diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 2cc1f19b51..e80e11f891 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -150,15 +150,15 @@ jobs: - id: api-version uses: ./.github/actions/get-app-version with: - project-path: app/api + project-path: app/api infra/docker/api - id: selfserve-version uses: ./.github/actions/get-app-version with: - project-path: app/selfserve + project-path: app/selfserve infra/docker/selfserve - id: internal-version uses: ./.github/actions/get-app-version with: - project-path: app/internal + project-path: app/internal infra/docker/internal - id: assets-version uses: ./.github/actions/get-app-version with: @@ -238,7 +238,7 @@ jobs: project: ${{ matrix.project }} version: ${{ needs.get-version.outputs[matrix.project] }} app-artefact-name: ${{ matrix.project}} - should-upload-artefact-to-ecr: true + push: true permissions: contents: read id-token: write diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3f41cf340c..eaae1944cc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -140,15 +140,15 @@ jobs: - id: api-version uses: ./.github/actions/get-app-version with: - project-path: app/api + project-path: app/api infra/docker/api - id: selfserve-version uses: ./.github/actions/get-app-version with: - project-path: app/selfserve + project-path: app/selfserve infra/docker/selfserve - id: internal-version uses: ./.github/actions/get-app-version with: - project-path: app/internal + project-path: app/internal infra/docker/internal - id: assets-version uses: ./.github/actions/get-app-version with: @@ -227,7 +227,7 @@ jobs: project: ${{ matrix.project }} version: ${{ needs.get-version.outputs[matrix.project] }} app-artefact-name: ${{ matrix.project}} - should-upload-artefact-to-ecr: false + push: false permissions: contents: read id-token: write diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 58dc1b7ef1..3a6f98d23c 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -15,7 +15,7 @@ on: app-artefact-name: type: string required: true - should-upload-artefact-to-ecr: + push: type: boolean required: true default: false @@ -28,7 +28,7 @@ env: WORKING_DIR: infra/docker/${{ inputs.project }} REGISTRY: 054614622558.dkr.ecr.eu-west-1.amazonaws.com REGISTRY_MIRROR: ghcr.io - AWS_OIDC_ROLE: ${{ vars[format('ACCOUNT_nonprod_TF_OIDC{0}_ROLE', (inputs.should-upload-artefact-to-ecr && '' || '_READONLY'))] || (inputs.should-upload-artefact-to-ecr && vars.TF_OIDC_ROLE || vars.TF_OIDC_READONLY_ROLE) }} + AWS_OIDC_ROLE: ${{ vars[format('ACCOUNT_nonprod_TF_OIDC{0}_ROLE', (inputs.push && '' || '_READONLY'))] || (inputs.push && vars.TF_OIDC_ROLE || vars.TF_OIDC_READONLY_ROLE) }} AWS_REGION: ${{ vars.TF_AWS_REGION }} jobs: @@ -46,7 +46,7 @@ jobs: dockerfile: ${{ env.WORKING_DIR }}/Dockerfile build: - name: Build ${{ inputs.should-upload-artefact-to-ecr && 'and push to ECR' || '' }} + name: Build ${{ inputs.push && 'and push' || '' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -75,20 +75,20 @@ jobs: type=raw,value=latest - name: Configure AWS credentials - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ env.AWS_OIDC_ROLE }} aws-region: ${{ env.AWS_REGION }} - name: Login to ECR - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} - name: Login to GHCR - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY_MIRROR }} @@ -96,30 +96,30 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Untag existing latest image in ECR - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} run: | aws ecr batch-delete-image --repository-name vol-app/${{ inputs.project }} --image-ids imageTag=latest - - name: Build ${{ inputs.should-upload-artefact-to-ecr && 'and push ' || '' }}Docker image + - name: Build ${{ inputs.push && 'and push ' || '' }}Docker image id: build-and-push uses: docker/build-push-action@v5 with: context: ${{ env.WORKING_DIR }} platforms: linux/amd64,linux/arm64 - push: ${{ inputs.should-upload-artefact-to-ecr }} + push: ${{ inputs.push }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Setup Notation CLI - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} uses: notaryproject/notation-action/setup@v1 with: version: "1.1.0" - name: Sign artefact - if: ${{ inputs.should-upload-artefact-to-ecr }} + if: ${{ inputs.push }} uses: notaryproject/notation-action/sign@v1 with: plugin_name: com.amazonaws.signer.notation.plugin