Skip to content

Instantly share code, notes, and snippets.

@ValchanOficial

ValchanOficial/gist:db22f6d3d9919d065c69d32137e991c5

Created May 8, 2025 17:15
Show Gist options
  • Save ValchanOficial/db22f6d3d9919d065c69d32137e991c5 to your computer and use it in GitHub Desktop.
Save ValchanOficial/db22f6d3d9919d065c69d32137e991c5 to your computer and use it in GitHub Desktop.
Download ZIP
[GHA] Pipeline
Raw
gistfile1.txt
name: brev.ly pipeline DockerHub
on:
push:
branches:
- 'main'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4
- name: Login to DockerHub
id: login-docker-hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Generate tag
id: generate-tag
run: |
SHA=$(echo $GITHUB_SHA | head -c7)
echo "sha=$SHA" >> $GITHUB_OUTPUT
- name: Build and push the image to DockerHub
id: build-push-image
env:
DOCKERHUB_REPOSITORY: ${{ vars.DOCKERHUB_REPOSITORY }}
IMAGE_TAG: ${{ steps.generate-tag.outputs.sha }}
run: |
docker build -t $DOCKERHUB_REPOSITORY:$IMAGE_TAG .
docker push $DOCKERHUB_REPOSITORY:$IMAGE_TAG
----------------------------------------------------------------------------------------------
name: brev.ly pipeline ECR
on:
push:
branches:
- 'main'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4
- name: Configure Node
id: configure-node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install pnpm
id: install-pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Install dependencies
id: install-dependencies
run: |
pnpm Install
- name: Configure AWS Credentials
id: configure-aws-credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} # Settings > Security > Secrets and variables > Actions > New repository secret
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_REGION }}
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
# Don't do this:
# - name: Build and push the image to AWS ECR
# id: build-push-image
# run: |
# docker build -t brevly:v3 .
# docker tag brevly:v3 403429280851.dkr.ecr.us-east-2.amazonaws.com/rocketseat/brevly:v3
# docker push 403429280851.dkr.ecr.us-east-2.amazonaws.com/rocketseat/brevly:v
- name: Set up Docker Buildx
id: set-up-docker-buildx
uses: docker/setup-buildx-action@v3
- name: Generate tag # Generate a image tag from the commit hash
id: generate-tag
run: |
SHA=$(echo $GITHUB_SHA | head -c7)
echo "sha=$SHA" >> $GITHUB_OUTPUT
- name: Build and export image
id: build-push-image-test
uses: docker/build-push-action@v6
with:
context: .
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
${{steps.login-ecr.outputs.registry}}/${{ vars.ECR_REPOSITORY }}:test
- name: Run Trivy scanner
id: run-trivy-scanner
uses: aquasecurity/[email protected]
with:
image-ref: '${{steps.login-ecr.outputs.registry}}/${{ vars.ECR_REPOSITORY }}:test'
format: 'table'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
- name: Build and push the image to AWS ECR
id: build-push-image
uses: docker/build-push-action@v6
with:
context: .
push: true
cache-from: type=gha
tags: |
${{steps.login-ecr.outputs.registry}}/${{ vars.ECR_REPOSITORY }}:${{ steps.generate-tag.outputs.sha }}
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} # ECR registry URL
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ steps.generate-tag.outputs.sha }} # Generated image tag
# run: |
# docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment