chore: tmp disable ecr push #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*'] | |
| env: | |
| AWS_REGION: us-east-1 | |
| ECR_REGISTRY: public.ecr.aws/e0h8a4b6 | |
| GHCR_REGISTRY: ghcr.io | |
| jobs: | |
| find: | |
| name: Discover Images | |
| runs-on: ubuntu-latest | |
| outputs: | |
| images: ${{ steps.find.outputs.images }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Find image directories | |
| id: find | |
| run: | | |
| IMAGES=$(echo [$(find images -maxdepth 1 -mindepth 1 -type d -printf '{"dir":"%f"},\n' | sed '$ s/,$//')] | jq -c .) | |
| echo "images=$IMAGES" >> "$GITHUB_OUTPUT" | |
| echo "Found images: $IMAGES" | |
| build: | |
| name: Build Database Toolboxes | |
| needs: find | |
| environment: production | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| attestations: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| images: ${{ fromJson(needs.find.outputs.images) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| # - uses: aws-actions/configure-aws-credentials@v5 | |
| # with: | |
| # role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # - uses: aws-actions/amazon-ecr-login@v2 | |
| # with: | |
| # registry-type: public | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GHCR_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # ${{ env.ECR_REGISTRY }}/database-toolbox/${{ matrix.images.dir }} | |
| images: | | |
| ${{ env.GHCR_REGISTRY }}/${{ github.repository }}/${{ matrix.images.dir }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=ref,event=branch | |
| type=sha,prefix=sha-,format=short | |
| flavor: | | |
| latest=auto | |
| labels: | | |
| org.opencontainers.image.source=${{ github.repository }} | |
| - name: Build and push to staging ECR | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./images/${{ matrix.images.dir }} | |
| file: ./images/${{ matrix.images.dir }}/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| cache-from: type=gha,scope=${{ matrix.images.dir }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.images.dir }} | |
| provenance: true | |
| sbom: true | |
| - name: Make package public | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # Note: GitHub's package visibility API is not reliable/documented | |
| # This step attempts to set visibility, but may require manual action | |
| sleep 3 | |
| PACKAGE_NAME="${{ matrix.images.dir }}" | |
| REPO="${{ github.repository }}" | |
| echo "📦 Package published: ghcr.io/${REPO,,}/${PACKAGE_NAME}" | |
| echo "⚠️ Package is PRIVATE by default - make it public manually:" | |
| echo " https://github.com/${REPO}/pkgs/container/${PACKAGE_NAME}" | |
| echo " → Package settings → Change visibility → Public" |