Skip to content

break out ecs task role #23

break out ecs task role

break out ecs task role #23

Workflow file for this run

on:
push:
branches:
- installer
workflow_dispatch:
jobs:
doIt:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: setupPython
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: setupSam
uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}
- name: getCreds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "arn:aws:iam::934778205429:role/jaxGithubActionsRole"
aws-region: us-east-2
- name: runTests
run: |
pip install -r lambda/tests/requirements.txt
PYTHONPATH=${GITHUB_WORKSPACE}/lambda/src/common/python:$PYTHONPATH pytest -s -vvv lambda/tests/
- name: installCore
id: install-core
env:
SUBNETS: "subnet-3ffe7854,subnet-b3b296ff,subnet-e1c63a9c"
VPC_ID: "vpc-00cb556b"
run: |
export SOURCE_VERSION=$(git describe --tags)
export UNIQIFIER=$(date | md5sum | head -c 16)
sam build -b ./build -s . -t cloudformation/bc_core.yaml
sam deploy \
--template-file build/template.yaml \
--stack-name bayerclaw2-core \
--resolve-s3 \
--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
--no-fail-on-empty-changeset \
--tags "bclaw:version=${SOURCE_VERSION}" \
--parameter-overrides \
AmiId=auto \
CompilerMacroName=BC2_Compiler \
ExistingBatchSubscriptionFilter=none \
GpuAmiId=auto \
InstallationName=bayerclaw2 \
LauncherBucketName=default \
LogRetentionDays=30 \
MaxvCpus=256 \
MinvCpus=0 \
RootVolumeSize=50 \
ScratchVolumeSize=100 \
SecurityGroups=auto \
SourceVersion=${SOURCE_VERSION} \
Subnets=${SUBNETS} \
Uniqifier=${UNIQIFIER} \
VpcId=${VPC_ID}
echo "runner_image_tag=$(aws cloudformation describe-stacks --query "Stacks[?StackName=='bayerclaw2-core'][].Outputs[?OutputKey=='RunnerImageUri'].OutputValue" --output text)" >> $GITHUB_OUTPUT
- name: loginToEcr
id: login-to-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: buildRunner
working-directory: bclaw_runner
env:
DOCKER_BUILDKIT: 1
RUNNER_IMAGE_TAG: ${{ steps.install-core.outputs.runner_image_tag }}
run: |
docker build --target test -f Dockerfile.alpine "."
docker build --target build -t ${RUNNER_IMAGE_TAG} -f Dockerfile.alpine "."
docker push ${RUNNER_IMAGE_TAG} || true