||
docker build --rm -t $(IMAGE):$(TAG)-test --from=$(IMAGE):$(TAG) -f Dockerfile.test .
|
||||
|
||||
scan: build
|
||||
trivy $(TRIVY_OPTS) $(IMAGE):$(TAG)
|
||||
|
||||
push: scan
|
||||
@aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
|
||||
@docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest
|
||||
docker push $(REGISTRY)/$(IMAGE):$(TAG)
|
||||
docker push $(REGISTRY)/$(IMAGE):latest
|
||||
# Delete all untagged images
|
||||
# aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(IMAGE) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)
|
||||
|
||||
clean: rm-test-image rm-image
|
||||
|
||||
.PHONY: rm-image
|
||||
rm-image:
|
||||
@test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || docker image rm -f $(IMAGE):$(TAG) > /dev/null
|
||||
@test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || echo "Error: Removing image failed"
|
||||
|
||||
# Ensure we run the tests by removing any previous runs
|
||||
.PHONY: rm-test-image
|
||||
rm-test-image:
|
||||
@test -z "$$(docker image ls -q $(REPOSITORY):$(TAG)-test)" || docker image rm $(REPOSITORY):$(TAG)-test > /dev/null
|
||||
@test -z "$$(docker image ls -q $(REPOSITORY):$(TAG)-test)" || echo "Error: Removing test image failed"
|
||||
@test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || docker image rm -f $(IMAGE):$(TAG)-test > /dev/null
|
||||
@test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || echo "Error: Removing test image failed"
|
||||
|
||||
build:
|
||||
sed -i -e "s/^__version__ =.*/__version__ = \"$(TAG)\"/" app.py
|
||||
docker build --rm -t $(REPOSITORY):$(TAG) .
|
||||
|
||||
test: build rm-test-image
|
||||
docker build --rm -t $(REPOSITORY):$(TAG)-test \
|
||||
--build-arg REPOSITORY=$(REPOSITORY) \
|
||||
--build-arg TAG=$(TAG) \
|
||||
-f Dockerfile.test .
|
||||
|
||||
scan: build
|
||||
trivy $(TRIVY_OPTS) $(REPOSITORY):$(TAG)
|
||||
|
||||
push: scan
|
||||
aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
|
||||
docker tag $(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest
|
||||
docker push $(REGISTRY)/$(REPOSITORY):$(TAG)
|
||||
docker push $(REGISTRY)/$(REPOSITORY):latest
|
||||
# Delete all untagged images
|
||||
# aws ecr-public batch-delete-image --repository-name $(REPOSITORY) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(REPOSITORY) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)
|
||||
.DEFAULT:
|
||||
@echo "$@ not implemented. NOOP"
|
||||
|
|
|
|||
Loading…
Reference in New Issue