Update manual-prod-release.yml to use new prod ecr repo

Private ecr repo that can be logged in with credentials fetched from arpajs/sa api Add concurrency so if dev-release and manual-prod-release are done quickly back to back manual-prod-release waits for dev-release
digabi · May 8, 2024 · bfaf121 · bfaf121
1 parent 9e2d5d3
commit bfaf121
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 19 deletions.
diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml
@@ -4,6 +4,9 @@ on:
   push:
     tags: '**'
 
+concurrency:
+  group: ${{ github.ref_name }}
+
 jobs:
   dev-release:
     name: Release to private ECR
@@ -34,4 +37,4 @@ jobs:
           tags: ${{ steps.login-ecr.outputs.registry }}/drawio:${{ github.ref_name }}
           provenance: false
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/manual-prod-release.yml b/.github/workflows/manual-prod-release.yml
@@ -3,10 +3,18 @@ name: 'Manual Production Release'
 on:
   workflow_dispatch:
     inputs:
-        tag:
-          description: "Tag"
-          required: true
-          type: string
+      tag:
+        description: 'Tag'
+        required: true
+        type: string
+
+concurrency:
+  group: ${{ inputs.tag }}
+
+env:
+  DEV_IMAGE_NAME: drawio
+  PROD_IMAGE_NAME: drawio-prod
+  GITHUB_ACCESS_ROLE: DrawioGithubActionsAccessRole
 
 jobs:
   release:
@@ -19,27 +27,17 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.UTILITY_ACCOUNT_ID }}:role/DrawioGithubActionsAccessRole
+          role-to-assume: arn:aws:iam::${{ secrets.UTILITY_ACCOUNT_ID }}:role/${{ env.GITHUB_ACCESS_ROLE }}
           aws-region: eu-north-1
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
       - name: Pull private image
-        run: docker pull ${{ steps.login-ecr.outputs.registry }}/drawio:${{ inputs.tag }}
-      - name: Configure Public ECR AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.UTILITY_ACCOUNT_ID }}:role/DrawioPublicGithubActionsAccessRole
-          aws-region: us-east-1
-      - name: Login to Amazon ECR
-        id: login-public-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registry-type: public
+        run: docker pull ${{ steps.login-ecr.outputs.registry }}/$DEV_IMAGE_NAME:${{ inputs.tag }}
       - name: Tag image
-        run: docker tag ${{ steps.login-ecr.outputs.registry }}/drawio:${{ inputs.tag }} ${{ steps.login-public-ecr.outputs.registry }}/u3p9b9p9/drawio:${{ inputs.tag }}
+        run: docker tag ${{ steps.login-ecr.outputs.registry }}/$DEV_IMAGE_NAME:${{ inputs.tag }} ${{ steps.login-ecr.outputs.registry }}/$PROD_IMAGE_NAME:${{ inputs.tag }}
       - name: Push image
-        run: docker push ${{ steps.login-public-ecr.outputs.registry }}/u3p9b9p9/drawio:${{ inputs.tag }}
+        run: docker push ${{ steps.login-ecr.outputs.registry }}/$PROD_IMAGE_NAME:${{ inputs.tag }}
       - name: Create Github Release
         uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # Pin to commit hash to prevent compromise of third party action
         with: