name: Build Docker image on: workflow_call: inputs: ecr_repo: required: true type: string dockerfile_path: required: true type: string build_context: required: false default: "." type: string outputs: image_digest: description: "Pushed image digest" value: ${{ jobs.build.outputs.image_digest }} ecr_repo_url: description: "ECR repository URL" value: ${{ jobs.build.outputs.ecr_repo_url }} secrets: AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: required: true AWS_REGION: required: true jobs: build: runs-on: ubuntu-latest outputs: image_digest: ${{ steps.digest.outputs.image_digest }} ecr_repo_url: ${{ steps.repo.outputs.ecr_repo_url }} steps: - uses: actions/checkout@v4 - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - uses: aws-actions/amazon-ecr-login@v2 - name: Resolve ECR repo URL id: repo run: | AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) ECR_REPO_URL="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${{ inputs.ecr_repo }}" echo "Resolved ECR repo URL (local var):" echo "$ECR_REPO_URL" echo "ecr_repo_url=$ECR_REPO_URL" >> "$GITHUB_OUTPUT" - name: Build & push image run: | IMAGE_URI="${{ steps.repo.outputs.ecr_repo_url }}:${GITHUB_SHA}" docker build -f ${{ inputs.dockerfile_path }} -t $IMAGE_URI ${{ inputs.build_context }} docker push $IMAGE_URI - name: Resolve image digest id: digest run: | DIGEST=$(aws ecr describe-images \ --repository-name ${{ inputs.ecr_repo }} \ --image-ids imageTag=${GITHUB_SHA} \ --query 'imageDetails[0].imageDigest' \ --output text) echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"