Reenable forked image publishing

Signed-off-by: Derek Nola <[email protected]>
rancher · Oct 29, 2024 · 0eced1a · 0eced1a
1 parent d0627f2
commit 0eced1a
Showing 1 changed file with 15 additions and 8 deletions.
diff --git a/.github/workflows/hardened-ci.yml b/.github/workflows/hardened-ci.yml
@@ -57,6 +57,8 @@ jobs:
       id-token: write # needed for the Vault authentication
     if: github.event_name == 'release' && github.event.action == 'created'
     runs-on: ubuntu-latest
+    env:
+      REGISTRY: ${{ github.repository_owner }}
     steps:
     - name: Check out code
       uses: actions/checkout@v4
@@ -94,51 +96,56 @@ jobs:
         password: ${{ secrets.DOCKER_TOKEN }}
 
     - name: Build Base Image
-      env:
-        REGISTRY: ${{ github.repository_owner }}
       run: ./scripts/build-base-image
 
     - name: Build Binaries
-      env:
-        REGISTRY: ${{ github.repository_owner }}
       run: ./scripts/build-binary
 
     - name: Setup tags
       run: |
         source ./scripts/version
         echo "TAG=$TAG" >> $GITHUB_ENV
         echo "PKG=$PKG" >> $GITHUB_ENV
-        echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV
         echo "NGINX_TAG=$NGINX_TAG" >> $GITHUB_ENV
         echo "BASE_IMAGE=$BASE_IMAGE" >> $GITHUB_ENV
 
+    - name: Setup Docker Credentials
+      if: github.repository_owner != 'rancher'
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      run: |
+        echo "DOCKER_USERNAME=$DOCKER_USERNAME" >> $GITHUB_ENV
+        echo "DOCKER_TOKEN=$DOCKER_TOKEN" >> $GITHUB_ENV
+    
     - name: Build and push controller image
       uses: rancher/ecm-distro-tools/actions/publish-image@master
       with:
         image: nginx-ingress-controller
         tag: ${{ github.event.release.tag_name }}
         make-target: push-image
-        public-repo: rancher
+        public-repo: ${{ env.REGISTRY }}
         public-username: ${{ env.DOCKER_USERNAME }}
         public-password: ${{ env.DOCKER_TOKEN }}
 
         prime-repo: rancher
         prime-registry: ${{ env.PRIME_REGISTRY }}
         prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
         prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
-
+        push-to-prime: ${{ github.repository_owner == 'rancher' }}
 
     - name: Build and push controller chroot image
       uses: rancher/ecm-distro-tools/actions/publish-image@master
       with:
         image: nginx-ingress-controller-chroot
         tag: ${{ github.event.release.tag_name }}
         make-target: push-chroot-image
-        public-repo: rancher
+        public-repo: ${{ env.REGISTRY }}
         public-username: ${{ env.DOCKER_USERNAME }}
         public-password: ${{ env.DOCKER_TOKEN }}
 
         prime-repo: rancher
         prime-registry: ${{ env.PRIME_REGISTRY }}
         prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
         prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
+        push-to-prime: ${{ github.repository_owner == 'rancher' }}