diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 72524255..82ced9d2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,7 +11,11 @@ name: Publish jobs: build-and-deploy: runs-on: ubuntu-latest - + permissions: + id-token: write + env: + AZURE_CONTAINER_REGISTRY_URL: hmctspublic.azurecr.io + NEW_AZURE_CONTAINER_REGISTRY_URL: hmctsprod.azurecr.io strategy: matrix: node-version: [18.x] @@ -26,9 +30,17 @@ jobs: node-version: ${{ matrix.node-version }} registry-url: https://registry.npmjs.org/ # Needed for auth cache: 'npm' + - name: npm install run: npm install + - name: "Az CLI login" + uses: azure/login@v2 + with: + client-id: b5e07540-9063-466a-b209-205566156f3e # DTS Developers GitHub Actions ACR Publisher 1 + tenant-id: 531ff96d-0ae9-462a-8d2d-bec7c0b42082 # HMCTS.NET + allow-no-subscriptions: true + - name: "Get Short Sha Hash" id: get-short-sha uses: actions/github-script@v6.4.1 @@ -43,17 +55,43 @@ jobs: TIMESTAMP=$(git log -1 --format='%cI' | sed -e's/[-T:]//g' -e's/+.*$//g') echo "::set-output name=timestamp::$TIMESTAMP" - - name: 'Build and push image' + ################################################### + # HMCTSPROD ACR + ################################################### + - name: "ACR Login - hmctsprod" + run: | + az acr login --name hmctsprod + + - name: "Build and Push PR image - hmctsprod" + if: startsWith(github.ref, 'refs/pull') + run: | + docker build . -t ${{ env.NEW_AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} + docker push ${{ env.NEW_AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} + + - name: "Build and push prod image - hmctsprod" + if: github.ref == 'refs/heads/main' + run: | + docker build . -t ${{ env.NEW_AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }} + docker push ${{ env.NEW_AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }} + + ################################################### + # HMCTSPUBLIC ACR - Push + ################################################### + - name: "ACR Login - hmctspublic" uses: azure/docker-login@v1 with: - login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }} + login-server: ${{ env.AZURE_CONTAINER_REGISTRY_URL }} username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - - run: | - docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} - docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} + + - name: "Build and Push PR image - hmctspublic" if: startsWith(github.ref, 'refs/pull') - - run: | - docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }} - docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }} + run: | + docker build . -t ${{ env.AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} + docker push ${{ env.AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:pr-${{github.event.number}}-${{ steps.get-short-sha.outputs.shortSha }} + + - name: "Build and push prod image - hmctspublic" if: github.ref == 'refs/heads/main' + run: | + docker build . -t ${{ env.AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }} + docker push ${{ env.AZURE_CONTAINER_REGISTRY_URL }}/cot/slack-help-bot:prod-${{ steps.get-short-sha.outputs.shortSha }}-${{ steps.get-timestamp.outputs.timestamp }}