|
82 | 82 | register: tfapply |
83 | 83 | when: not do_not_terraform |
84 | 84 |
|
85 | | - - name: Retag and promote ECS image (release pipelines only) |
86 | | - # when: pr_number is not defined or pr_number == "" |
| 85 | + - name: Retag ECS image using ECR API (release pipelines only) |
| 86 | + when: lookup('env', 'RELEASE_RELEASEID') | length > 0 |
87 | 87 | vars: |
88 | | - PTL_REG: "{{ PTL_ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com" |
89 | | - PROD_REG: "{{ PROD_ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com" |
90 | | - IMG: "{{ service_id }}_{{ ecs_service[0].name }}" |
91 | | - TAG: "{{ build_label }}" |
| 88 | + # Choose PTL for lower envs, PROD for prod |
| 89 | + TARGET_ACCOUNT: >- |
| 90 | + {{ |
| 91 | + (apigee_environment == "prod") |
| 92 | + | ternary(PROD_ACCOUNT_ID, PTL_ACCOUNT_ID) |
| 93 | + }} |
| 94 | + REPO: "{{ service_id }}_{{ ecs_service[0].name }}" |
| 95 | + OLD: "{{ build_label }}" |
92 | 96 | NEW: "ecs-{{ build_label }}" |
93 | 97 | shell: | |
94 | | - aws ecr get-login-password --region eu-west-2 \ |
95 | | - | docker login --username AWS --password-stdin {{ PTL_REG }} |
96 | | -
|
97 | | - docker pull {{ PTL_REG }}/{{ IMG }}:{{ TAG }} |
98 | | - docker tag {{ PTL_REG }}/{{ IMG }}:{{ TAG }} {{ PTL_REG }}/{{ IMG }}:{{ NEW }} |
99 | | - docker push {{ PTL_REG }}/{{ IMG }}:{{ NEW }} |
100 | | -
|
101 | | - aws ecr get-login-password --region eu-west-2 \ |
102 | | - | docker login --username AWS --password-stdin {{ PROD_REG }} |
103 | | -
|
104 | | - docker tag {{ PTL_REG }}/{{ IMG }}:{{ NEW }} {{ PROD_REG }}/{{ IMG }}:{{ NEW }} |
105 | | - docker push {{ PROD_REG }}/{{ IMG }}:{{ NEW }} |
| 98 | + # 1. Fetch manifest from the SAME account (PTL for lower envs, PROD for prod) |
| 99 | + MANIFEST=$(aws ecr batch-get-image \ |
| 100 | + --region eu-west-2 \ |
| 101 | + --registry-id {{ TARGET_ACCOUNT }} \ |
| 102 | + --repository-name {{ REPO }} \ |
| 103 | + --image-ids imageTag={{ OLD }} \ |
| 104 | + --query 'images[0].imageManifest' \ |
| 105 | + --output text) |
| 106 | +
|
| 107 | + # Safety check: ensure the base tag exists |
| 108 | + if [ -z "$MANIFEST" ]; then |
| 109 | + echo "ERROR: Tag {{ OLD }} does not exist in account {{ TARGET_ACCOUNT }}" |
| 110 | + exit 1 |
| 111 | + fi |
| 112 | +
|
| 113 | + # 2. Write the new tag into the SAME account |
| 114 | + aws ecr put-image \ |
| 115 | + --region eu-west-2 \ |
| 116 | + --registry-id {{ TARGET_ACCOUNT }} \ |
| 117 | + --repository-name {{ REPO }} \ |
| 118 | + --image-tag {{ NEW }} \ |
| 119 | + --image-manifest "$MANIFEST" |
106 | 120 | args: |
107 | 121 | executable: /bin/bash |
108 | 122 |
|
|
0 commit comments