diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml index 0e82e576b..9bd78ea3e 100644 --- a/.github/workflows/aws_deploy.yml +++ b/.github/workflows/aws_deploy.yml @@ -22,6 +22,10 @@ on: release_tag: required: false type: string + ref: + required: false + type: string + default: "" concurrency: group: deploy-${{ inputs.environment }}${{ inputs.concurrency_tag }} @@ -42,6 +46,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref || github.sha }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -53,16 +59,19 @@ jobs: id: ecr-login uses: aws-actions/amazon-ecr-login@v2 + - name: Resolve commit SHA + run: echo "commit_sha=${{ inputs.ref || github.sha }}" >> $GITHUB_ENV + - name: Check if image with tag already exists run: | - echo "image-exists=$(if aws ecr describe-images --repository-name=$repository --image-ids imageTag=${{ github.sha }} > /dev/null 2>&1; then echo true; else echo false; fi)" >> $GITHUB_ENV + echo "image-exists=$(if aws ecr describe-images --repository-name=$repository --image-ids imageTag=${{ env.commit_sha }} > /dev/null 2>&1; then echo true; else echo false; fi)" >> $GITHUB_ENV - name: Build, tag, and push docker image to ECR if there is no image, failing for releases id: build-image if: ${{ env.image-exists == 'false' }} env: registry: ${{ steps.ecr-login.outputs.registry }} - commit_tag: ${{ github.sha }} + commit_tag: ${{ env.commit_sha }} run: | if [[ ${{ inputs.environment }} == 'production' ]]; then echo "Error: Deployment to production environment is not allowed as there is no docker image (i.e. the AWS deploy on staging was unsuccessful for this commit)." @@ -100,7 +109,7 @@ jobs: id: update-image-tags env: registry: ${{ steps.ecr-login.outputs.registry }} - commit_tag: ${{ github.sha }} + commit_tag: ${{ inputs.ref || github.sha }} readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }} run: | manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) diff --git a/.github/workflows/review_pipeline.yml b/.github/workflows/review_pipeline.yml index 307aa0381..5c89d91e3 100644 --- a/.github/workflows/review_pipeline.yml +++ b/.github/workflows/review_pipeline.yml @@ -19,17 +19,26 @@ jobs: runs-on: ubuntu-latest outputs: pr_number: ${{ steps.get_pr_details.outputs.pr_number }} + pr_head_sha: ${{ steps.get_pr_details.outputs.pr_head_sha }} steps: - - name: Get PR number + - name: Get PR number and HEAD SHA id: get_pr_details uses: actions/github-script@v7 with: script: | + let prNumber; if (context.eventName === 'workflow_dispatch') { - core.setOutput('pr_number', '${{ inputs.pr_number }}'); + prNumber = '${{ inputs.pr_number }}'; } else { - core.setOutput('pr_number', context.issue.number.toString()); + prNumber = context.issue.number.toString(); } + core.setOutput('pr_number', prNumber); + const { data: pr } = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: parseInt(prNumber), + }); + core.setOutput('pr_head_sha', pr.head.sha); infra: name: Deploy review app infrastructure @@ -51,6 +60,7 @@ jobs: aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }} concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }} environment: review + ref: ${{ needs.get_pr_details.outputs.pr_head_sha }} permissions: id-token: write