Skip to content
Build docker

Added a artifcat auth to retrive secret #407

Sign in to view logs

Added a artifcat auth to retrive secret

Added a artifcat auth to retrive secret #407

Workflow file for this run

.github/workflows/build-docker.yaml at e939f29
name: Build docker
on:
push:
branches:
- feat/gsm-config-update
env:
IMAGE_NAME: europe-docker.pkg.dev/jumper-g-artifacts/docker-jumper-exchange/jumpex
jobs:
extract-secret:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: Set Environment Variables
id: set-env
run: |
if [[ $GITHUB_REF == 'refs/heads/develop' ]]; then
echo "GCP_PROJECT=jumper-d-dev" >> $GITHUB_ENV
elif [[ $GITHUB_REF == 'refs/heads/staging' ]]; then
echo "GCP_PROJECT=jumper-s-staging" >> $GITHUB_ENV
elif [[ $GITHUB_REF == 'refs/heads/main' ]]; then
echo "GCP_PROJECT=jumper-p-prod" >> $GITHUB_ENV
fi
- id: gcpauth
uses: google-github-actions/auth@v2
with:
create_credentials_file: true
token_format: 'access_token'
workload_identity_provider: 'projects/800848389157/locations/global/workloadIdentityPools/github/providers/github'
service_account: 'artifact-deployer-secret@jumper-g-management.iam.gserviceaccount.com'
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcpauth.outputs.access_token }}
- name: Enable Secret Manager API
run: |
gcloud services enable secretmanager.googleapis.com --project=jumper-g-management
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcpauth.outputs.credentials_file_path }}
- name: Access Environment Secrets
id: secrets
run: |
echo "Fetching secrets from project: ${{ env.GCP_PROJECT }}"
SECRET_VALUE=$(gcloud secrets versions access latest --secret="jumper-exchange-env" --project="${{ env.GCP_PROJECT }}")
echo "SECRET_VALUE=$SECRET_VALUE" >> $GITHUB_ENV
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcpauth.outputs.credentials_file_path }}
# build-docker:
# runs-on: ubuntu-latest
# # id token
# permissions:
# contents: "read"
# id-token: "write"
# steps:
# - # check out the repository
# name: Checkout
# uses: actions/checkout@v4
# - name: Set current date as env variable
# run: echo "UNIQ_ID=$(date +'%y%m%d')-${GITHUB_SHA:0:7}" >> $GITHUB_ENV
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# - name: Authenticate to Google Cloud
# id: gcpauth
# uses: google-github-actions/auth@v2
# with:
# create_credentials_file: 'true'
# workload_identity_provider: 'projects/800848389157/locations/global/workloadIdentityPools/github/providers/github'
# service_account: '[email protected]'
# - # login to gcp
# name: login
# run: |-
# gcloud auth login --brief --cred-file="${{ steps.gcpauth.outputs.credentials_file_path }}"
# gcloud auth configure-docker europe-docker.pkg.dev
# - name: Extract Docker metadata
# id: meta
# uses: docker/metadata-action@v4
# with:
# images: ${{ env.IMAGE_NAME }}
# tags: |
# type=ref,event=branch
# type=ref,event=branch,prefix=${{ env.UNIQ_ID }}-
# - name: Build and push Docker image
# uses: docker/build-push-action@v3
# with:
# context: .
# push: ${{ github.event_name != 'pull_request' }}
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# build-args: |
# ENV_FILE=${{ github.ref_name == 'main' && '.env.production' || github.ref_name == 'develop' && '.env.development' || format('.env.{0}', github.ref_name) }}
# ENV_NAME=${{ github.ref_name == 'main' && 'prod' || github.ref_name }}
# NEXT_PUBLIC_LATEST_COMMIT_SHA={{sha}}