trigger on my branch temporarily #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-and-push | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- bharvey-updates # TODO remove | |
jobs: | |
build: | |
name: Build and push to dev | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Get credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: arn:aws:iam::037370603820:role/delegatedadmin/developer/security-hub-collector-github-oidc | |
role-session-name: security_hub_collector_github_actions | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Create env var for ECR URI | |
run: echo "ECR_URI=${{ steps.login-ecr.outputs.registry }}/security-hub-collector" >> $GITHUB_ENV | |
- name: Generate token from GitHub App | |
id: create_token | |
uses: tibdex/[email protected] | |
with: | |
app_id: ${{ secrets.APP_ID }} | |
private_key: ${{ secrets.APP_PEM }} | |
- name: Configure git for private modules | |
env: | |
TOKEN: ${{ steps.create_token.outputs.token }} | |
run: | | |
cat > ./docker-gitconfig <<EOF | |
[url "https://github-action:${TOKEN}@github.com/Enterprise-CMCS/"] | |
insteadOf = https://github.com/Enterprise-CMCS/ | |
EOF | |
- name: Build the Docker image | |
run: docker build . --file Dockerfile --tag $ECR_URI:$(git rev-parse --short $GITHUB_SHA) | |
- name: Push docker image to Amazon ECR | |
run: | | |
docker push $ECR_URI --all-tags |