impl buildspec.yml

packages/app/docker/codebuild/buildspec-image.yml

@@ -2,16 +2,28 @@ version: 0.2
 env:
   variables:
     DOCKER_BUILDKIT: 1
+    IMAGE_NAME: weseek/growi
+    TAG_VERSION: latest
+    TAG_SUFFIX: amd64
+  secrets-manager:
+    DOCKER_REGISTRY_PASSWORD: growi/buildspec-secrets:DOCKER_REGISTRY_PASSWORD
+    DOCKER_REGISTRY_ON_GITHUB_PASSWORD: growi/buildspec-secrets:DOCKER_REGISTRY_ON_GITHUB_PASSWORD
 phases:
   pre_build:
     commands:
-      - aws ecr get-login-password | docker login --username AWS --password-stdin $IMAGE_HOST
+      # login to docker.io
+      - echo ${DOCKER_REGISTRY_PASSWORD} | docker login --username wsmoogle --password-stdin
+      # login to ghcr.io
+      - echo ${DOCKER_REGISTRY_ON_GITHUB_PASSWORD} | docker login --username wsmoogle --password-stdin ghcr.io
   build:
     commands:
-      - export IMAGE_TAG="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION:-latest}${TAG_SUFFIX:+-}${TAG_SUFFIX}"
-      - docker build -t $IMAGE_TAG .
+      - export IMAGE_TAG="${IMAGE_NAME}:${TAG_VERSION}.BUILD.${CODEBUILD_BUILD_NUMBER}${TAG_SUFFIX+-}${TAG_SUFFIX}"
+      - export IMAGE_TAG_GHCR="ghcr.io/${IMAGE_NAME}:${TAG_VERSION}.BUILD.${CODEBUILD_BUILD_NUMBER}${TAG_SUFFIX+-}${TAG_SUFFIX}"
+      - docker build -t $IMAGE_TAG -f ./packages/app/docker/Dockerfile .
+      - docker tag $IMAGE_TAG $IMAGE_TAG_GHCR
 
   post_build:
     commands:
       - docker push $IMAGE_TAG
+      - docker push $IMAGE_TAG_GHCR
       

packages/app/docker/codebuild/buildspec-manifest.yml

@@ -2,20 +2,22 @@ version: 0.2
 env:
   variables:
     IMAGE_HOST: ''
-    IMAGE_NAME: example
+    IMAGE_NAME: weseek/growi
     TAG_VERSION: latest
+    SECRETS_JSON_KEY: DOCKER_REGISTRY_PASSWORD # DOCKER_REGISTRY_PASSWORD or DOCKER_REGISTRY_ON_GITHUB_PASSWORD
+  secrets-manager:
+    DOCKER_REGISTRY_PASSWORD: growi/buildspec-secrets:${SECRETS_JSON_KEY}
 phases:
   pre_build:
     commands:
-      - aws ecr get-login-password | docker login --username AWS --password-stdin $IMAGE_HOST
-      - export IMAGE_TAG="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION:-latest}"
-      - export IMAGE_TAG_AMD64="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION:-latest}-amd64"
-      - export IMAGE_TAG_ARM64="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION:-latest}-arm64"
+      - echo ${DOCKER_REGISTRY_PASSWORD} | docker login --username wsmoogle --password-stdin ${IMAGE_HOST}
   build:
     commands:
+      - export IMAGE_TAG="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION}"
+      - export IMAGE_TAG_AMD64="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION}.BUILD.${CODEBUILD_BUILD_NUMBER}-amd64"
+      - export IMAGE_TAG_ARM64="${IMAGE_HOST}${IMAGE_HOST:+/}${IMAGE_NAME}:${TAG_VERSION}.BUILD.${CODEBUILD_BUILD_NUMBER}-arm64"
       - docker manifest create $IMAGE_TAG $IMAGE_TAG_AMD64 $IMAGE_TAG_ARM64
 
   post_build:
     commands:
-      - docker manifest push $IMAGE_TAG
-      
+      - docker manifest push $IMAGE_TAG

packages/app/docker/codebuild/buildspec.yml

@@ -2,20 +2,37 @@ version: 0.2
 batch:
   fast-fail: true
   build-graph:
+    # build
     - identifier: build_amd64
       buildspec: buildspec-image.yml
       env:
         image: aws/codebuild/standard:6.0
         privileged-mode: true
         type: LINUX_CONTAINER
+        variables:
+          TAG_SUFFIX: amd64
     - identifier: build_arm64
       buildspec: buildspec-image.yml
       env:
         image: aws/codebuild/standard:6.0
         privileged-mode: true
         type: ARM_CONTAINER
-    - identifier: create_manifest
+        variables:
+          TAG_SUFFIX: arm64
+    # create manifest
+    - identifier: create_manifest_dockerhub
       buildspec: buildspec-manifest.yml
+      env:
+        variables:
+          SECRETS_JSON_KEY: DOCKER_REGISTRY_PASSWORD
+      depend-on:
+        - build_amd64
+        - build_arm64
+    - identifier: create_manifest_ghcr
+      buildspec: buildspec-manifest.yml
+      env:
+        variables:
+          SECRETS_JSON_KEY: DOCKER_REGISTRY_ON_GITHUB_PASSWORD
       depend-on:
         - build_amd64
         - build_arm64