name: Build Docker image on: workflow_call: inputs: ecr_repo: description: "ECR repository name" required: true type: string dockerfile_path: description: "Path to Dockerfile" required: true type: string build_context: description: "Docker build context directory" required: false default: "." type: string outputs: image_digest: description: "Pushed image digest (sha256:...)" value: ${{ jobs.build.outputs.image_digest }} ecr_repo_url: description: "ECR repository URL (no tag, no digest)" value: ${{ jobs.build.outputs.ecr_repo_url }} secrets: AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: required: true AWS_REGION: required: true jobs: build: runs-on: ubuntu-latest outputs: image_digest: ${{ steps.digest.outputs.image_digest }} ecr_repo_url: ${{ steps.repo.outputs.ecr_repo_url }} steps: - uses: actions/checkout@v4 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - name: Login to ECR uses: aws-actions/amazon-ecr-login@v2 - name: Resolve ECR repo URL id: repo run: | AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) ECR_REPO_URL="${AWS_ACCOUNT_ID}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ inputs.ecr_repo }}" echo "ecr_repo_url=$ECR_REPO_URL" >> "$GITHUB_OUTPUT" - name: Build & push image run: | IMAGE_TAG=${GITHUB_SHA} IMAGE_URI="${{ steps.repo.outputs.ecr_repo_url }}:${IMAGE_TAG}" docker build \ -f ${{ inputs.dockerfile_path }} \ -t $IMAGE_URI \ ${{ inputs.build_context }} docker push $IMAGE_URI - name: Resolve image digest id: digest run: | DIGEST=$(aws ecr describe-images \ --repository-name ${{ inputs.ecr_repo }} \ --image-ids imageTag=${GITHUB_SHA} \ --query 'imageDetails[0].imageDigest' \ --output text) echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"