-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add required permission to the action (#105)
* Add required permission to the action * Add ability to provide version from action input * Change input type * Change condition type * Change condition type
- Loading branch information
Showing
1 changed file
with
37 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,50 @@ | ||
| name: Publish Arcane to ECR public registry | ||
| run-name: Deploy ${{github.ref_name}} to public.ecr.aws by @${{ github.actor }} | ||
|
|
||
| on: workflow_dispatch | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| version: | ||
| description: | | ||
| Version number to publish. Defaults to the latest git tag in the repository. | ||
| This version MUST exist in the ghcr.io registry. | ||
| required: false | ||
| default: "current" | ||
|
|
||
| env: | ||
| PROJECT_NAME: Arcane.Operator | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| create_release: | ||
| name: Create Release | ||
| publish_image: | ||
| name: Publish Docker Image to ECR Public | ||
| runs-on: ubuntu-latest | ||
| if: ${{ startsWith(github.ref, 'refs/tags') }} | ||
|
|
||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| steps: | ||
|
|
||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
|
|
||
| - name: Get project version | ||
| uses: SneaksAndData/github-actions/[email protected] | ||
| id: current_version | ||
|
|
||
| - name: Set up variables | ||
| env: | ||
| VERSION: ${{ inputs.version }} | ||
| CURRENT_VERSION: ${{steps.current_version.outputs.version}} | ||
| run: | | ||
| test "$VERSION" == "current" && echo "IMAGE_VERSION=$CURRENT_VERSION" >> ${GITHUB_ENV} || echo "IMAGE_VERSION=$VERSION" >> ${GITHUB_ENV} | ||
| - name: Import AWS Secrets | ||
| uses: hashicorp/[email protected] | ||
| with: | ||
|
|
@@ -39,26 +69,22 @@ jobs: | |
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Login to Amazon ECR Public | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| with: | ||
| registry-type: public | ||
|
|
||
| - name: Get project version | ||
| uses: SneaksAndData/github-actions/[email protected] | ||
| id: version | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=semver,pattern={{version}},value=${{steps.version.outputs.version}} | ||
| type=semver,pattern={{version}},value=${{ env.IMAGE_VERSION }} | ||
| flavor: | ||
| latest=false | ||
|
|
||
| - name: Push image to ECR Public registry | ||
| uses: akhilerm/[email protected] | ||
| with: | ||
|
|
||