Skip to content

🐳 Add Docker ECR Deployment Workflow #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

🐳 Add Docker ECR Deployment Workflow #25

wants to merge 6 commits into from

Conversation

@TheOrangePuff
Copy link
Member

@TheOrangePuff TheOrangePuff commented Aug 14, 2025
edited
Loading

Summary

β€’ Multi-platform Docker builds πŸ—οΈ - Build for linux/amd64, linux/arm64, and ARM variants
β€’ ECR integration πŸ“¦ - Push images to existing ECR repositories
β€’ Container signing ✍️ - Optional cosign-based image signing and attestation
β€’ Smart tagging 🏷️ - Multiple strategies: latest, semantic, branch, custom
β€’ Build optimization ⚑ - Advanced caching with registry and inline cache support

Streamlined Docker deployment pipeline with multi-platform support and optimization features for containerized applications.

Important: The ECR repository must exist before running this workflow - the workflow will fail if the repository doesn't exist.

Usage examples:

# Basic usage
uses: aligent/workflows/.github/workflows/docker-ecr-deploy.yml@main
with:
  ecr-repository: my-app
secrets:
  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

# Production with signing
uses: aligent/workflows/.github/workflows/docker-ecr-deploy.yml@main
with:
  ecr-repository: my-app
  tag-strategy: "semantic"
  enable-signing: true
secrets:
  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  container-signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}

@TheOrangePuff TheOrangePuff marked this pull request as draft September 3, 2025 02:36
TheOrangePuff and others added 2 commits September 15, 2025 15:18
@TheOrangePuff @claude
DO-1743: add comprehensive Docker ECR deployment workflow
3f1905a 
β€’ Multi-platform Docker builds (linux/amd64, linux/arm64)
β€’ ECR authentication and repository management with lifecycle policies
β€’ Container vulnerability scanning with Trivy and configurable security thresholds
β€’ Container image signing and attestation with cosign
β€’ Smart tagging strategies (latest, semantic, branch, custom)
β€’ Build cache optimization with registry and inline caching
β€’ Multi-stage build support with build arguments
β€’ Registry cleanup and automated image retention
β€’ Comprehensive input validation and security gates
β€’ Detailed deployment summary and artifact management

πŸ€– Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@TheOrangePuff
DO-1743: pin third-party GitHub Actions to commit SHAs for security
d9ad97b 
- Pin sigstore/cosign-installer@v3 to commit SHA 398d4b0eeef1380460a10c8013a76f728fb906ac
- Pin aquasecurity/trivy-action@master to commit SHA 77137e9dc3ab1b329b7c8a38c2eb7475850a14e8
- Addresses Aikido security recommendations for supply chain attack prevention
@TheOrangePuff TheOrangePuff force-pushed the feature/DO-1743_docker-ecr-deployment-workflow branch from 0d70817 to d9ad97b Compare September 15, 2025 05:48
@TheOrangePuff TheOrangePuff marked this pull request as ready for review September 15, 2025 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaronmedina-dev aaronmedina-dev Awaiting requested review from aaronmedina-dev

@AdamJHall AdamJHall Awaiting requested review from AdamJHall

@porhkz porhkz Awaiting requested review from porhkz

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheOrangePuff