key-transparency-server/.github/workflows/push.yml

name: Build and push Docker image

on:
  release:
    types: [published]

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: write

    steps:
      - name: Checkout main project
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
        with:
          role-to-assume: ${{ vars.AWS_IAM_ROLE }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Login to ECR
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        with:
          registry: ${{ vars.ECR_REGISTRY }}

      - name: Set up Go
        id: setup-go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version-file: go.mod

      - name: Set up JDK
        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
        with:
          distribution: 'temurin'
          java-version-file: ./filter-key-updates/.java-version
          cache: 'maven'

      - name: Test Go
        run: go test ./...

      - name: Build and push the Docker image of the KT server
        run: |
          docker build . --file docker/Dockerfile --build-arg GO_VERSION=${{ steps.setup-go.outputs.go-version }} \
            --tag "${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPO }}:${GITHUB_REF_NAME}"
          docker push "${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPO }}:${GITHUB_REF_NAME}"          

      - name: Build filter key updates lambda artifact
        working-directory: ./filter-key-updates
        run: |
          ./mvnw -e -B verify -Djgitver.use-version=${{ github.ref_name }}          

      - name: Upload filter key updates artifact to S3
        working-directory: ./filter-key-updates
        run: aws s3 cp target/filter-key-updates-lambda-${{ github.ref_name }}.jar s3://${{ vars.S3_BUCKET }}/${{ vars.S3_BUCKET_KEY }}/