fix: add DH login step to all jobs that pull images

ethyca · Oct 14, 2024 · 21119d9 · 21119d9
1 parent e2d8b63
commit 21119d9
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 6 deletions.
diff --git a/.github/workflows/backend_checks.yml b/.github/workflows/backend_checks.yml
@@ -15,6 +15,9 @@ on:
 env:
   IMAGE: ethyca/fides:local
   DEFAULT_PYTHON_VERSION: "3.10.13"
+  # Docker auth with read-only permissions.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+  DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }}
 
 jobs:
   ###############
@@ -143,6 +146,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run Performance Tests
         run: nox -s performance_tests
 
@@ -178,8 +187,8 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_RO_TOKEN }}
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
 
       - name: Run test suite
         run: nox -s check_container_startup
@@ -219,6 +228,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run test suite
         run: nox -s "${{ matrix.test_selection }}"
 
@@ -262,6 +277,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run test suite
         run: nox -s "pytest(${{ matrix.test_selection }})"
 
@@ -302,6 +323,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run external test suite
         run: nox -s "pytest(ctl-external)"
         env:
@@ -342,6 +369,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Integration Tests (External)
         env:
           BIGQUERY_DATASET: fidesopstest
@@ -419,6 +452,12 @@ jobs:
           role: ${{ secrets.VAULT_ROLE }}
           exportToken: True
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: SaaS Connector Tests
         env:
           VAULT_ADDR: ${{ secrets.VAULT_ADDR }}

diff --git a/.github/workflows/cypress_e2e.yml b/.github/workflows/cypress_e2e.yml
@@ -11,6 +11,10 @@ on:
 
 env:
   CI: true
+  env:
+  # Docker auth with read-only permissions.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+  DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }}
 
 jobs:
   Cypress-E2E:
@@ -33,8 +37,8 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_RO_TOKEN }}
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
 
       - name: Start test environment in the background
         run: nox -s "fides_env(test)" -- keep_alive

diff --git a/.github/workflows/publish_docker.yaml b/.github/workflows/publish_docker.yaml
@@ -8,7 +8,8 @@ on:
       - "*"
 
 env:
-  DOCKER_USER: ethycaci
+  # Docker auth with read-write (publish) permissions. Set as env in workflow root as auth is required in multiple jobs.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
   DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
 
 jobs:
@@ -71,7 +72,7 @@ jobs:
           fetch-depth: 0 # This is required to properly tag images
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ env.DOCKER_USER }}
           password: ${{ env.DOCKER_TOKEN }}