Skip to content

Commit 92dfc90

Browse files
blink1073blink1073
committed
use inline vars for ecr
1 parent c2634fe commit 92dfc90

File tree

5 files changed

+29
-11
lines changed

5 files changed

+29
-11
lines changed

git-sign/action.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ inputs:
44
command:
55
description: "Command to run inside the container"
66
required: true
7+
ecr_registry:
8+
description: "The ECR registry to use"
9+
default: "901841024863.dkr.ecr.us-east-1.amazonaws.com"
710
ecr_repository:
811
description: "The ECR repository to use"
912
default: release-infrastructure/garasign-git
@@ -12,13 +15,16 @@ runs:
1215
using: composite
1316
steps:
1417
- name: "Run git command"
18+
env:
19+
ECR_REGISTRY: ${{ inputs.ecr_registry }}
20+
ECR_REPOSITORY: ${{ inputs.ecr_repository }}
1521
run: |
1622
WORKING_DIR=/home/git-checkout
1723
docker run \
1824
--env-file=$GARASIGN_ENVFILE \
1925
--rm \
2026
-v $(pwd):$WORKING_DIR \
2127
-w $WORKING_DIR \
22-
${ECR_REGISTRY}/${{ inputs.ecr_repository }} \
28+
${ECR_REGISTRY}/${ECR_REPOSITORY} \
2329
/bin/bash -c "git config --global --add safe.directory $WORKING_DIR && gpgloader && ${{ inputs.command }}"
2430
shell: bash

gpg-sign/action.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ inputs:
44
filenames:
55
description: "File name(s) to sign, can be a glob pattern"
66
required: true
7+
ecr_registry:
8+
description: "The ECR registry to use"
9+
default: "901841024863.dkr.ecr.us-east-1.amazonaws.com"
710
ecr_repository:
811
description: "The ECR repository to use"
912
default: release-infrastructure/garasign-git
@@ -23,13 +26,16 @@ runs:
2326
echo "names=\"$FILENAMES\"" >> $GITHUB_OUTPUT
2427
- name: "Create detached signature for file"
2528
shell: bash
29+
env:
30+
ECR_REGISTRY: ${{ inputs.ecr_registry }}
31+
ECR_REPOSITORY: ${{ inputs.ecr_repository }}
2632
run: |
2733
docker run \
2834
--env-file=$GARASIGN_ENVFILE \
2935
--rm \
3036
-v $(pwd):$(pwd) \
3137
-w $(pwd) \
32-
${ECR_REGISTRY}/${{ inputs.ecr_repository }} \
38+
${ECR_REGISTRY}/${ECR_REPOSITORY} \
3339
/bin/bash -c 'gpgloader && for filename in ${{ inputs.filenames }}; do gpg --detach-sign --armor --output ${filename}.sig ${filename}; done'
3440
3541
- name: "Move the signature files to the release directory"

sbom/action.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ inputs:
1010
kondukto_sub_project:
1111
description: The Kondukto sub-project name (appended to the branch name)
1212
required: false
13+
ecr_registry:
14+
description: "The ECR registry to use"
15+
default: "901841024863.dkr.ecr.us-east-1.amazonaws.com"
1316
ecr_repository:
1417
description: "The ECR repository to use"
1518
default: release-infrastructure/silkbomb:2.0
@@ -22,6 +25,7 @@ runs:
2225
env:
2326
SBOM_IN_PATH: ${{ inputs.sbom_in_path }}
2427
KONDUKTO_SUB_PROJECT: ${{ inputs.kondukto_sub_project }}
28+
ECR_REGISTRY: ${{ inputs.ecr_registry }}
2529
ECR_REPOSITORY: ${{ inputs.ecr_repository }}
2630
SBOM_FILE_NAME: ${{ inputs.sbom_file_name }}
2731
run: |

setup/action.yml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,15 @@ inputs:
1010
aws_secret_id:
1111
description: "The name of the aws secret to use"
1212
required: true
13-
ecr_registry:
14-
description: "The ECR registry to use"
13+
ecr_registry_id:
14+
description: "The ECR registry id to use"
1515
default: "901841024863"
16+
ecr_role_arn:
17+
description: "The ECR role arn to use"
18+
default: "arn:aws:iam::901841024863:role/ecr-role-gha-ro"
19+
ecr_region:
20+
description: "The ECR region to use"
21+
default: us-east-1
1622

1723
runs:
1824
using: composite
@@ -38,10 +44,10 @@ runs:
3844
- name: configure aws credentials for ECR
3945
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
4046
with:
41-
role-to-assume: ${{ env.ECR_ROLE_ARN }}
47+
role-to-assume: ${{ inputs.ecr_role_arn }}
4248
role-session-name: release-session
43-
aws-region: ${{ env.ECR_REGION }}
49+
aws-region: ${{ inputs.ecr_region }}
4450
- name: Log in to ECR
4551
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
4652
with:
47-
registries: "${{ env.ECR_REGISTRY_ID }}"
53+
registries: "${{ inputs.ecr_registry_id }}"

setup/setup.sh

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,10 +49,6 @@ GPG_PUBLIC_URL=${GPG_PUBLIC_URL:-}
4949
GARASIGN_ENVFILE=$GARASIGN_ENVFILE
5050
SILKBOMB_ENVFILE=${SILKBOMB_ENVFILE:-}
5151
KONDUKTO_ENVFILE=${KONDUKTO_ENVFILE:-}
52-
ECR_REGISTRY_ID=${ECR_REGISTRY_ID}
53-
ECR_REGISTRY=${ECR_REGISTRY_ID}.dkr.ecr.${ECR_REGION}.amazonaws.com
54-
ECR_ROLE_ARN=${ECR_ROLE_ARN}
55-
ECR_REGION=${ECR_REGION}
5652
RELEASE_ASSETS=$RELEASE_ASSETS
5753
S3_ASSETS=$S3_ASSETS
5854
SECURITY_REPORT_URL=${SECURITY_REPORT_URL:-}

0 commit comments

Comments
 (0)