From 9e2b792cc5fcfbbaa967330f17797c2284a9a33d Mon Sep 17 00:00:00 2001 From: Matthew Christopher Date: Thu, 22 Feb 2024 14:23:28 -0800 Subject: [PATCH] Fix issue with ACR protect image step in publish phase (#3814) --- .github/workflows/create-release-official.yml | 13 ++++++++++++- Taskfile.yml | 2 ++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release-official.yml b/.github/workflows/create-release-official.yml index cb97e08faac..90fe50fc86c 100644 --- a/.github/workflows/create-release-official.yml +++ b/.github/workflows/create-release-official.yml @@ -62,7 +62,18 @@ jobs: run: | container_id=${{env.container_id}} docker exec -e DOCKER_PUSH_TARGET "$container_id" task controller:docker-push-multiarch - docker exec -e DOCKER_PUSH_TARGET -e DOCKER_REGISTRY "$container_id" task controller:acr-protect-image env: DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }} DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }} + + - name: Protect image + run: | + container_id=${{env.container_id}} + docker exec -e DOCKER_PUSH_TARGET -e DOCKER_REGISTRY -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID "$container_id" task controller:acr-protect-image + env: + DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }} + DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} diff --git a/Taskfile.yml b/Taskfile.yml index 63fcd88513a..ce9445271e1 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -448,6 +448,8 @@ tasks: controller:acr-protect-image: desc: Protects an existing image in ACR from being updated or deleted dir: "{{.CONTROLLER_ROOT}}" + deps: + - az-login run: always cmds: - 'if [ -z "{{.DOCKER_PUSH_TARGET}}" ]; then echo "Error: DOCKER_PUSH_TARGET must be set"; exit 1; fi'