Skip to content

Commit 0c38597

Browse files
authored
VED-1152: Skip redundant Docker builds and enabling layer caching (#1383)
* Refactor Lambda deployment workflow to optimize image build process. Introduced a build metadata preparation step to check for existing images before building and pushing, enhancing efficiency. Updated ECR login and Docker build steps to conditionally execute based on the presence of existing images, improving deployment reliability. * Update Docker Buildx action version in Lambda deployment workflow to improve build consistency. * Update Docker Buildx action version in Lambda deployment workflow to ensure compatibility and improve build reliability. * Update description for build_image parameter in Lambda deployment workflow to improve clarity. * Change to test build * Update Lambda deployment workflow to disable provenance for Docker image builds and improve docstring clarity in batch processor. * Refactor Lambda deployment workflow to streamline image build conditions. Removed unnecessary variables and simplified logic for determining whether to build a new image based on existing image digest. Updated Docker build and ECR login steps to enhance efficiency and reliability. * chore: empty commit * Update AWS actions in Lambda deployment workflow to latest versions for improved security and functionality. * Add support for multi-platform builds by specifying target platform in Docker deployment
1 parent 97854c4 commit 0c38597

File tree

1 file changed

+61
-28
lines changed

1 file changed

+61
-28
lines changed

.github/workflows/deploy-lambda-artifact.yml

Lines changed: 61 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ on:
1616
required: true
1717
type: string
1818
build_image:
19-
description: Force a fresh build and publish
19+
description: Force a fresh build and publish.
2020
required: false
2121
type: boolean
2222
default: false
@@ -190,16 +190,9 @@ jobs:
190190
191191
echo "deployment_mode=${deployment_mode}" >> "$GITHUB_OUTPUT"
192192
193-
- name: Login to Amazon ECR
194-
id: login-ecr
193+
- name: Prepare build metadata
194+
id: build-check
195195
if: ${{ steps.decide.outputs.deployment_mode == 'build' }}
196-
uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78
197-
198-
- name: Build, publish and emit digest manifest
199-
id: build
200-
if: ${{ steps.decide.outputs.deployment_mode == 'build' }}
201-
env:
202-
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
203196
run: |
204197
set -euo pipefail
205198
@@ -208,10 +201,15 @@ jobs:
208201
GIT_TAG="${TAG_PREFIX}git-${SHORT_SHA}"
209202
REL_TAG="${TAG_PREFIX}rel-${RELEASE_STAMP}"
210203
211-
IMAGE_URI_GIT="${ECR_REGISTRY}/${ECR_REPOSITORY}:${GIT_TAG}"
212-
IMAGE_URI_REL="${ECR_REGISTRY}/${ECR_REPOSITORY}:${REL_TAG}"
204+
REPOSITORY_URI="$(
205+
aws ecr describe-repositories \
206+
--repository-names "${ECR_REPOSITORY}" \
207+
--region "${AWS_REGION}" \
208+
--query 'repositories[0].repositoryUri' \
209+
--output text
210+
)"
213211
214-
IMAGE_DIGEST="$(
212+
EXISTING_IMAGE_DIGEST="$(
215213
aws ecr describe-images \
216214
--repository-name "${ECR_REPOSITORY}" \
217215
--region "${AWS_REGION}" \
@@ -220,29 +218,64 @@ jobs:
220218
--output text 2>/dev/null || true
221219
)"
222220
223-
if [ -z "${IMAGE_DIGEST}" ] || [ "${IMAGE_DIGEST}" = "None" ]; then
224-
docker build -f "${DOCKERFILE_PATH}" -t "${IMAGE_URI_GIT}" -t "${IMAGE_URI_REL}" "${DOCKER_CONTEXT_PATH}"
225-
docker push "${IMAGE_URI_GIT}"
226-
docker push "${IMAGE_URI_REL}"
221+
if [ "${EXISTING_IMAGE_DIGEST}" = "None" ]; then
222+
EXISTING_IMAGE_DIGEST=""
223+
fi
227224
228-
IMAGE_DIGEST="$(
229-
aws ecr describe-images \
230-
--repository-name "${ECR_REPOSITORY}" \
231-
--region "${AWS_REGION}" \
232-
--image-ids imageTag="${GIT_TAG}" \
233-
--query 'imageDetails[0].imageDigest' \
234-
--output text
235-
)"
236-
else
225+
echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT"
226+
echo "release_tag=${REL_TAG}" >> "$GITHUB_OUTPUT"
227+
echo "repository_uri=${REPOSITORY_URI}" >> "$GITHUB_OUTPUT"
228+
echo "existing_image_digest=${EXISTING_IMAGE_DIGEST}" >> "$GITHUB_OUTPUT"
229+
230+
- name: Login to Amazon ECR
231+
id: login-ecr
232+
if: ${{ steps.decide.outputs.deployment_mode == 'build' && !steps.build-check.outputs.existing_image_digest }}
233+
uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78
234+
235+
- name: Set up Docker Buildx
236+
if: ${{ steps.decide.outputs.deployment_mode == 'build' && !steps.build-check.outputs.existing_image_digest }}
237+
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
238+
239+
- name: Build and publish image with layer caching
240+
id: build-image
241+
if: ${{ steps.decide.outputs.deployment_mode == 'build' && !steps.build-check.outputs.existing_image_digest }}
242+
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8
243+
with:
244+
context: ${{ env.DOCKER_CONTEXT_PATH }}
245+
file: ${{ env.DOCKERFILE_PATH }}
246+
platforms: linux/amd64
247+
push: true
248+
provenance: false
249+
tags: |
250+
${{ steps.build-check.outputs.repository_uri }}:${{ steps.build-check.outputs.git_tag }}
251+
${{ steps.build-check.outputs.repository_uri }}:${{ steps.build-check.outputs.release_tag }}
252+
cache-from: type=gha,scope=${{ env.ECR_REPOSITORY }}
253+
cache-to: type=gha,mode=max,scope=${{ env.ECR_REPOSITORY }}
254+
255+
- name: Emit build digest manifest
256+
id: build
257+
if: ${{ steps.decide.outputs.deployment_mode == 'build' }}
258+
env:
259+
REPOSITORY_URI: ${{ steps.build-check.outputs.repository_uri }}
260+
GIT_TAG: ${{ steps.build-check.outputs.git_tag }}
261+
REL_TAG: ${{ steps.build-check.outputs.release_tag }}
262+
EXISTING_IMAGE_DIGEST: ${{ steps.build-check.outputs.existing_image_digest }}
263+
BUILT_IMAGE_DIGEST: ${{ steps.build-image.outputs.digest }}
264+
run: |
265+
set -euo pipefail
266+
267+
IMAGE_DIGEST="${BUILT_IMAGE_DIGEST:-${EXISTING_IMAGE_DIGEST}}"
268+
269+
if [ -n "${EXISTING_IMAGE_DIGEST}" ] && [ -z "${BUILT_IMAGE_DIGEST}" ]; then
237270
echo "Immutable tag '${GIT_TAG}' already exists. Reusing existing image digest."
238271
fi
239272
240-
if [ -z "${IMAGE_DIGEST}" ] || [ "${IMAGE_DIGEST}" = "None" ]; then
273+
if [ -z "${IMAGE_DIGEST}" ]; then
241274
echo "Unable to resolve image digest for tag '${GIT_TAG}'."
242275
exit 1
243276
fi
244277
245-
IMAGE_URI_PINNED="${ECR_REGISTRY}/${ECR_REPOSITORY}@${IMAGE_DIGEST}"
278+
IMAGE_URI_PINNED="${REPOSITORY_URI}@${IMAGE_DIGEST}"
246279
echo "image_version=${GIT_TAG}" >> "$GITHUB_OUTPUT"
247280
echo "image_digest=${IMAGE_DIGEST}" >> "$GITHUB_OUTPUT"
248281
echo "image_uri=${IMAGE_URI_PINNED}" >> "$GITHUB_OUTPUT"

0 commit comments

Comments
 (0)