From da2a7cf4e4313742f56a24f53bc448f94bee4e2f Mon Sep 17 00:00:00 2001
From: Andreas Heinrich <andreas.heinrich@rwth-aachen.de>
Date: Thu, 12 Dec 2024 12:38:24 +0100
Subject: [PATCH] Fix secrets in reusable workflow deploy-single-docker-image

* Rename secrets, and split up to github repository secret and docker
  registry secret

Signed-off-by: Andreas Heinrich <andreas.heinrich@rwth-aachen.de>
---
 .github/workflows/deploy-docker-images.yml    | 41 +++++++++++--------
 .../workflows/deploy-single-docker-image.yml  | 19 +++++----
 2 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/deploy-docker-images.yml b/.github/workflows/deploy-docker-images.yml
index 79853af..754471a 100644
--- a/.github/workflows/deploy-docker-images.yml
+++ b/.github/workflows/deploy-docker-images.yml
@@ -54,8 +54,9 @@ jobs:
     name: Build and push run-env-base docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
       force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: ${{ needs.env-setup.outputs.repository_name }}/run-env-base
@@ -74,10 +75,11 @@ jobs:
     name: Build and push build-env-base docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
-      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.run-env-base.outputs.rebuild == 'true' }}
+      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: ${{ needs.env-setup.outputs.repository_name }}/build-env-base
       directory: ${{ needs.env-setup.outputs.docker_directory }}/build-env-base
       docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
@@ -97,10 +99,11 @@ jobs:
     name: Build and push dev-env-base docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
-      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.build-env-base.outputs.rebuild == 'true' }}
+      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: ${{ needs.env-setup.outputs.repository_name }}/dev-env-base
       directory: ${{ needs.env-setup.outputs.docker_directory }}/dev-env-base
       docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
@@ -119,10 +122,11 @@ jobs:
     name: Build and push build-kit docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
-      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' || needs.build-env-base.outputs.rebuild == 'true' }}
+      force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: ${{ needs.env-setup.outputs.repository_name }}/build-kit-base
       directory: ${{ needs.env-setup.outputs.docker_directory }}/build-kit-base
       docker_registry: ${{ needs.env-setup.outputs.docker_registry }}
@@ -142,8 +146,9 @@ jobs:
     name: Build and push deprecated everest-clang-format docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
       force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: everest-clang-format
@@ -162,8 +167,9 @@ jobs:
     name: Build and push deprecated build-kit-alpine docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
       force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: build-kit-alpine
@@ -183,8 +189,9 @@ jobs:
     name: Build and push deprecated build-kit-debian docker image
     uses: ./.github/workflows/deploy-single-docker-image.yml
     secrets:
-      SA_GITHUB_PAT: ${{ secrets.SA_GITHUB_PAT }}
-      SA_GITHUB_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      GITHUB_REPOSITORY_PAT: ${{ secrets.SA_GITHUB_PAT }}
+      DOCKER_REGISTRY_USERNAME: ${{ secrets.SA_GITHUB_USERNAME }}
+      DOCKER_REGISTRY_PAT: ${{ secrets.SA_GITHUB_PAT }}
     with:
       force_rebuild: ${{ needs.env-setup.outputs.force_rebuild == 'true' }}
       image_name: build-kit-debian
diff --git a/.github/workflows/deploy-single-docker-image.yml b/.github/workflows/deploy-single-docker-image.yml
index d5a449b..de4030f 100644
--- a/.github/workflows/deploy-single-docker-image.yml
+++ b/.github/workflows/deploy-single-docker-image.yml
@@ -62,11 +62,14 @@ on:
         description: 'One tag of the deployed image with image name'
         value: ${{ jobs.build-and-push.outputs.one_image_tag_long }}
     secrets:
-      SA_GITHUB_PAT:
-        description: 'Github PAT with access to the repository'
+      DOCKER_REGISTRY_USERNAME:
+        description: 'Docker registry username'
         required: true
-      SA_GITHUB_USERNAME:
-        description: 'Github username'
+      DOCKER_REGISTRY_PAT:
+        description: 'Docker registry PAT with access to the repository'
+        required: true
+      GITHUB_REPOSITORY_PAT:
+        description: 'Github repository PAT with access to the repository'
         required: true
 
 jobs:
@@ -83,7 +86,7 @@ jobs:
         repository: ${{ github.repository }} 
         path: source
         ref: ${{ inputs.github_ref_after }}
-        token: ${{secrets.SA_GITHUB_PAT}}
+        token: ${{secrets.GITHUB_REPOSITORY_PAT}}
         fetch-depth: 0
     - name: Validate github_ref_before and github_ref_after
       if: ${{ inputs.force_rebuild == false }}
@@ -173,7 +176,7 @@ jobs:
         repository: ${{ github.repository }} 
         path: source
         ref: ${{github.ref}}
-        token: ${{secrets.SA_GITHUB_PAT}}
+        token: ${{secrets.GITHUB_REPOSITORY_PAT}}
         fetch-depth: 0
     - name: Get context / Path of Dockerfile
       id: get-context
@@ -215,8 +218,8 @@ jobs:
       if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}
       with:
         registry: ${{ inputs.docker_registry }}
-        username: ${{ secrets.SA_GITHUB_USERNAME }}
-        password: ${{ secrets.SA_GITHUB_PAT }}
+        username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+        password: ${{ secrets.DOCKER_REGISTRY_PAT }}
     - name: Build and push
       uses: docker/build-push-action@v6
       if: ${{ needs.check.outputs.rebuild == 'true' || inputs.force_rebuild }}