diff --git a/.github/workflows/backend_checks.yml b/.github/workflows/backend_checks.yml index dfd45c9371c..03faece087b 100644 --- a/.github/workflows/backend_checks.yml +++ b/.github/workflows/backend_checks.yml @@ -15,6 +15,9 @@ on: env: IMAGE: ethyca/fides:local DEFAULT_PYTHON_VERSION: "3.10.13" + # Docker auth with read-only permissions. + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }} jobs: ############### @@ -143,6 +146,12 @@ jobs: - name: Install Nox run: pip install nox>=2022 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: Run Performance Tests run: nox -s performance_tests @@ -178,8 +187,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_RO_TOKEN }} + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} - name: Run test suite run: nox -s check_container_startup @@ -219,6 +228,12 @@ jobs: - name: Install Nox run: pip install nox>=2022 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: Run test suite run: nox -s "${{ matrix.test_selection }}" @@ -262,6 +277,12 @@ jobs: - name: Install Nox run: pip install nox>=2022 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: Run test suite run: nox -s "pytest(${{ matrix.test_selection }})" @@ -302,6 +323,12 @@ jobs: - name: Install Nox run: pip install nox>=2022 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: Run external test suite run: nox -s "pytest(ctl-external)" env: @@ -342,6 +369,12 @@ jobs: - name: Install Nox run: pip install nox>=2022 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: Integration Tests (External) env: BIGQUERY_DATASET: fidesopstest @@ -419,6 +452,12 @@ jobs: role: ${{ secrets.VAULT_ROLE }} exportToken: True + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} + - name: SaaS Connector Tests env: VAULT_ADDR: ${{ secrets.VAULT_ADDR }} diff --git a/.github/workflows/cypress_e2e.yml b/.github/workflows/cypress_e2e.yml index 2e40901b89b..952e4fc46dd 100644 --- a/.github/workflows/cypress_e2e.yml +++ b/.github/workflows/cypress_e2e.yml @@ -11,6 +11,10 @@ on: env: CI: true + env: + # Docker auth with read-only permissions. + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }} jobs: Cypress-E2E: @@ -33,8 +37,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_RO_TOKEN }} + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_RO_TOKEN }} - name: Start test environment in the background run: nox -s "fides_env(test)" -- keep_alive diff --git a/.github/workflows/publish_docker.yaml b/.github/workflows/publish_docker.yaml index 3c6a951c676..943f0514ccf 100644 --- a/.github/workflows/publish_docker.yaml +++ b/.github/workflows/publish_docker.yaml @@ -8,7 +8,8 @@ on: - "*" env: - DOCKER_USER: ethycaci + # Docker auth with read-write (publish) permissions. Set as env in workflow root as auth is required in multiple jobs. + DOCKER_USER: ${{ secrets.DOCKER_USER }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} jobs: @@ -71,7 +72,7 @@ jobs: fetch-depth: 0 # This is required to properly tag images - name: Login to DockerHub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ env.DOCKER_USER }} password: ${{ env.DOCKER_TOKEN }}