Skip to content

Commit

Permalink
Fix secrets in reusable workflow deploy-single-docker-image
Browse files Browse the repository at this point in the history 
* Rename secrets, and split up to github repository secret and docker
  registry secret

Signed-off-by: Andreas Heinrich <[email protected]>
  • Loading branch information
@andistorm
andistorm committed Dec 12, 2024
1 parent 022f3c8 commit da2a7cf
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 25 deletions.
41 changes: 24 additions & 17 deletions .github/workflows/deploy-docker-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,9 @@ jobs:
name: Build and push run-env-base docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: ${{ needs.env-setup.outputs.repository_name }}/run-env-base
Expand All @@ -74,10 +75,11 @@ jobs:
name: Build and push build-env-base docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.run-env-base.outputs.rebuild == 'true' }}
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: ${{ needs.env-setup.outputs.repository_name }}/build-env-base
directory: ${{ needs.env-setup.outputs.docker_directory }}/build-env-base
docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
Expand All @@ -97,10 +99,11 @@ jobs:
name: Build and push dev-env-base docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.build-env-base.outputs.rebuild == 'true' }}
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: ${{ needs.env-setup.outputs.repository_name }}/dev-env-base
directory: ${{ needs.env-setup.outputs.docker_directory }}/dev-env-base
docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
Expand All @@ -119,10 +122,11 @@ jobs:
name: Build and push build-kit docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.build-env-base.outputs.rebuild == 'true' }}
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: ${{ needs.env-setup.outputs.repository_name }}/build-kit-base
directory: ${{ needs.env-setup.outputs.docker_directory }}/build-kit-base
docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
Expand All @@ -142,8 +146,9 @@ jobs:
name: Build and push deprecated everest-clang-format docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: everest-clang-format
Expand All @@ -162,8 +167,9 @@ jobs:
name: Build and push deprecated build-kit-alpine docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: build-kit-alpine
Expand All @@ -183,8 +189,9 @@ jobs:
name: Build and push deprecated build-kit-debian docker image
uses: ./.github/workflows/deploy-single-docker-image.yml
secrets:
SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
with:
force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
image_name: build-kit-debian
Expand Down
19 changes: 11 additions & 8 deletions .github/workflows/deploy-single-docker-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,14 @@ on:
description: 'One tag of the deployed image with image name'
value: ${{ jobs.build-and-push.outputs.one_image_tag_long }}
secrets:
SA_GITHUB_PAT:
description: 'Github PAT with access to the repository'
DOCKER_REGISTRY_USERNAME:
description: 'Docker registry username'
required: true
SA_GITHUB_USERNAME:
description: 'Github username'
DOCKER_REGISTRY_PAT:
description: 'Docker registry PAT with access to the repository'
required: true
GITHUB_REPOSITORY_PAT:
description: 'Github repository PAT with access to the repository'
required: true

jobs:
Expand All @@ -83,7 +86,7 @@ jobs:
repository: ${{ github.repository }}
path: source
ref: ${{ inputs.github_ref_after }}
token: ${{secrets.SA_GITHUB_PAT}}
token: ${{secrets.GITHUB_REPOSITORY_PAT}}
fetch-depth: 0
- name: Validate github_ref_before and github_ref_after
if: ${{ inputs.force_rebuild == false }}
Expand Down Expand Up @@ -173,7 +176,7 @@ jobs:
repository: ${{ github.repository }}
path: source
ref: ${{github.ref}}
token: ${{secrets.SA_GITHUB_PAT}}
token: ${{secrets.GITHUB_REPOSITORY_PAT}}
fetch-depth: 0
- name: Get context / Path of Dockerfile
id: get-context
Expand Down Expand Up @@ -215,8 +218,8 @@ jobs:
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
with:
registry: ${{ inputs.docker_registry }}
username: ${{ secrets.SA_GITHUB_USERNAME }}
password: ${{ secrets.SA_GITHUB_PAT }}
username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
password: ${{ secrets.DOCKER_REGISTRY_PAT }}
- name: Build and push
uses: docker/build-push-action@v6
if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
Expand Down

0 comments on commit da2a7cf

Please sign in to comment.