From fbef485eb51a9cdc3e688a7d7b7c892269d3f37a Mon Sep 17 00:00:00 2001 From: Azat Safin Date: Wed, 9 Oct 2024 11:49:58 +0300 Subject: [PATCH] Infra: ECR Build minor fixes (#580) --- .github/workflows/build-public-image.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml index ac48d29a0..3e364c992 100644 --- a/.github/workflows/build-public-image.yml +++ b/.github/workflows/build-public-image.yml @@ -6,7 +6,9 @@ on: types: ['labeled'] permissions: + id-token: write contents: read + pull-requests: write jobs: build: @@ -47,12 +49,11 @@ jobs: key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - - name: Configure AWS credentials for Kafka-UI account + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 + role-to-assume: ${{ secrets.AWS_ROLE }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -65,7 +66,7 @@ jobs: builder: ${{ steps.buildx.outputs.name }} context: api push: true - tags: public.ecr.aws/kafbat/kafka-ui-custom-build:${{ steps.extract_branch.outputs.tag }} + tags: ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} build-args: | JAR_FILE=api-${{ steps.build.outputs.version }}.jar cache-from: type=local,src=/tmp/.buildx-cache @@ -75,6 +76,6 @@ jobs: with: issue-number: ${{ github.event.pull_request.number }} body: | - Image published at public.ecr.aws/kafbat/kafka-ui-custom-build:${{ steps.extract_branch.outputs.tag }} + Image published at ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} outputs: tag: ${{ steps.extract_branch.outputs.tag }}