|
18 | 18 | - '.env.example' |
19 | 19 | - '.github/workflows/**' |
20 | 20 | workflow_dispatch: |
21 | | - workflow_run: |
22 | | - workflows: ["Run pytest"] |
23 | | - types: |
24 | | - - completed |
| 21 | + # workflow_run: |
| 22 | + # workflows: ["Run pytest"] |
| 23 | + # types: |
| 24 | + # - completed |
25 | 25 |
|
26 | 26 | env: |
27 | 27 | REGISTRY_URL: ${{ vars.REGISTRY_URL }} |
|
30 | 30 | jobs: |
31 | 31 | push_to_registry: |
32 | 32 | name: Push Docker image to container registry |
33 | | - if: | |
34 | | - (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))) || |
35 | | - (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') |
36 | 33 | runs-on: ubuntu-latest |
37 | 34 | strategy: |
38 | 35 | matrix: |
39 | 36 | dockerfile: [Dockerfile] |
40 | 37 | concurrency: |
41 | | - group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.event.workflow_run.head_branch || github.ref }} |
| 38 | + # group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.event.workflow_run.head_branch || github.ref }} |
| 39 | + group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.head_ref || github.ref }} |
42 | 40 | cancel-in-progress: true |
43 | 41 | permissions: |
44 | 42 | packages: write |
45 | 43 | contents: read |
46 | 44 | actions: read |
| 45 | + id-token: write |
47 | 46 | steps: |
48 | 47 | - name: Check out the repo |
49 | 48 | uses: actions/checkout@v4 |
50 | 49 |
|
| 50 | + - name: Set password by container registry |
| 51 | + run: | |
| 52 | + case "${{ env.REGISTRY_URL }}" in |
| 53 | + "ghcr.io") |
| 54 | + echo "REGISTRY_PASS=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV |
| 55 | + ;; |
| 56 | + "*.dkr.ecr.*.amazonaws.com") |
| 57 | + echo "Using AWS ECR - will authenticate in a separate step" >> $GITHUB_STEP_SUMMARY |
| 58 | + ;; |
| 59 | + "gcr.io") |
| 60 | + echo "Using GCR - will authenticate in a separate step" >> $GITHUB_STEP_SUMMARY |
| 61 | + ;; |
| 62 | + *) |
| 63 | + if [ -n "${{ secrets.REGISTRY_PASS }}" ]; then |
| 64 | + echo "REGISTRY_PASS=${{ secrets.REGISTRY_PASS }}" >> $GITHUB_ENV |
| 65 | + else |
| 66 | + echo "REGISTRY_PASS secret is not set and registry is not recognized. Exiting..." |
| 67 | + exit 1 |
| 68 | + fi |
| 69 | + ;; |
| 70 | + esac |
| 71 | +
|
| 72 | + - name: Configure AWS Credentials |
| 73 | + if: contains(env.REGISTRY_URL, '.dkr.ecr.') |
| 74 | + uses: aws-actions/configure-aws-credentials@v4 |
| 75 | + with: |
| 76 | + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} |
| 77 | + aws-region: ${{ secrets.AWS_REGION }} |
| 78 | + |
| 79 | + - name: Login to Amazon ECR |
| 80 | + if: contains(env.REGISTRY_URL, '.dkr.ecr.') |
| 81 | + id: login-ecr |
| 82 | + uses: aws-actions/amazon-ecr-login@v2 |
| 83 | + |
| 84 | + - name: Authenticate to Google Cloud |
| 85 | + if: env.REGISTRY_URL == 'gcr.io' |
| 86 | + uses: google-github-actions/auth@v2 |
| 87 | + with: |
| 88 | + credentials_json: ${{ secrets.GCP_SA_KEY }} |
| 89 | + |
51 | 90 | - name: Log into container registry |
| 91 | + if: > |
| 92 | + env.REGISTRY_URL != '*.dkr.ecr.*.amazonaws.com' |
| 93 | + && env.REGISTRY_URL != 'gcr.io' |
52 | 94 | uses: docker/login-action@v3 |
53 | 95 | with: |
54 | 96 | registry: ${{ env.REGISTRY_URL }} |
55 | | - username: ${{ github.repository_owner }} |
56 | | - password: ${{ secrets.GITHUB_TOKEN }} |
| 97 | + username: ${{ env.REGISTRY_USER }} |
| 98 | + password: ${{ env.REGISTRY_PASS }} |
57 | 99 |
|
58 | 100 | - name: Extract image name from Dockerfile |
59 | 101 | id: image_name |
|
0 commit comments