diff --git a/.github/workflows/release-container-image.yml b/.github/workflows/release-container-image.yml index 7fa7007..6614185 100644 --- a/.github/workflows/release-container-image.yml +++ b/.github/workflows/release-container-image.yml @@ -13,6 +13,10 @@ on: required: true default: 'dev' +permissions: + id-token: write + contents: read + jobs: docker: runs-on: ubuntu-latest @@ -23,6 +27,15 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Configure AWS credentials via OIDC + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: ${{ secrets.ECR_ROLE }} + aws-region: us-east-1 + + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2 + - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -47,4 +60,6 @@ jobs: with: platforms: linux/amd64,linux/arm64 push: true - tags: docker.io/datastax/pulsar-admin-console:${{ env.TAG }} + tags: | + ${{ secrets.ECR_REGISTRY }}/datastax/pulsar-admin-console:${{ env.TAG }} + docker.io/datastax/pulsar-admin-console:${{ env.TAG }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index a117d5f..9a07315 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16 as UI-BUILD +FROM node:16 AS ui-build WORKDIR /build @@ -25,7 +25,7 @@ WORKDIR /home/appuser/ USER 10001:0 RUN mkdir -p dashboard/dist && mkdir server && mkdir config && ls -COPY --from=UI-BUILD --chown=10001:0 /build/dist /home/appuser/dashboard/dist +COPY --from=ui-build --chown=10001:0 /build/dist /home/appuser/dashboard/dist COPY --chown=10001:0 config/default.json /home/appuser/config/ COPY --chown=10001:0 server/package*.json /home/appuser/server/ COPY --chown=10001:0 server/*.js /home/appuser/server/ @@ -35,7 +35,7 @@ WORKDIR /home/appuser/server # OpenShift compatibility RUN chmod g+w /home/appuser -ENV HOME /home/appuser +ENV HOME=/home/appuser EXPOSE 8080 8081 6454 6455