Aller au contenu

AWS Batch

De Banane Atomic

Compute environment

Job queue

Job definition

ECR image

docker build --file Dockerfile --tag $ECR_REGISTRY/$ECR_REPO_NAME:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPO_NAME:$IMAGE_TAG
github-action.yml 
name: Build push ECR

on:
  workflow_dispatch:
    inputs:
      ENV:
        description: "Target env"
        required: true
        type: choice
        options:
          - "dev"
        default: "dev"
      ECR_REPO_NAME:
        description: "ECR repository name"
        required: true
        type: choice
        options:
          - "cassandre_job"
        default: "cassandre_job"

env:
  AWS_REGION: eu-central-1
  IMAGE_TAG: "latest"

permissions:
  actions: write # This is required to read/write workflows, workflow runs and artifacts.
  contents: write # This is required for actions/checkout and to read/write repository contents, commits, branches, downloads, releases, and merges.
  id-token: write # This is required for requesting the JWT for OIDC. => Checkmarx Issue High : Passwords And Secrets - Generic Token (Query to find passwords and secrets in infrastructure code.) but needed by aws-actions/configure-aws-credentials@v2
  pull-requests: write # This is required to read/write pull requests and related comments, assignees, labels, milestones, and merges.
  security-events: write # This is required for the Checkov composite action to upload report to the GitHub Advanced Security tab

jobs:
  build:
    name: Build, tag and push to ECR
    runs-on: ubuntu-latest
    environment: ${{ inputs.ENV }}

    steps:
      - uses: actions/checkout@v2

      - name: Generate token for GitHub App
        id: generate-token
        uses: getsentry/action-github-app-token@v2.0.0
        with:
          app_id: ${{ secrets.UNIVERSAL_GH_APP_ID_CODE }}
          private_key: ${{ secrets.UNIVERSAL_GH_APP_PRIVATE_KEY_CODE }}

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: ${{ secrets.ASSUME_ROLE }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Build, tag and push image to Amazon ECR
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPO_NAME: ${{ inputs.ECR_REPO_NAME }}
        run: |
          # Build a docker container and push it to ECR so that it can be deployed to ECS.
          docker build --file DockerfileJob --tag $ECR_REGISTRY/$ECR_REPO_NAME:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPO_NAME:$IMAGE_TAG
          echo "image=$ECR_REGISTRY/$ECR_REPO_NAME:$IMAGE_TAG" >> $GITHUB_OUTPUT
Dockerfile 
FROM python:3.10-slim

# install os packages
RUN apt-get update && apt-get upgrade -y && apt-get install -y gcc python3-dev libkrb5-dev && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Copy source code
COPY . .

# Install python packages
RUN pip install -r requirements.txt

# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
CMD [ "python", "/app/main.py", "param1" ]

C# calling example

var submitJobRequest = new SubmitJobRequest
{
    JobName = "job-name",
    JobQueue = "job-queue",
    JobDefinition = "job-definition",
    ContainerOverrides = new ContainerOverrides
    {
        Command = ["python", "/app/main.py", "param1"]
        Command = ["python", "/app/main.py", "Ref::param1"]
    },
    Parameters = new Dictionary<string, string>
    {
        { "param1", "value" }
    }
};

SubmitJobResponse? submitJobResponse = null;
try
{
    submitJobResponse = await amazonBatch.SubmitJobAsync(submitJobRequest);
}
catch (Exception ex)
{
    
}
Récupérée de « http://wiki.bananeatomic.fr/index.php?title=AWS_Batch&oldid=32316 »