Push images to ECR from CI

Author: colto

.github/workflows/ci.yml

@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: ["main"]
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   backend-build:
     name: Backend Build (Spring Boot)
@@ -86,3 +90,65 @@ jobs:
           context: ./frontend
           push: false
           tags: cloudpulse-frontend:ci
+
+  backend-ecr-push:
+    name: Push Backend Image to ECR
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push backend
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/cloudpulse-backend:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/cloudpulse-backend:latest
+
+  frontend-ecr-push:
+    name: Push Frontend Image to ECR
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push frontend
+        uses: docker/build-push-action@v6
+        with:
+          context: ./frontend
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/cloudpulse-frontend:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/cloudpulse-frontend:latest

documentation/progress-log.md

@@ -36,4 +36,8 @@
 
 - Added GitHub Actions CI workflow
 - Workflow builds backend (Maven) and frontend (Vite)
-- Verified CI runs successfully on push
+- Verified CI runs successfully on push
+
+- Updated GitHub Actions CI to build backend Docker image
+- Updated GitHub Actions CI to build frontend Docker image
+- Verified Docker builds succeed in CI

documentation/roadmap.md

@@ -28,4 +28,5 @@
 
 ## Phase 4 (CI/CD)
 - [x] GitHub Actions build/test
+- [x] CI builds Docker images
 - [ ] GitHub Actions deploy