6464 permissions :
6565 id-token : write
6666 contents : read
67+ outputs :
68+ recordprocessor_image_tag : ${{ steps.build-image.outputs.recordprocessor_image_tag || steps.resolve-image-tag.outputs.recordprocessor_image_tag }}
6769 name : Build and push recordprocessor image
6870 runs-on : ubuntu-latest
6971
7981 uses : actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
8082
8183 - name : Connect to AWS
82- if : ${{ inputs.build_recordprocessor_image }}
8384 uses : aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
8485 with :
8586 aws-region : eu-west-2
9293 uses : aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076
9394
9495 - name : Build and push Docker image
96+ id : build-image
9597 if : ${{ inputs.build_recordprocessor_image }}
9698 env :
9799 ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
@@ -100,16 +102,38 @@ jobs:
100102 IMAGE_TAG="${SUB_ENVIRONMENT}-${GITHUB_SHA}"
101103 REPOSITORY_NAME="imms-recordprocessor-repo"
102104 IMAGE_URI="${ECR_REGISTRY}/${REPOSITORY_NAME}:${IMAGE_TAG}"
103- LATEST_IMAGE_URI="${ECR_REGISTRY}/${REPOSITORY_NAME}:latest"
104105
105106 docker build -f recordprocessor/Dockerfile -t "${IMAGE_URI}" .
106107 docker push "${IMAGE_URI}"
107- docker tag "${IMAGE_URI}" "${LATEST_IMAGE_URI}"
108- docker push "${LATEST_IMAGE_URI}"
108+ echo "recordprocessor_image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
109109
110- name : Skip image build
110+ name : Resolve latest matching recordprocessor image tag
111+ id : resolve-image-tag
111112 if : ${{ !inputs.build_recordprocessor_image }}
112- run : echo "No recordprocessor changes detected and no manual override provided. Skipping image build."
113+ env :
114+ REPOSITORY_NAME : imms-recordprocessor-repo
115+ TAG_PREFIX : ${{ inputs.sub_environment }}-
116+ run : |
117+ IMAGE_TAG=$(
118+ aws ecr describe-images \
119+ --repository-name "${REPOSITORY_NAME}" \
120+ --region "${AWS_REGION}" \
121+ --filter tagStatus=TAGGED \
122+ --query 'sort_by(imageDetails,&imagePushedAt)[*].imageTags[*]' \
123+ --output text \
124+ | tr '\t' '\n' \
125+ | grep "^${TAG_PREFIX}" \
126+ | tail -n1 || true
127+ )
128+
129+ if [ -z "${IMAGE_TAG}" ]; then
130+ echo "No existing recordprocessor image found for prefix '${TAG_PREFIX}'."
131+ echo "Trigger a run with build_recordprocessor_image=true to build one."
132+ exit 1
133+ fi
134+
135+ echo "Using existing recordprocessor image tag: ${IMAGE_TAG}"
136+ echo "recordprocessor_image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
113137
114138terraform-plan :
115139 permissions :
@@ -118,7 +142,7 @@ jobs:
118142 needs : build-and-push-recordprocessor
119143 runs-on : ubuntu-latest
120144 env :
121- TF_VAR_recordprocessor_image_tag : ${{ inputs.build_recordprocessor_image && format('{0}-{1}', inputs.sub_environment, github.sha) || 'latest' }}
145+ TF_VAR_recordprocessor_image_tag : ${{ needs.build-and-push-recordprocessor.outputs.recordprocessor_image_tag }}
122146 environment :
123147 name : ${{ inputs.environment }}
124148 steps :
@@ -160,7 +184,7 @@ jobs:
160184 needs : terraform-plan
161185 runs-on : ubuntu-latest
162186 env :
163- TF_VAR_recordprocessor_image_tag : ${{ inputs.build_recordprocessor_image && format('{0}-{1}', inputs.sub_environment, github.sha) || 'latest' }}
187+ TF_VAR_recordprocessor_image_tag : ${{ needs.build-and-push-recordprocessor.outputs.recordprocessor_image_tag }}
164188 environment :
165189 name : ${{ inputs.environment }}
166190 steps :
0 commit comments