fix: add push to ecr to merge_to_main

climatepolicyradar · Feb 27, 2025 · 072d124 · 072d124
1 parent 27d95e6
commit 072d124
Showing 1 changed file with 23 additions and 9 deletions.
diff --git a/.github/workflows/merge_to_main.yml b/.github/workflows/merge_to_main.yml
@@ -3,10 +3,10 @@ on:
   push:
     branches:
       - main
+      - push-to-ecrt
 
 # trunk-ignore(checkov/CKV2_GHA_1)
 permissions: write-all
-
 jobs:
   percy:
     runs-on: ubuntu-latest
@@ -85,6 +85,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     needs: [code-quality, test, test-e2e]
+    environment: production
     strategy:
       fail-fast: false
       matrix:
@@ -99,15 +100,28 @@ jobs:
           export THEME=${{ matrix.theme }}
           make build
       # release
-      - name: Release to ECR
-        uses: climatepolicyradar/retag-and-push-to-ecr@v1
-        env:
-          DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      # most of this is taken from
+      # https://docs.github.com/en/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service#creating-the-workflow
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4.1.0
         with:
-          repo-name: navigator-frontend-${{ matrix.theme }}
-          semver-tag: ${{ github.sha }}
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/navigator-infra-github-actions
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: eu-west-1
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@62f4f872db3836360b72999f4b87f1ff13310f3a
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
+          IMAGE_TAG: ${{ github.sha }}
+          AWS_REGION: eu-west-1
+          ECR_REPOSITORY: navigator-frontend-${{ matrix.theme }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
       # TODO: deploy
   storybook:
     runs-on: ubuntu-latest