ries-lab · nolan1999 · Oct 4, 2025 · Oct 4, 2025 · Oct 4, 2025 · Oct 4, 2025
diff --git a/.github/workflows/publish-version-ecr.yaml b/.github/workflows/publish-version-ecr.yaml
@@ -0,0 +1,117 @@
+name: Publish version to AWS ECR
+
+on:
+  workflow_dispatch:  # manual trigger to publish prod/dev version
+  workflow_run:  # trigger on GH version to publish prod version
+    workflows: ["Publish version to GitHub"]
+    types:
+      - completed
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set version
+        id: set-version
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_run" ]; then
+            POETRY_VERSION=$(grep -E '^requires-poetry = ' pyproject.toml | sed -E 's/requires-poetry = "(.*)"/\1/')
+            pip install poetry==$POETRY_VERSION
+            PROD=true
+            VERSION=$(poetry version -s)
+            REF=refs/tags/$VERSION
+          else
+            REF=$GITHUB_REF
+            if [[ "$GITHUB_REF" == refs/tags/* ]]; then
+              PROD=true
+              VERSION=${GITHUB_REF#refs/tags/}
+            else
+              PROD=false
+              VERSION=dev-${GITHUB_REF#refs/heads/}-${GITHUB_SHA::7}
+            fi
+          fi
+          echo "PROD=$PROD" >> $GITHUB_OUTPUT
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "REF=$REF" >> $GITHUB_OUTPUT
+
+      # on main, we do not want necessarily the latest commit, but the one that was tagged
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ steps.set-version.outputs.REF }}
+          fetch-depth: 0
+
+      - name: Get Python version
+        id: get-python-version
+        run: |
+          pip install toml
+          PYTHON_VERSION=$(python -c 'import scripts.vars; scripts.vars.get_python_version()')
+          echo "PYTHON_VERSION=$PYTHON_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1  # required for Public ECR
+
+      - name: Login to AWS Public ECR
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registry-type: public
+
+      - name: Build and push Docker image
+        id: build-and-push
+        env:
+          VERSION: ${{ steps.set-version.outputs.VERSION }}
+          PROD: ${{ steps.set-version.outputs.PROD }}
+          ECR_REGISTRY: public.ecr.aws/w2b7b8c0
+          ECR_REPOSITORY: decode-cloud/user-api
+          PYTHON_VERSION: ${{ steps.get-python-version.outputs.PYTHON_VERSION }}
+        run: |
+          IMAGE_REF=$ECR_REGISTRY/$ECR_REPOSITORY:$VERSION
+          echo "IMAGE_REF=$IMAGE_REF" >> $GITHUB_OUTPUT
+          if docker manifest inspect $IMAGE_REF > /dev/null 2>&1; then
+            NEW_IMAGE=false
+            echo "Image $IMAGE_REF already exists, nothing pushed" >> $GITHUB_STEP_SUMMARY
+          else
+            NEW_IMAGE=true
+            docker build --build-arg PYTHON_VERSION=$PYTHON_VERSION -t $IMAGE_REF .
+            docker push $IMAGE_REF
+            echo "## 🚀 Published Docker Image: $IMAGE_REF" >> $GITHUB_STEP_SUMMARY
+            if [[ $PROD == "true" ]]; then
+              SET_LATEST=true
+              LATEST_EXISTS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest > /dev/null 2>&1 && echo "true" || echo "false")
+              if [[ $LATEST_EXISTS == "true" ]]; then
+                LATEST_LABELS=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:latest | grep -o '"org.opencontainers.image.version":"[^"]*"' | cut -d'"' -f4 || echo "")
+                if printf '%s\n%s\n' "$LATEST_LABELS" "$VERSION" | sort -V | head -n1 | grep -q "^$VERSION$"; then
+                  SET_LATEST=false
+                fi
+              fi
+              if [[ $SET_LATEST == "true" ]]; then
+                docker tag $IMAGE_REF $ECR_REGISTRY/$ECR_REPOSITORY:latest
+                docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+                echo "Also tagged as: \`$ECR_REGISTRY/$ECR_REPOSITORY:latest\`" >> $GITHUB_STEP_SUMMARY
+              fi
+            fi
+          fi
+          echo "NEW_IMAGE=$NEW_IMAGE" >> $GITHUB_OUTPUT
+
+      - name: Add to GH release
+        if: steps.build-and-push.outputs.NEW_IMAGE == 'true' && steps.set-version.outputs.PROD == 'true'
+        uses: tubone24/update_release@v1.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG_NAME: ${{ steps.set-version.outputs.VERSION }}
+        with:
+          body: "**Published image (AWS ECR Public):** `${{ steps.build-and-push.outputs.IMAGE_REF }}`"
+          is_append_body: true
diff --git a/.github/workflows/publish-version-gh.yaml b/.github/workflows/publish-version-gh.yaml
@@ -0,0 +1,56 @@
+name: Publish version to GitHub
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  create-version:
+    name: Create GH version and tag
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set version
+        id: set-version
+        run: |
+          POETRY_VERSION=$(grep -E '^requires-poetry = ' pyproject.toml | sed -E 's/requires-poetry = "(.*)"/\1/')
+          pip install poetry==$POETRY_VERSION
+          VERSION=$(poetry version -s)
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Check if release exists
+        id: check-release
+        env:
+          VERSION: ${{ steps.set-version.outputs.VERSION }}
+        run: |
+          git fetch --tags
+          if [ -n "$(git tag -l "$VERSION")" ]; then
+            echo "## ⚠️ Tag $VERSION already exists in git. Skipping publish." >> $GITHUB_STEP_SUMMARY
+            echo "skip_publish=true" >> $GITHUB_OUTPUT
+          else
+            echo "skip_publish=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create and push annotated git tag
+        if: steps.check-release.outputs.skip_publish != 'true'
+        env:
+          VERSION: ${{ steps.set-version.outputs.VERSION }}
+        run: |
+          git config user.name "github-actions"
+          git config user.email "github-actions@github.com"
+          git tag -a "$VERSION" -m "Release $VERSION"
+          git push origin "$VERSION"
+
+      - name: Create GitHub release
+        if: steps.check-release.outputs.skip_publish != 'true'
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.set-version.outputs.VERSION }}
+          name: Release ${{ steps.set-version.outputs.VERSION }}
+          generate_release_notes: true
diff --git a/.github/workflows/publish-version.yaml b/.github/workflows/publish-version.yaml
diff --git a/README.md b/README.md
@@ -135,7 +135,7 @@ decode:
           - "--log_path=/files/log"
         env: []
       handler:
-        image_url: "public.ecr.aws/g0e9g3b1/decode:v0_10_1"
+        image_url: "public.ecr.aws/w2b7b8c0/decode:v0_10_1"
         files_down:
           config_id: config
           data_ids: data

diff --git a/application_config.yaml b/application_config.yaml
@@ -11,7 +11,7 @@ decode:
           - "--log_path=/files/log"
         env: []
       handler:
-        image_url: "public.ecr.aws/g0e9g3b1/decode:v0_10_1"
+        image_url: "public.ecr.aws/w2b7b8c0/decode:v0_10_1"
         files_down:
           config_id: config
           data_ids: data
@@ -37,7 +37,7 @@ decode:
           - "--emitter_path=/files/output/emitter.h5"
         env: []
       handler:
-        image_url: "public.ecr.aws/g0e9g3b1/decode:v0_10_1"
+        image_url: "public.ecr.aws/w2b7b8c0/decode:v0_10_1"
         files_down:
           config_id: config
           data_ids: data
@@ -66,7 +66,7 @@ decode:
           - "Paths.trafo=$(find /files/data -name '*_trafo.mat' | head -n 1 | grep . || echo null)"
         env: []
       handler:
-        image_url: "public.ecr.aws/g0e9g3b1/decode:latest"
+        image_url: "public.ecr.aws/w2b7b8c0/decode:latest"
         files_down:
           config_id: config_tmp
           data_ids: data
@@ -94,7 +94,7 @@ comet:
           - " > /files/log/log.log"
         env: []
       handler:
-        image_url: "public.ecr.aws/g0e9g3b1/comet:latest"
+        image_url: "public.ecr.aws/w2b7b8c0/comet:latest"
         files_down:
           config_id: config
           data_ids: data