|
17 | 17 | env: |
18 | 18 | REGISTRY: ghcr.io |
19 | 19 | IMAGE_PREFIX: ${{ github.repository }} |
20 | | - ECR_REGISTRY: 524473328983.dkr.ecr.us-west-2.amazonaws.com |
21 | | - ECR_IMAGE_PREFIX: nemoclaw-community |
22 | 20 |
|
23 | 21 | permissions: |
24 | 22 | contents: read |
@@ -246,79 +244,4 @@ jobs: |
246 | 244 | cache-from: type=gha,scope=${{ matrix.sandbox }} |
247 | 245 | cache-to: type=gha,mode=max,scope=${{ matrix.sandbox }} |
248 | 246 |
|
249 | | - # --------------------------------------------------------------------------- |
250 | | - # Publish images to ECR (re-tag from GHCR, no rebuild required) |
251 | | - # --------------------------------------------------------------------------- |
252 | | - publish-ecr: |
253 | | - name: Publish to ECR |
254 | | - needs: [detect-changes, build-base, build] |
255 | | - if: | |
256 | | - always() && |
257 | | - github.ref == 'refs/heads/main' && |
258 | | - needs.detect-changes.result == 'success' && |
259 | | - (needs.build-base.result == 'success' || needs.build-base.result == 'skipped') && |
260 | | - (needs.build.result == 'success' || needs.build.result == 'skipped') |
261 | | - runs-on: ubuntu-latest |
262 | | - env: |
263 | | - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} |
264 | | - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
265 | | - AWS_DEFAULT_REGION: us-west-2 |
266 | | - steps: |
267 | | - - name: Lowercase image prefix |
268 | | - id: repo |
269 | | - run: | |
270 | | - echo "image_prefix=${IMAGE_PREFIX,,}" >> "$GITHUB_OUTPUT" |
271 | | - echo "short_sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" |
272 | | -
|
273 | | - - name: Set up Docker Buildx |
274 | | - uses: docker/setup-buildx-action@v3 |
275 | | - |
276 | | - - name: Log in to GHCR |
277 | | - uses: docker/login-action@v3 |
278 | | - with: |
279 | | - registry: ${{ env.REGISTRY }} |
280 | | - username: ${{ github.actor }} |
281 | | - password: ${{ secrets.GITHUB_TOKEN }} |
282 | | - |
283 | | - - name: Log in to ECR |
284 | | - run: aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} |
285 | | - |
286 | | - - name: Copy base image to ECR |
287 | | - if: needs.detect-changes.outputs.base-changed == 'true' |
288 | | - run: | |
289 | | - set -euo pipefail |
290 | | - GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/base" |
291 | | - ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/base" |
292 | | - SHORT_SHA="${{ steps.repo.outputs.short_sha }}" |
293 | | -
|
294 | | - echo "Copying ${GHCR_IMAGE}:${SHORT_SHA} -> ${ECR_IMAGE}:${SHORT_SHA}" |
295 | | - docker buildx imagetools create \ |
296 | | - -t "${ECR_IMAGE}:${SHORT_SHA}" \ |
297 | | - "${GHCR_IMAGE}:${SHORT_SHA}" |
298 | | -
|
299 | | - echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
300 | | - docker buildx imagetools create \ |
301 | | - -t "${ECR_IMAGE}:latest" \ |
302 | | - "${GHCR_IMAGE}:latest" |
303 | | -
|
304 | | - - name: Copy sandbox images to ECR |
305 | | - if: needs.detect-changes.outputs.sandboxes != '[]' |
306 | | - run: | |
307 | | - set -euo pipefail |
308 | | - SANDBOXES='${{ needs.detect-changes.outputs.sandboxes }}' |
309 | | - SHORT_SHA="${{ steps.repo.outputs.short_sha }}" |
310 | | -
|
311 | | - for SANDBOX in $(echo "$SANDBOXES" | jq -r '.[]'); do |
312 | | - GHCR_IMAGE="${{ env.REGISTRY }}/${{ steps.repo.outputs.image_prefix }}/sandboxes/${SANDBOX}" |
313 | | - ECR_IMAGE="${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_PREFIX }}/sandboxes/${SANDBOX}" |
314 | | -
|
315 | | - echo "Copying ${GHCR_IMAGE}:${SHORT_SHA} -> ${ECR_IMAGE}:${SHORT_SHA}" |
316 | | - docker buildx imagetools create \ |
317 | | - -t "${ECR_IMAGE}:${SHORT_SHA}" \ |
318 | | - "${GHCR_IMAGE}:${SHORT_SHA}" |
319 | 247 |
|
320 | | - echo "Copying ${GHCR_IMAGE}:latest -> ${ECR_IMAGE}:latest" |
321 | | - docker buildx imagetools create \ |
322 | | - -t "${ECR_IMAGE}:latest" \ |
323 | | - "${GHCR_IMAGE}:latest" |
324 | | - done |
0 commit comments