[ACS-4535] rework docker publishing actions (#3068)

* rework docker publishing actions * simplify steps * rollback AWS credentials
2025-05-12 17:04:46 +00:00 · 2023-03-16 13:26:45 -04:00 · 2023-03-16 13:26:45 -04:00 · 36c5c39311
commit 36c5c39311
parent f21299a90d
6 changed files with 50 additions and 44 deletions
--- a/.github/actions/download-job-artifact/action.yml
+++ b/.github/actions/download-job-artifact/action.yml
@ -27,7 +27,7 @@ runs:
  using: "composite"
  steps:
    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ inputs.aws-access-key-id }}
        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
--- a/.github/actions/get-image-tag/action.yml
+++ b/.github/actions/get-image-tag/action.yml
@ -0,0 +1,21 @@
+name: "Get Image Tag"
+description: "Generates a tag for Docker image"
+
+inputs:
+  branch_name:
+    description: 'Name of the branch the workflow runs on'
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Get docker image tag name
+      shell: bash
+      run: |
+        if [[ "${{ inputs.branch_name }}" == "master" ]]; then
+            TAG_VERSION="$(jq -cr '.version' < package.json)"
+        else
+            TAG_VERSION="${{ inputs.branch_name }}-${{ github.run_id }},{{ inputs.branch_name }}"
+        fi
+        echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
--- a/.github/actions/publish-image/action.yml
+++ b/.github/actions/publish-image/action.yml
@ -1,9 +1,9 @@
 name: "Publish Docker Images"
-description: "Publish Docker image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch"
+description: "Publish Docker Image to the provided registry"

 inputs:
-  domain:
-    description: 'domain to publish image to'
+  registry:
+    description: 'Docker registry'
    required: true
    type: string
  username:
@ -26,15 +26,27 @@ inputs:
 runs:
  using: "composite"
  steps:
-    - name: Get docker image tag name
+    - name: Login to Docker Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+    - name: Get Tag
+      uses: ./.github/actions/get-image-tag
+      with:
+        branch_name: ${{ inputs.branch_name }}
+
+    - name: Publish
+      if: ${{ github.event.inputs.dry-run != 'true' }}
      shell: bash
      run: |
-        if [[ "${{ inputs.branch_name }}" == "master" ]]; then
-            TAG_VERSION=$(jq -cr '.version' < package.json)
-        else
-            TAG_VERSION=${{ inputs.branch_name }}-${{ github.run_id }}
-        fi
-        echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
-    - name: Publish image
-      shell: bash
-      run: ./scripts/gh/docker-publish.sh "${{ inputs.domain }}" "$REPO_SLUG" "${{ inputs.username }}" "${{ inputs.password }}" "$TAG_VERSION" "${{ inputs.branch_name }}" "${{ inputs.dry-run }}"
+        npm ci && npm run build.release
+        echo "Running the docker with tag $TAG_VERSION"
+
+        npx @alfresco/adf-cli docker-publish \
+          --dockerRepo "${{ inputs.registry }}/alfresco/alfresco-content-app" \
+          --buildArgs "PROJECT_NAME=content-ce" \
+          --dockerTags "$TAG_VERSION" \
+          --pathProject "$(pwd)"
--- a/.github/actions/upload-job-artifact/action.yml
+++ b/.github/actions/upload-job-artifact/action.yml
@ -27,7 +27,7 @@ runs:
  using: "composite"
  steps:
    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ inputs.aws-access-key-id }}
        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -34,7 +34,6 @@ env:
  APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: /
  APP_CONFIG_OAUTH2_REDIRECT_LOGIN: /
  APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
-  REPO_SLUG: "alfresco/alfresco-content-app"
  NPM_REGISTRY_ADDRESS: ${{ secrets.NPM_REGISTRY_ADDRESS }}


@ -57,7 +56,7 @@ jobs:
        uses: ./.github/actions/publish-image
        with:
          branch_name: ${{ env.BRANCH_NAME }}
-          domain: quay.io
+          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_PASSWORD }}
          dry-run: ${{ inputs.dry-run-release }}
@ -80,7 +79,7 @@ jobs:
        uses: ./.github/actions/publish-image
        with:
          branch_name: ${{ env.BRANCH_NAME }}
-          domain: docker.io
+          registry: docker.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          dry-run: ${{ inputs.dry-run-release }}
--- a/scripts/gh/docker-publish.sh
+++ b/scripts/gh/docker-publish.sh
@ -1,26 +0,0 @@
-#!/bin/bash -e
-
-DOMAIN="$1"
-REPO_SLUG="$2"
-USERNAME="$3"
-PASSWORD="$4"
-TAG_VERSION="$5"
-BRANCH_NAME="$6"
-DRY_RUN="$7"
-
-npm ci && npm run build.release
-
-echo "Running the docker with tag" $TAG_VERSION
-DOCKER_PROJECT_ARGS="PROJECT_NAME=content-ce"
-DOCKER_REPOSITORY="$DOMAIN/$REPO_SLUG"
-
-# Publish Image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch
-if [[ "$BRANCH_NAME" == "master" ]]; then
-  if [[ "$DRY_RUN" != "true" ]]; then
-    npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION" --pathProject "$(pwd)"
-  fi;
-else
-  if [[ "$DRY_RUN" != "true" ]]; then
-    npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION,$BRANCH_NAME" --pathProject "$(pwd)"
-  fi;
-fi;