Skip to content

Merge pull request #160 from govuk-one-login/dependabot/npm_and_yarn/… #83

Merge pull request #160 from govuk-one-login/dependabot/npm_and_yarn/…

Merge pull request #160 from govuk-one-login/dependabot/npm_and_yarn/… #83

name: SecurePipeline Docker build, ECR push, template copy to S3
on:
push:
branches:
- main
workflow_dispatch:
jobs:
dockerBuildAndPush:
name: Docker build and push
runs-on: ubuntu-latest
env:
AWS_REGION: eu-west-2
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Set up AWS creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
aws-region: eu-west-2
- name: SAM Validate
run: sam validate --region ${{ env.AWS_REGION }} -t deploy/template.yaml
# Likely source of node warning
# https://github.com/aws-actions/amazon-ecr-login/issues/586
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to GDS Dev Dynatrace Container Registry
uses: docker/login-action@v3
with:
registry: khw46367.live.dynatrace.com
username: khw46367
password: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.9.0'
- name: "Push signed image to ECR, updated SAM template with image then upload it to the S3 Artifact Bucket"
uses: govuk-one-login/[email protected]
with:
artifact-bucket-name: ${{ secrets.ARTIFACT_BUCKET_NAME }}
template-file: deploy/template.yaml
role-to-assume-arn: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
ecr-repo-name: ${{ secrets.ECR_REPOSITORY }}