diff --git a/.github/workflows/artifactory.yml b/.github/workflows/artifactory.yml index 30bf043ff..a69e2db40 100644 --- a/.github/workflows/artifactory.yml +++ b/.github/workflows/artifactory.yml @@ -6,6 +6,7 @@ on: env: ARTIFACTORY_URL: https://alephalpha.jfrog.io ARTIFACTORY_PYPI_REPOSITORY: "intelligence-layer" + ARTIFACTORY_DOCKER_REGISTRY: https://alephalpha.jfrog.io/intelligence-layer jobs: push-to: @@ -97,9 +98,13 @@ jobs: labels: ${{ steps.meta.outputs.labels }} publish-docker: + permissions: + contents: read env: - REGISTRY: ghcr.io + GITHUB_DOCKER_REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }}-trace-viewer + needs: + ["build-and-push-image"] runs-on: ubuntu-latest steps: - name: Get Identity Token From Github @@ -119,20 +124,25 @@ jobs: "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"$ID_TOKEN\", \"provider_name\": \"github\"}" \ | jq .access_token -r) echo "JFROG_ACCESS_TOKEN=${JFROG_ACCESS_TOKEN}" >> $GITHUB_ENV - - name: Log in to the Container registry - if: github.event_name != 'pull_request' + JFROG_ACCESS_TOKEN_SUBJECT=$(echo $JFROG_ACCESS_TOKEN | awk -F'.' '{print $2}' | sed 's/.\{1,3\}$/&==/' | base64 -d | jq '.sub' -r) + echo "JFROG_ACCESS_TOKEN_SUBJECT=${JFROG_ACCESS_TOKEN_SUBJECT}" >> $GITHUB_ENV + - name: Log in to the github container registry uses: docker/login-action@v3 with: - registry: ${{ env.REGISTRY }} + registry: ${{ env.GITHUB_DOCKER_REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build package and push to Artifactory + - name: Log in to the artifactory container registry + uses: docker/login-action@v3 env: JFROG_ACCESS_TOKEN: ${{ env.JFROG_ACCESS_TOKEN }} + JFROG_ACCESS_TOKEN_SUBJECT: ${{ env.JFROG_ACCESS_TOKEN_SUBJECT }} + with: + registry: ${{ env.ARTIFACTORY_DOCKER_REGISTRY }} + username: ${{ env.JFROG_ACCESS_TOKEN_SUBJECT }} + password: ${{ env.JFROG_ACCESS_TOKEN }} + - name: Build package and push to Artifactory run: | - JFROG_ACCESS_TOKEN_SUBJECT=$(echo $JFROG_ACCESS_TOKEN | awk -F'.' '{print $2}' | sed 's/.\{1,3\}$/&==/' | base64 -d | jq '.sub' -r) - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker login --username "$JFROG_ACCESS_TOKEN_SUBJECT" --password $JFROG_ACCESS_TOKEN $ARTIFACTORY_URL/blueprint-images - docker pull $CI_REGISTRY_IMAGE/$CONTAINER_IMAGE_NAME:$CI_COMMIT_SHORT_SHA - docker tag $CI_REGISTRY_IMAGE/$CONTAINER_IMAGE_NAME:$CI_COMMIT_SHORT_SHA $ARTIFACTORY_HOST/blueprint-images/blueprint-monitoring-image:latest - docker push $ARTIFACTORY_HOST/blueprint-images/blueprint-monitoring-image:latest \ No newline at end of file + docker pull $GITHUB_DOCKER_REGISTRY/$IMAGE_NAME + docker tag $GITHUB_DOCKER_REGISTRY/$IMAGE_NAME $ARTIFACTORY_DOCKER_REGISTRY/trace-viewer:latest + docker push $ARTIFACTORY_DOCKER_REGISTRY/trace-viewer:latest \ No newline at end of file