Skip to content

Commit c79e119

Browse files
crazy-maxcrazy-max
authored
Merge pull request #230 from crazy-max/aws-ecr-to-docker-hub
test: replace AWS ECR with Docker Hub in test workflows
2 parents 04e22bc + 26108c5 commit c79e119

2 files changed

Lines changed: 134 additions & 250 deletions

File tree

.github/workflows/.test-bake.yml

Lines changed: 65 additions & 123 deletions
Original file line numberDiff line numberDiff line change
@@ -26,14 +26,14 @@ on:
2626
- 'test/**'
2727

2828
jobs:
29-
bake-aws-single:
29+
bake-dockerhub-single:
3030
uses: ./.github/workflows/bake.yml
3131
permissions:
3232
contents: read
3333
id-token: write
3434
with:
3535
cache: true
36-
cache-scope: bake-aws-single
36+
cache-scope: bake-dockerhub-single
3737
context: test
3838
output: image
3939
push: ${{ github.event_name != 'pull_request' }}
@@ -42,51 +42,51 @@ jobs:
4242
*.args.VERSION={{meta.version}}
4343
target: hello
4444
meta-images: |
45-
public.ecr.aws/q3b5f1u4/test-docker-action
45+
docker.io/dockereng/github-builder-test
4646
meta-tags: |
4747
type=raw,value=bake-ghbuilder-single-${{ github.run_id }}
4848
secrets:
4949
registry-auths: |
50-
- registry: public.ecr.aws
51-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
52-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
50+
- registry: docker.io
51+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
52+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
5353
54-
bake-aws-single-verify:
54+
bake-dockerhub-single-verify:
5555
uses: ./.github/workflows/verify.yml
5656
if: ${{ github.event_name != 'pull_request' }}
5757
needs:
58-
- bake-aws-single
58+
- bake-dockerhub-single
5959
with:
60-
builder-outputs: ${{ toJSON(needs.bake-aws-single.outputs) }}
60+
builder-outputs: ${{ toJSON(needs.bake-dockerhub-single.outputs) }}
6161
secrets:
6262
registry-auths: |
63-
- registry: public.ecr.aws
64-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
65-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
63+
- registry: docker.io
64+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
65+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
6666
67-
bake-aws-single-outputs:
67+
bake-dockerhub-single-outputs:
6868
runs-on: ubuntu-24.04
6969
needs:
70-
- bake-aws-single
70+
- bake-dockerhub-single
7171
steps:
7272
-
7373
name: Builder outputs
7474
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
7575
env:
76-
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-aws-single.outputs) }}
76+
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-dockerhub-single.outputs) }}
7777
with:
7878
script: |
7979
const builderOutputs = JSON.parse(core.getInput('builder-outputs'));
8080
core.info(JSON.stringify(builderOutputs, null, 2));
8181
82-
bake-aws:
82+
bake-dockerhub:
8383
uses: ./.github/workflows/bake.yml
8484
permissions:
8585
contents: read
8686
id-token: write
8787
with:
8888
cache: true
89-
cache-scope: bake-aws
89+
cache-scope: bake-dockerhub
9090
context: test
9191
output: image
9292
push: ${{ github.event_name != 'pull_request' }}
@@ -99,70 +99,63 @@ jobs:
9999
*.args.VERSION={{meta.version}}
100100
target: hello-cross
101101
meta-images: |
102-
public.ecr.aws/q3b5f1u4/test-docker-action
102+
docker.io/dockereng/github-builder-test
103103
meta-tags: |
104104
type=raw,value=bake-ghbuilder-${{ github.run_id }}
105105
secrets:
106106
registry-auths: |
107-
- registry: public.ecr.aws
108-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
109-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
107+
- registry: docker.io
108+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
109+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
110110
111-
bake-aws-verify:
111+
bake-dockerhub-verify:
112112
uses: ./.github/workflows/verify.yml
113113
if: ${{ github.event_name != 'pull_request' }}
114114
needs:
115-
- bake-aws
115+
- bake-dockerhub
116116
with:
117-
builder-outputs: ${{ toJSON(needs.bake-aws.outputs) }}
117+
builder-outputs: ${{ toJSON(needs.bake-dockerhub.outputs) }}
118118
secrets:
119119
registry-auths: |
120-
- registry: public.ecr.aws
121-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
122-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
120+
- registry: docker.io
121+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
122+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
123123
124-
bake-aws-outputs:
124+
bake-dockerhub-outputs:
125125
runs-on: ubuntu-24.04
126126
needs:
127-
- bake-aws
127+
- bake-dockerhub
128128
steps:
129129
-
130130
name: Builder outputs
131131
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
132132
env:
133-
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-aws.outputs) }}
133+
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-dockerhub.outputs) }}
134134
with:
135135
script: |
136136
const builderOutputs = JSON.parse(core.getInput('builder-outputs'));
137137
core.info(JSON.stringify(builderOutputs, null, 2));
138138
139-
bake-aws-scan:
139+
bake-dockerhub-scan:
140140
runs-on: ubuntu-24.04
141141
if: ${{ github.event_name != 'pull_request' }}
142142
needs:
143-
- bake-aws
143+
- bake-dockerhub
144144
steps:
145-
-
146-
name: Login to registry
147-
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
148-
with:
149-
registry: public.ecr.aws
150-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
151-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
152145
-
153146
name: Scan for vulnerabilities
154147
uses: crazy-max/ghaction-container-scan@a0a3900b79d158c85ccf034e5368fae620a9233a # v4.0.0
155148
with:
156-
image: public.ecr.aws/q3b5f1u4/test-docker-action@${{ needs.bake-aws.outputs.digest }}
149+
image: docker.io/dockereng/github-builder-test@${{ needs.bake-dockerhub.outputs.digest }}
157150

158-
bake-aws-nosign:
151+
bake-dockerhub-nosign:
159152
uses: ./.github/workflows/bake.yml
160153
permissions:
161154
contents: read
162155
id-token: write
163156
with:
164157
cache: true
165-
cache-scope: bake-aws-nosign
158+
cache-scope: bake-dockerhub-nosign
166159
context: test
167160
output: image
168161
push: ${{ github.event_name != 'pull_request' }}
@@ -171,96 +164,45 @@ jobs:
171164
*.args.VERSION={{meta.version}}
172165
sign: false
173166
target: hello-cross
174-
meta-images: |
175-
public.ecr.aws/q3b5f1u4/test-docker-action
176-
meta-tags: |
177-
type=raw,value=bake-ghbuilder-nosign-${{ github.run_id }}
178-
secrets:
179-
registry-auths: |
180-
- registry: public.ecr.aws
181-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
182-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
183-
184-
bake-aws-nosign-verify:
185-
uses: ./.github/workflows/verify.yml
186-
if: ${{ github.event_name != 'pull_request' }}
187-
needs:
188-
- bake-aws-nosign
189-
with:
190-
builder-outputs: ${{ toJSON(needs.bake-aws-nosign.outputs) }}
191-
secrets:
192-
registry-auths: |
193-
- registry: public.ecr.aws
194-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
195-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
196-
197-
bake-aws-nosign-outputs:
198-
runs-on: ubuntu-24.04
199-
needs:
200-
- bake-aws-nosign
201-
steps:
202-
-
203-
name: Builder outputs
204-
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
205-
env:
206-
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-aws-nosign.outputs) }}
207-
with:
208-
script: |
209-
const builderOutputs = JSON.parse(core.getInput('builder-outputs'));
210-
core.info(JSON.stringify(builderOutputs, null, 2));
211-
212-
bake-dockerhub:
213-
uses: ./.github/workflows/bake.yml
214-
permissions:
215-
contents: read
216-
id-token: write
217-
with:
218-
context: test
219-
output: image
220-
push: ${{ github.event_name != 'pull_request' }}
221-
sbom: true
222-
set: |
223-
*.args.VERSION={{meta.version}}
224-
target: hello-cross
225167
meta-images: |
226168
docker.io/dockereng/github-builder-test
227169
meta-tags: |
228-
type=raw,value=bake-ghbuilder-${{ github.run_id }}
170+
type=raw,value=bake-ghbuilder-nosign-${{ github.run_id }}
229171
secrets:
230172
registry-auths: |
231173
- registry: docker.io
232174
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
233175
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
234176
235-
bake-dockerhub-verify:
177+
bake-dockerhub-nosign-verify:
236178
uses: ./.github/workflows/verify.yml
237179
if: ${{ github.event_name != 'pull_request' }}
238180
needs:
239-
- bake-dockerhub
181+
- bake-dockerhub-nosign
240182
with:
241-
builder-outputs: ${{ toJSON(needs.bake-dockerhub.outputs) }}
183+
builder-outputs: ${{ toJSON(needs.bake-dockerhub-nosign.outputs) }}
242184
secrets:
243185
registry-auths: |
244186
- registry: docker.io
245187
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
246188
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
247189
248-
bake-dockerhub-outputs:
190+
bake-dockerhub-nosign-outputs:
249191
runs-on: ubuntu-24.04
250192
needs:
251-
- bake-dockerhub
193+
- bake-dockerhub-nosign
252194
steps:
253195
-
254196
name: Builder outputs
255197
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
256198
env:
257-
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-dockerhub.outputs) }}
199+
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-dockerhub-nosign.outputs) }}
258200
with:
259201
script: |
260202
const builderOutputs = JSON.parse(core.getInput('builder-outputs'));
261203
core.info(JSON.stringify(builderOutputs, null, 2));
262204
263-
bake-ghcr-and-aws:
205+
bake-ghcr-and-dockerhub:
264206
uses: ./.github/workflows/bake.yml
265207
permissions:
266208
contents: read
@@ -276,44 +218,44 @@ jobs:
276218
target: hello-cross
277219
meta-images: |
278220
ghcr.io/docker/github-builder-test
279-
public.ecr.aws/q3b5f1u4/test-docker-action
221+
docker.io/dockereng/github-builder-test
280222
meta-tags: |
281-
type=raw,value=${{ github.run_id }},prefix=bake-ghcr-and-aws-
223+
type=raw,value=${{ github.run_id }},prefix=bake-ghcr-and-dockerhub-
282224
secrets:
283225
registry-auths: |
284226
- registry: ghcr.io
285227
username: ${{ github.actor }}
286228
password: ${{ secrets.GITHUB_TOKEN }}
287-
- registry: public.ecr.aws
288-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
289-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
229+
- registry: docker.io
230+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
231+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
290232
291-
bake-ghcr-and-aws-verify:
233+
bake-ghcr-and-dockerhub-verify:
292234
uses: ./.github/workflows/verify.yml
293235
if: ${{ github.event_name != 'pull_request' }}
294236
needs:
295-
- bake-ghcr-and-aws
237+
- bake-ghcr-and-dockerhub
296238
with:
297-
builder-outputs: ${{ toJSON(needs.bake-ghcr-and-aws.outputs) }}
239+
builder-outputs: ${{ toJSON(needs.bake-ghcr-and-dockerhub.outputs) }}
298240
secrets:
299241
registry-auths: |
300242
- registry: ghcr.io
301243
username: ${{ github.actor }}
302244
password: ${{ secrets.GITHUB_TOKEN }}
303-
- registry: public.ecr.aws
304-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
305-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
245+
- registry: docker.io
246+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
247+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
306248
307-
bake-ghcr-and-aws-outputs:
249+
bake-ghcr-and-dockerhub-outputs:
308250
runs-on: ubuntu-24.04
309251
needs:
310-
- bake-ghcr-and-aws
252+
- bake-ghcr-and-dockerhub
311253
steps:
312254
-
313255
name: Builder outputs
314256
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
315257
env:
316-
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-ghcr-and-aws.outputs) }}
258+
INPUT_BUILDER-OUTPUTS: ${{ toJSON(needs.bake-ghcr-and-dockerhub.outputs) }}
317259
with:
318260
script: |
319261
const builderOutputs = JSON.parse(core.getInput('builder-outputs'));
@@ -477,7 +419,7 @@ jobs:
477419
*.args.VERSION={{meta.version}}
478420
target: hello-cross
479421
meta-images: |
480-
public.ecr.aws/q3b5f1u4/test-docker-action
422+
docker.io/dockereng/github-builder-test
481423
meta-tags: |
482424
type=raw,value=bake-ghbuilder-${{ github.run_id }}
483425
@@ -495,7 +437,7 @@ jobs:
495437
*.args.VERSION={{meta.version}}
496438
target: hello-cross
497439
meta-images: |
498-
public.ecr.aws/q3b5f1u4/test-docker-action
440+
docker.io/dockereng/github-builder-test
499441
meta-tags: |
500442
type=raw,value=bake-ghbuilder-${{ github.run_id }}
501443
@@ -512,15 +454,15 @@ jobs:
512454
sbom: true
513455
target: hello-cross
514456

515-
bake-aws-nodistrib:
457+
bake-dockerhub-nodistrib:
516458
uses: ./.github/workflows/bake.yml
517459
permissions:
518460
contents: read
519461
id-token: write
520462
with:
521463
distribute: false
522464
cache: true
523-
cache-scope: bake-aws-nodistrib
465+
cache-scope: bake-dockerhub-nodistrib
524466
context: test
525467
output: image
526468
push: ${{ github.event_name != 'pull_request' }}
@@ -529,14 +471,14 @@ jobs:
529471
*.args.VERSION={{meta.version}}
530472
target: hello-cross
531473
meta-images: |
532-
public.ecr.aws/q3b5f1u4/test-docker-action
474+
docker.io/dockereng/github-builder-test
533475
meta-tags: |
534476
type=raw,value=bake-ghbuilder-nodistrib-${{ github.run_id }}
535477
secrets:
536478
registry-auths: |
537-
- registry: public.ecr.aws
538-
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
539-
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
479+
- registry: docker.io
480+
username: ${{ vars.DOCKERPUBLICBOT_USERNAME }}
481+
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
540482
541483
bake-local-nodistrib:
542484
uses: ./.github/workflows/bake.yml

0 commit comments

Comments
 (0)