diff --git a/.github/workflows/build-and-deploy-prod.yml b/.github/workflows/build-and-deploy-prod.yml index cd4ad5f5008..f57bafa6af0 100644 --- a/.github/workflows/build-and-deploy-prod.yml +++ b/.github/workflows/build-and-deploy-prod.yml @@ -16,7 +16,12 @@ jobs: name: Build & Deploy Production Docker image if: github.repository == 'PostHog/posthog' runs-on: ubuntu-20.04 + permissions: + contents: read + id-token: write steps: + - name: Set up Depot CLI + uses: depot/setup-action@v1 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: @@ -41,14 +46,24 @@ jobs: # ref: 'master' path: 'deploy/' - - name: Build, tag, and push image to Amazon ECR + - name: Build image + uses: depot/build-push-action@v1 + with: + context: . + file: prod.web.Dockerfile + load: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/posthog-production:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/posthog-production:latest + project: 1stsk4xt19 # posthog-cloud project + + - name: Push image to Amazon ECR id: build-image env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} ECR_REPOSITORY: posthog-production IMAGE_TAG: ${{ github.sha }} run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -f prod.web.Dockerfile . docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" diff --git a/.github/workflows/docker-image-publish.yml b/.github/workflows/docker-image-publish.yml index eb6f22c93fc..4aac51a9103 100644 --- a/.github/workflows/docker-image-publish.yml +++ b/.github/workflows/docker-image-publish.yml @@ -13,6 +13,9 @@ jobs: name: Build Docker images and push them if: github.repository == 'PostHog/posthog' runs-on: ubuntu-20.04 + permissions: + contents: read + id-token: write steps: - name: Checkout default branch uses: actions/checkout@v2 @@ -20,16 +23,10 @@ jobs: - name: Update git sha run: echo "GIT_SHA = '${GITHUB_SHA}'" >posthog/gitsha.py - - name: Set up QEMU - if: github.repository == 'PostHog/posthog' - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - if: github.repository == 'PostHog/posthog' - uses: docker/setup-buildx-action@v1 + - name: Set up Depot CLI + uses: depot/setup-action@v1 - name: Login to DockerHub - if: github.repository == 'PostHog/posthog' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -37,15 +34,13 @@ jobs: - name: Build and push latest id: docker-latest - if: github.repository == 'PostHog/posthog' - uses: docker/build-push-action@v2 + uses: depot/build-push-action@v1 with: context: . push: true tags: posthog/posthog:latest - name: Image digests - if: github.repository == 'PostHog/posthog' run: | echo "Pushed latest: ${{ steps.docker-latest.outputs.digest }}" echo "Pushed dev: ${{ steps.docker-dev.outputs.digest }}" diff --git a/.github/workflows/docker-release-image-publish.yml b/.github/workflows/docker-release-image-publish.yml index a4518cfacd1..4affca91165 100644 --- a/.github/workflows/docker-release-image-publish.yml +++ b/.github/workflows/docker-release-image-publish.yml @@ -10,7 +10,11 @@ on: jobs: build-push: name: Build & push Docker release image + if: github.repository == 'PostHog/posthog' runs-on: ubuntu-20.04 + permissions: + contents: read + id-token: write steps: - name: Checkout default branch uses: actions/checkout@v2 @@ -21,16 +25,10 @@ jobs: - name: Update git SHA run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py - - name: Set up QEMU - if: github.repository == 'PostHog/posthog' - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - if: github.repository == 'PostHog/posthog' - uses: docker/setup-buildx-action@v1 + - name: Set up Depot CLI + uses: depot/setup-action@v1 - name: Login to DockerHub - if: github.repository == 'PostHog/posthog' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -38,8 +36,7 @@ jobs: - name: Build and push release id: docker-release - if: github.repository == 'PostHog/posthog' - uses: docker/build-push-action@v2 + uses: depot/build-push-action@v1 with: context: . push: true @@ -48,6 +45,5 @@ jobs: posthog/posthog:release-${{ env.TAG_NAME }} - name: Image digest - if: github.repository == 'PostHog/posthog' run: | echo "Pushed release: ${{ steps.docker-release.outputs.digest }}" diff --git a/.github/workflows/docker-unstable-image.yml b/.github/workflows/docker-unstable-image.yml index 813a95b0a3e..5fc3dfd1025 100644 --- a/.github/workflows/docker-unstable-image.yml +++ b/.github/workflows/docker-unstable-image.yml @@ -12,6 +12,9 @@ jobs: name: Build & push Docker release image if: github.repository == 'PostHog/posthog' runs-on: ubuntu-20.04 + permissions: + contents: read + id-token: write steps: - name: Checkout default branch uses: actions/checkout@v2 @@ -22,16 +25,10 @@ jobs: - name: Update git SHA run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py - - name: Set up QEMU - if: github.repository == 'PostHog/posthog' - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - if: github.repository == 'PostHog/posthog' - uses: docker/setup-buildx-action@v1 + - name: Set up Depot CLI + uses: depot/setup-depot@v1 - name: Login to DockerHub - if: github.repository == 'PostHog/posthog' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -39,14 +36,12 @@ jobs: - name: Build and push release id: docker-release - if: github.repository == 'PostHog/posthog' - uses: docker/build-push-action@v2 + uses: depot/build-push-action@v1 with: context: . push: true tags: posthog/posthog:${{ env.BRANCH_NAME }}-unstable - name: Image digest - if: github.repository == 'PostHog/posthog' run: | echo "Pushed release: ${{ steps.docker-release.outputs.digest }}" diff --git a/.github/workflows/foss-release-image-publish.yml b/.github/workflows/foss-release-image-publish.yml index 026b0ea60b6..1075bc315c4 100644 --- a/.github/workflows/foss-release-image-publish.yml +++ b/.github/workflows/foss-release-image-publish.yml @@ -12,6 +12,9 @@ jobs: build-push: name: Build & push Docker release image runs-on: ubuntu-20.04 + permissions: + contents: read + id-token: write steps: - name: Checkout default branch if: github.repository == 'PostHog/posthog-foss' @@ -25,13 +28,9 @@ jobs: if: github.repository == 'PostHog/posthog-foss' run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py - - name: Set up QEMU + - name: Set up Depot CLI if: github.repository == 'PostHog/posthog-foss' - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - if: github.repository == 'PostHog/posthog-foss' - uses: docker/setup-buildx-action@v1 + uses: depot/setup-action@v1 - name: Login to DockerHub if: github.repository == 'PostHog/posthog-foss' @@ -43,7 +42,7 @@ jobs: - name: Build and push release if: github.repository == 'PostHog/posthog-foss' id: docker-release - uses: docker/build-push-action@v2 + uses: depot/build-push-action@v1 with: context: . push: true diff --git a/depot.json b/depot.json new file mode 100644 index 00000000000..316dd6ef945 --- /dev/null +++ b/depot.json @@ -0,0 +1 @@ +{ "id": "x19jffd9zf" }