You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/user-guide/custom-ci/custom-ci-for-apps.rst
+32Lines changed: 32 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,6 +107,35 @@ Check the Workflow Result
107
107
You can view your Factory Targets in the UI to check whether the new Targets were created, and if their content is correct.
108
108
This can also be verified by running ``fioctl targets list`` and ``fioctl targets show <target-version>``.
109
109
110
+
Using Third-Party Container Registries
111
+
--------------------------------------
112
+
113
+
It is possible to push the built container images and the Compose App to a third-party container registry instead of the default `FoundriesFactory Registry`_.
114
+
115
+
To do so, use `the sample GitHub actions workflow`_ as a starting point and:
116
+
117
+
1. Modify the workflow so it can authenticate and obtain **write access** to your container registry.
118
+
2. Set the appropriate value for the ``IMAGE_BASE_URL`` environment variable and optionally ``IMAGE_NAMESPACE``.
119
+
120
+
``IMAGE_BASE_URL`` should point to the base URL of the container registry where images will be pushed.
121
+
122
+
Example: Using Amazon ECR
123
+
~~~~~~~~~~~~~~~~~~~~~~~~~
124
+
125
+
This is an `example GitHub Actions workflow`_ that builds container images and pushes them,
126
+
along with the Compose App, to **Amazon Elastic Container Registry (ECR)**.
127
+
128
+
The workflow extends the base workflow by:
129
+
130
+
- adding steps that authenticate the workflow to AWS
131
+
- granting the workflow permission to push images to ECR
132
+
- setting ``IMAGE_BASE_URL`` to the ECR registry URL
133
+
134
+
Authentication to AWS is performed using **OpenID Connect (OIDC)**.
135
+
136
+
With OIDC, a GitHub workflow requests a short-lived identity token from GitHub and exchanges it with AWS for **temporary credentials**.
137
+
These credentials allow the workflow to interact with AWS services such as ECR without storing long-lived AWS access keys in GitHub.
138
+
110
139
.. _FoundriesFactory Registry:
111
140
https://hub.foundries.io
112
141
@@ -128,5 +157,8 @@ This can also be verified by running ``fioctl targets list`` and ``fioctl target
0 commit comments