Skip to content

chore: tmp disable ecr push #3

chore: tmp disable ecr push

chore: tmp disable ecr push #3

Workflow file for this run

name: CI/CD Pipeline
on:
push:
branches: [main]
tags: ['v*']
env:
AWS_REGION: us-east-1
ECR_REGISTRY: public.ecr.aws/e0h8a4b6
GHCR_REGISTRY: ghcr.io
jobs:
find:
name: Discover Images
runs-on: ubuntu-latest
outputs:
images: ${{ steps.find.outputs.images }}
steps:
- uses: actions/checkout@v5
- name: Find image directories
id: find
run: |
IMAGES=$(echo [$(find images -maxdepth 1 -mindepth 1 -type d -printf '{"dir":"%f"},\n' | sed '$ s/,$//')] | jq -c .)
echo "images=$IMAGES" >> "$GITHUB_OUTPUT"
echo "Found images: $IMAGES"
build:
name: Build Database Toolboxes
needs: find
environment: production
permissions:
contents: read
id-token: write
packages: write
attestations: write
strategy:
fail-fast: false
matrix:
images: ${{ fromJson(needs.find.outputs.images) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
# - uses: aws-actions/configure-aws-credentials@v5
# with:
# role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
# aws-region: ${{ env.AWS_REGION }}
# - uses: aws-actions/amazon-ecr-login@v2
# with:
# registry-type: public
- uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: metadata
uses: docker/metadata-action@v5
with:
# ${{ env.ECR_REGISTRY }}/database-toolbox/${{ matrix.images.dir }}
images: |
${{ env.GHCR_REGISTRY }}/${{ github.repository }}/${{ matrix.images.dir }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=branch
type=sha,prefix=sha-,format=short
flavor: |
latest=auto
labels: |
org.opencontainers.image.source=${{ github.repository }}
- name: Build and push to staging ECR
uses: docker/build-push-action@v6
with:
context: ./images/${{ matrix.images.dir }}
file: ./images/${{ matrix.images.dir }}/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache-from: type=gha,scope=${{ matrix.images.dir }}
cache-to: type=gha,mode=max,scope=${{ matrix.images.dir }}
provenance: true
sbom: true
- name: Make package public
env:
GH_TOKEN: ${{ github.token }}
run: |
# Note: GitHub's package visibility API is not reliable/documented
# This step attempts to set visibility, but may require manual action
sleep 3
PACKAGE_NAME="${{ matrix.images.dir }}"
REPO="${{ github.repository }}"
echo "📦 Package published: ghcr.io/${REPO,,}/${PACKAGE_NAME}"
echo "⚠️ Package is PRIVATE by default - make it public manually:"
echo " https://github.com/${REPO}/pkgs/container/${PACKAGE_NAME}"
echo " → Package settings → Change visibility → Public"