Skip to content

bump(deps): update actions/stale digest to b69b346 #63

bump(deps): update actions/stale digest to b69b346

bump(deps): update actions/stale digest to b69b346 #63

Workflow file for this run

name: Release Apps
on:
release:
types: [published]
push:
branches: [main]
pull_request:
branches: [main]
paths-ignore:
- "apps/web/**"
- "packages/**"
permissions:
id-token: write
contents: read
packages: write
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
cancel-in-progress: true
jobs:
aws_ecr:
name: Publish AWS ECR
runs-on: ubuntu-latest
strategy:
matrix:
include:
- name: metascan-api
environment: AWS ECR
acc: 553774129222
environment: ${{ matrix.environment }}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.0.0
- run: corepack enable pnpm
- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version-file: ".nvmrc"
cache: "pnpm"
- run: pnpm install --frozen-lockfile
- uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
with:
aws-region: ap-southeast-1
role-to-assume: arn:aws:iam::${{ matrix.acc }}:role/GITHUB_OIDC_DEFICHAIN_OPS_METASCAN_ECR_PRIVATE
role-duration-seconds: 900
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.0
with:
registry-type: private
- name: Resolve ECR Tags
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
id: ecr-tags
with:
script: return require('./.github/scripts/release-ecr-tags.js')({ context })
result-encoding: string
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ matrix.acc }}.dkr.ecr.ap-southeast-1.amazonaws.com
IMAGE_TAG: metascan-api:${{ steps.ecr-tags.outputs.result }}
run: |
docker build --file apps/server/Dockerfile -t $ECR_REGISTRY/$IMAGE_TAG .
docker push $ECR_REGISTRY/$IMAGE_TAG