diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 0d1c7b67c..795a337af 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -6,6 +6,7 @@ on: branches: - master - main + - aws permissions: contents: read @@ -150,24 +151,33 @@ jobs: provenance: true sbom: true + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS Public ECR + uses: aws-actions/amazon-ecr-login@v2 + with: + registry-type: public + - name: Generate tags fat id: meta3 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/aws' with: images: | - ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/s-pdf - ghcr.io/${{ steps.repoowner.outputs.lowercase }}/stirling-pdf - ${{ secrets.DOCKER_HUB_ORG_USERNAME }}/stirling-pdf + public.ecr.aws/${{ secrets.AWS_PUBLIC_ECR_ALIAS }}/stirling-pdf tags: | - type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} + type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/aws' }} + type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/aws' }} - name: Build and push main Dockerfile fat id: build-push-fat uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/aws' with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -193,3 +203,4 @@ jobs: echo "$TAGS" | tr ',' '\n' | while read -r tag; do cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" done +