build-push.yaml

name: "Build & Push"

on:
  push:
    branches:
      - "main"
    tags:
      - "*"
    paths:
      - "packages/**"
      - "!packages/*/scripts/**"
      - ".github/workflows/build-push.yaml"

jobs:
  build_push_image:
    name: ${{ matrix.image_name }}
    runs-on: ubuntu-latest
    environment: dev
    permissions:
      contents: read
      id-token: write
    strategy:
      fail-fast: false
      matrix:
        include:
          - image_name: catalog-process
            dockerfile_path: packages/catalog-process
          - image_name: catalog-readmodel-writer
            dockerfile_path: packages/catalog-readmodel-writer
          - image_name: agreement-process
            dockerfile_path: packages/agreement-process
          - image_name: agreement-readmodel-writer
            dockerfile_path: packages/agreement-readmodel-writer
          - image_name: tenant-process
            dockerfile_path: packages/tenant-process
          - image_name: tenant-readmodel-writer
            dockerfile_path: packages/tenant-readmodel-writer
          - image_name: purpose-process
            dockerfile_path: packages/purpose-process
          - image_name: purpose-readmodel-writer
            dockerfile_path: packages/purpose-readmodel-writer
          - image_name: attribute-registry-process
            dockerfile_path: packages/attribute-registry-process
          - image_name: attribute-registry-readmodel-writer
            dockerfile_path: packages/attribute-registry-readmodel-writer
          - image_name: authorization-updater
            dockerfile_path: packages/authorization-updater
          - image_name: notifier-seeder
            dockerfile_path: packages/notifier-seeder
          - image_name: eservice-descriptors-archiver
            dockerfile_path: packages/eservice-descriptors-archiver
          - image_name: agreement-email-sender
            dockerfile_path: packages/agreement-email-sender
          - image_name: authorization-process
            dockerfile_path: packages/authorization-process
          - image_name: client-readmodel-writer
            dockerfile_path: packages/client-readmodel-writer
          - image_name: key-readmodel-writer
            dockerfile_path: packages/key-readmodel-writer
          - image_name: backend-for-frontend
            dockerfile_path: packages/backend-for-frontend
          - image_name: api-gateway
            dockerfile_path: packages/api-gateway
          - image_name: agreement-outbound-writer
            dockerfile_path: packages/agreement-outbound-writer
          - image_name: catalog-outbound-writer
            dockerfile_path: packages/catalog-outbound-writer
          - image_name: purpose-outbound-writer
            dockerfile_path: packages/purpose-outbound-writer
          - image_name: tenant-outbound-writer
            dockerfile_path: packages/tenant-outbound-writer
          - image_name: compute-agreements-consumer
            dockerfile_path: packages/compute-agreements-consumer
          - image_name: selfcare-onboarding-consumer
            dockerfile_path: packages/selfcare-onboarding-consumer
          - image_name: producer-key-events-writer
            dockerfile_path: packages/producer-key-events-writer
          - image_name: producer-key-readmodel-writer
            dockerfile_path: packages/producer-key-readmodel-writer
          - image_name: producer-keychain-readmodel-writer
            dockerfile_path: packages/producer-keychain-readmodel-writer
          - image_name: one-trust-notices
            dockerfile_path: packages/one-trust-notices

    steps:
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
        with:
          aws-region: ${{ vars.AWS_REGION }}
          role-to-assume: ${{ vars.IAM_ROLE_ARN }}
          role-session-name: be-monorepo-build-push-${{ github.run_number }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2

      - name: (latest) Docker metadata
        id: meta_latest
        if: ${{ github.ref_type == 'branch' }}
        uses: docker/metadata-action@60a0d343a0d8a18aedee9d34e62251f752153bdb
        with:
          images: ${{ steps.login-ecr.outputs.registry }}/interop-be-${{ matrix.image_name }}
          flavor: |
            latest=false
            prefix=
            suffix=
          tags: |
            type=raw,value=2.x-latest

      - name: (tag) Docker metadata
        id: meta_tag
        if: ${{ github.ref_type == 'tag' }}
        uses: docker/metadata-action@60a0d343a0d8a18aedee9d34e62251f752153bdb
        with:
          images: ${{ steps.login-ecr.outputs.registry }}/interop-be-${{ matrix.image_name }}
          flavor: |
            latest=false
            prefix=
            suffix=
          tags: |
            type=ref,event=tag

      - name: Build and push Docker image
        id: build_push
        uses: docker/build-push-action@a8d35412fb758de9162fd63e3fa3f0942bdedb4d
        with:
          context: .
          file: ${{ matrix.dockerfile_path }}/Dockerfile
          push: true
          tags: ${{ github.ref_type == 'branch' && steps.meta_latest.outputs.tags || steps.meta_tag.outputs.tags }}
          labels: ${{ github.ref_type == 'branch' && steps.meta_latest.outputs.labels || steps.meta_tag.outputs.labels }}