Build multi-platform docker images on release

.github/workflows/continuous-integration.yml

@@ -10,11 +10,18 @@ on:
 
 env:
   IS_TAG_BUILD: ${{ startsWith(github.event.ref, 'refs/tags') }}
+  DEV_REPOSITORY: 329710836760.dkr.ecr.us-east-1.amazonaws.com/rasa-sdk-dev
+  AWS_REGION: us-east-1
 
 # SECRETS
 # - PYPI_TOKEN: publishing token for amn41 account, needs to be maintainer of
 #               RasaHQ/rasa-sdk on pypi (account credentials in 1password)
 
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+
 jobs:
   quality:
     name: Code Quality
@@ -128,204 +135,34 @@ jobs:
         with:
           dockerfile: "Dockerfile"
 
-  build_docker_image_set_env:
-    name: Prepare environment for Docker build
-    runs-on: ubuntu-22.04
-    outputs:
-      # Tag name used for intermediate images created during Docker image builds, e.g. 3886 - a PR number
-      image_tag: ${{ steps.set_output.outputs.image_tag }}
-      # Return 'true' if tag version is equal or higher than the latest tagged rasa-sdk version
-      is_newest_version: ${{ steps.rasa_sdk_get_version.outputs.is_newest_version }}
-    steps:
-      # Due to an issue with checking out a wrong commit, we make sure
-      # to checkout HEAD commit for a pull request.
-      # More details: https://github.com/actions/checkout/issues/299
-      - name: Checkout pull request HEAD commit instead of merge commit 🕝
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-        if: github.event_name == 'pull_request'
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Checkout git repository 🕝
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-        if: github.event_name != 'pull_request'
-
-      # Set environment variables for a pull request
-      #
-      # In this scenario, we've created a PR #1234
-      #
-      # Example output:
-      # IMAGE_TAG=1234
-      - name: Set environment variables - pull_request
-        if: github.event_name == 'pull_request' && env.IS_TAG_BUILD == 'false'
-        run: |
-          echo "IMAGE_TAG=${{ github.event.number }}" >> $GITHUB_ENV
-
-      # Set environment variables for a tag
-      #
-      # In this scenario, we've pushed the '2.4.1' tag
-      #
-      # Example output:
-      # IMAGE_TAG=2.4.1
-      - name: Set environment variables - push - tag
-        if: github.event_name == 'push' && env.IS_TAG_BUILD == 'true'
-        run: |
-          TAG_NAME=${GITHUB_REF#refs/tags/}
-          echo "IMAGE_TAG=${TAG_NAME}" >> $GITHUB_ENV
-
-      # Set environment variables for a branch
-      #
-      # In this scenario, we've pushed changes into the main branch
-      #
-      # Example output:
-      # IMAGE_TAG=main
-      - name: Set environment variables - push - branch
-        if: github.event_name == 'push' && env.IS_TAG_BUILD == 'false'
-        run: |
-          BRANCH_NAME=${GITHUB_REF#refs/heads/}
-          echo "IMAGE_TAG=${BRANCH_NAME}" >> $GITHUB_ENV
-
-      - name: Set output
-        id: set_output
-        run: |
-          echo "image_tag=${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT
-
-      - name: Check if tag version is equal or higher than the latest tagged rasa-sdk version
-        id: rasa_sdk_get_version
-        if: env.IS_TAG_BUILD == 'true'
-        run: |
-          # Get latest tagged rasa-sdk version
-          git fetch --depth=1 origin "+refs/tags/*:refs/tags/*"
-          # Fetch branch history
-          git fetch --prune --unshallow
-          LATEST_TAGGED_NON_ALPHA_RASA_SDK_VERSION=$(git tag | sort -r -V | grep -E "^[0-9.]+$" | head -n1)
-          CURRENT_TAG=${GITHUB_REF#refs/tags/}
-          # Return 'true' if tag version is equal or higher than the latest tagged rasa-sdk version
-          IS_NEWEST_VERSION=$((printf '%s\n%s\n' "${LATEST_TAGGED_NON_ALPHA_RASA_SDK_VERSION}" "$CURRENT_TAG" \
-            | sort -V -C && echo true || echo false) || true)
-
-
-          if [[ "${IS_NEWEST_VERSION}" == "true" && "$CURRENT_TAG" =~ ^[0-9.]+$ ]]; then
-            echo "is_newest_version=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_newest_version=false" >> $GITHUB_OUTPUT
-          fi
-
-  build_docker_image:
-    name: Build Docker image
+  rasa-sdk-dev-docker-image:
+    name: Build dev Docker image
     runs-on: ubuntu-22.04
-    needs: [quality, test, docker_linter, build_docker_image_set_env]
 
     steps:
-      # Due to an issue with checking out a wrong commit, we make sure
-      # to checkout HEAD commit for a pull request.
-      # More details: https://github.com/actions/checkout/issues/299
-      - name: Checkout pull request HEAD commit instead of merge commit 🕝
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-        if: github.event_name == 'pull_request'
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Checkout git repository 🕝
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-        if: github.event_name != 'pull_request'
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v3.0.1
         with:
-          version: v0.5.1
-          driver: docker
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
+          aws-region: ${{ env.AWS_REGION }}
 
-      - name: Set environment variables
-        run: |
-          echo "IMAGE_TAG=${{ needs.build_docker_image_set_env.outputs.image_tag }}" >> $GITHUB_ENV
-
-      - name: Login to Docker Hub Registry 🔢
-        if: github.event_name == 'push' && env.IS_TAG_BUILD == 'true' && github.repository == 'RasaHQ/rasa-sdk'
-        run: echo ${{ secrets.DOCKER_HUB_PASSWORD }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin || true
-
-      - name: Build and Push Docker image 📦
-        if: github.event_name == 'push' && env.IS_TAG_BUILD == 'true' && github.repository == 'RasaHQ/rasa-sdk'
-        run: |
-          IS_NEWEST_VERSION=${{ needs.build_docker_image_set_env.outputs.is_newest_version }}
-
-          # Push image
-          IMAGE_TAG=${IMAGE_TAG} docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker-bake.hcl default --push
-
-          # Tag the image as latest
-          if [[ "${IS_NEWEST_VERSION}" == "true" ]]; then
-            docker tag rasa/rasa-sdk:${IMAGE_TAG} rasa/rasa-sdk:latest
-            docker push rasa/rasa-sdk:latest
-          fi
-
-  deploy:
-    name: Deploy to PyPI
-    runs-on: ubuntu-22.04
-
-    # deploy will only be run when there is a tag available
-    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
-    needs: [quality, test, build_docker_image] # only run after all other stages succeeded
-
-    steps:
-      - name: Checkout git repository 🕝
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-
-      - name: Set up Python 3.10 🐍
-        uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
         with:
-          python-version: '3.10'
+          mask-password: "true"
 
-      - name: Read Poetry Version 🔢
-        run: |
-          echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
-        shell: bash
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
 
-      - name: Install poetry 🦄
-        uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844
-        with:
-          poetry-version: ${{ env.POETRY_VERSION }}
-
-      - name: Build ⚒️ Distributions
-        run: poetry build
-
-      - name: Publish to PyPI 📦
-        uses: pypa/gh-action-pypi-publish@bea5cda687c2b79989126d589ef4411bedce0195
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
-          skip_existing: true
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c  # v3.1.0
 
-      - name: Publish Release Notes 🗞
-        if: env.IS_TAG_BUILD
-        env:
-          GITHUB_TAG: ${{ github.ref }}
-          GITHUB_REPO_SLUG: ${{ github.repository }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push docker image to AWS
         run: |
-          GITHUB_TAG=${GITHUB_TAG/refs\/tags\//}
-          sudo apt-get update
-          sudo apt-get -y install pandoc
-          pip install -U github3.py pep440_version_utils
-          python3 ${GITHUB_WORKSPACE}/scripts/publish_gh_release_notes.py
-
-      - name: Get RASA SDK Version
-        env:
-          RASA_SDK_VERSION: ${{ github.ref }}
-        run: |
-          echo "RASA_SDK_VERSION=${RASA_SDK_VERSION/refs\/tags\//}" >> $GITHUB_ENV
-
-      - name: Notify Slack 💬
-        if: env.IS_TAG_BUILD && success()
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ASSISTANT_RELEASE_WEBHOOK }}
-        uses: Ilshidur/[email protected]
-        with:
-          args: "⚡ New *Rasa SDK* version ${{ env.RASA_SDK_VERSION }} has been released! Changelog: https://github.com/RasaHQ/rasa-sdk/blob/${{ env.RASA_SDK_VERSION }}/CHANGELOG.mdx"
-
-      - name: Notify Slack of Failure ⛔
-        if: env.IS_TAG_BUILD && failure()
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_RELEASE_ASSISTANT_DEV_TRIBE_WEBHOOK }}
-        uses: Ilshidur/[email protected]
-        with:
-          args: "⛔️ *Rasa SDK* version ${{ env.RASA_SDK_VERSION }} could not be released 😱 GitHub Actions: https://github.com/RasaHQ/rasa-sdk/actions?query=branch%3A${{ env.RASA_SDK_VERSION }}"
+          IMAGE_NAME=${{ env.DEV_REPOSITORY }} \
+          IMAGE_TAG=pr${{ github.event.number }} \
+          make build-and-push-multi-platform-docker

.github/workflows/pr-cleanup.yml

@@ -0,0 +1,51 @@
+name: CI On Pull Request Closure
+on:
+  pull_request:
+    types: [closed]
+
+env:
+  AWS_REGION: us-east-1
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+jobs:  
+  aws-ecr:
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    name: Delete PR Docker Images
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 #v3.0.1
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d #v1.6
+        with:
+          mask-password: "true"
+
+      - name: Remove docker images from all ECR repositories
+        run: |
+          REPO_NAMES=("rasa-sdk-dev")
+          SEARCH_STRING="pr${{ github.event.number }}"
+          # Iterate through each repository
+          for REPO_NAME in "${REPO_NAMES[@]}"
+          do
+            # List all image tags in the repository that match the search string
+            # Escape empty strings and null character
+            IMAGES=$(aws ecr list-images --repository-name $REPO_NAME --query "imageIds[?imageTag!=null&&imageTag!=''&&contains(imageTag, '$SEARCH_STRING')].imageTag" --output text)
+
+            # Print the image tags
+            echo "Images to be deleted in repository $REPO_NAME:"
+            echo "$IMAGES"
+            # Delete each image by its tag
+            for IMAGE in $IMAGES
+            do
+              aws ecr batch-delete-image --repository-name $REPO_NAME --image-ids imageTag=$IMAGE
+            done
+          done

.github/workflows/rasa-sdk-dev-docker-image.yml → .github/workflows/pr-merged.yml

@@ -1,11 +1,9 @@
-name: Create Dev Docker Images
+name: Pull Request Merged to Main
 
 on:
-  schedule:
-    # Run cron job at 8AM Monday to Sunday.
-    - cron: '0 8 * * *'
-  workflow_dispatch:
-  pull_request:
+  push:
+    branches:
+      - main
 
 env:
   AWS_REGION: us-east-1
@@ -21,18 +19,13 @@ permissions:
 
 jobs:
   rasa-sdk-dev-docker-image:
-    name: rasa-sdk dev docker image
+    name: Build Dev Docker Image and Push to AWS
     runs-on: ubuntu-22.04
 
     steps:
       - name: Check out code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Read Poetry Version 🔢
-        run: |
-          echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
-        shell: bash
-
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v3.0.1
         with:
@@ -45,11 +38,14 @@ jobs:
         with:
           mask-password: "true"
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c
-        with:
-          version: v0.5.1
+        uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c  # v3.1.0
 
       - name: Build and push docker image to AWS
         run: |
-          docker buildx bake --set *.platform=linux/amd64,linux/arm64 --set default.tags=$REPOSITORY:latest --push
+          IMAGE_NAME=${{ env.REPOSITORY }} \
+          IMAGE_TAG=latest \
+          make build-and-push-multi-platform-docker