chore: refactor GitHub Actions workflow to streamline ACR login and u… #137

Workflow file for this run

	name: Build Docker Image
	on:
	push:
	branches:
	- rss3-dev
	- rss3-main

	env:
	GIT_COMMIT: ${{ github.sha }}
	ACR_INSTANCE_ID: cri-0jrfa7tkgiwjzabf

	permissions:
	contents: read
	packages: write
	id-token: write

	jobs:
	prepare:
	runs-on: ubuntu-latest
	outputs:
	targets: ${{ steps.generate.outputs.targets }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: List targets
	id: generate
	uses: docker/bake-action/subaction/list-targets@v5
	with:
	target: validate
	files: docker-bake.hcl
	stack:
	runs-on: ubuntu-latest

	strategy:
	matrix:
	target:
	- op-stack-go
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: all

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push
	uses: docker/bake-action@v5
	with:
	push: true
	files: docker-bake.hcl
	targets: ${{ matrix.target }}

	validate:
	runs-on: ubuntu-latest
	needs:
	- prepare
	- stack
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	target: ${{ fromJson(needs.prepare.outputs.targets) }}
	include:
	- registry: ghcr.io
	repository: ${{ github.repository }}
	- registry: docker.io
	repository: rss3
	- registry: container-registry.us-east-1.cr.aliyuncs.com
	repository: rss3

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: all

	- uses: aliyun/configure-aliyun-credentials-action@v1
	id: aliyun-auth
	with:
	role-to-assume: "acs:ram::5621254376179407:role/docker"
	oidc-provider-arn: "acs:ram::5621254376179407:oidc-provider/github"
	role-session-name: "github-action-session"
	role-session-expiration: 1800
	audience: "sts.aliyuncs.com"

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to ghcr
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ github.token }}

	- name: setup aliyun cli
	uses: aliyun/setup-aliyun-cli-action@v1

	- name: get acr credential
	id: acr-cred
	run: \|
	RESPONSE=$(aliyun cr GetAuthorizationToken --region us-east-1 --InstanceId ${{ env.ACR_INSTANCE_ID }})
	TEMP_USERNAME=$(echo "$RESPONSE" \| jq -r '.TempUsername')
	AUTH_TOKEN=$(echo "$RESPONSE" \| jq -r '.AuthorizationToken')

	echo "::add-mask::$AUTH_TOKEN"

	echo "username=$TEMP_USERNAME" >> $GITHUB_OUTPUT
	echo "password=$AUTH_TOKEN" >> $GITHUB_OUTPUT

	- name: Login to ACR
	uses: docker/login-action@v3
	with:
	registry: container-registry.us-east-1.cr.aliyuncs.com
	username: ${{ steps.acr-cred.outputs.username }}
	password: ${{ steps.acr-cred.outputs.password }}

	- name: Build and push
	uses: docker/bake-action@v5
	with:
	targets: ${{ matrix.target }}
	push: true
	files: docker-bake.hcl
	set: \|
	${{ matrix.target }}.args.OP_STACK_GO_BUILDER=rss3/op-stack-go:${{ github.sha }}
	env:
	REGISTRY: ${{ matrix.registry }}
	REPOSITORY: ${{ matrix.repository }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: refactor GitHub Actions workflow to streamline ACR login and u… #137

Workflow file

chore: refactor GitHub Actions workflow to streamline ACR login and u… #137

Uh oh!

Workflow file for this run