Add ECR

.github/workflows/docker.yml

@@ -3,76 +3,69 @@ name: docker
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
     branches:
-      - master
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.run_number || github.event.pull_request.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   docker:
     name: Build Docker image
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os:
+          - ubuntu
+          # temporarily disable red hat for faster build/deploy cycles
+          #- redhat
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: amd64,arm64
+      # temporarily disable multi-arch for faster build-deploy cycles
+      #- name: Setup QEMU
+      #  uses: docker/setup-qemu-action@v3
+      #  with:
+      #    platforms: amd64,arm64
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      #- name: Set up Docker Buildx
+      #  uses: docker/setup-buildx-action@v3
 
-      - name: Login to Artifactory
-        if: ${{ github.event_name == 'push' }}
+      - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
-          registry: splitio-docker-dev.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
-          password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
-
-      - name: Create build version
-        run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
 
-      - name: Docker build
-        uses: docker/build-push-action@v6
+      - name: Configure AWS credentials
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          context: .
-          push: ${{ github.event_name == 'push' }}
-          platforms: linux/amd64,linux/arm64
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}},splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:latest
+          role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }}
+          aws-region: us-east-1
 
-  lacework:
-    name: Scan Docker image
-    if: ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - name: Login to Amazon ECR
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/amazon-ecr-login@v2
 
-      - name: Create build version
-        run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV
+      - name: Get version
+        run: echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
 
-      - name: Docker build
+      - name: Docker Build and Push
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: false
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}}
-          build-args: |
-            ARTIFACTORY_USER=${{ secrets.ARTIFACTORY_USER }}
-            ARTIFACTORY_TOKEN=${{ secrets.ARTIFACTORY_TOKEN }}
-
-      - name: Scan container using Lacework
-        uses: lacework/lw-scanner-action@v1.4.5
-        with:
-          LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
-          LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-          IMAGE_NAME: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}
-          IMAGE_TAG: ${{ env.BUILD_VERSION}}
-          SAVE_RESULTS_IN_LACEWORK: true
+          file: ${{ matrix.os }}/Dockerfile
+          push: ${{ github.event_name == 'push' }}
+          platforms: linux/amd64 # ,linux/arm64 -- temporaily disable multi-arch
+          tags: |
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:${{ env.VERSION }}
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:latest

.github/workflows/unstable.yml

@@ -3,38 +3,61 @@ name: unstable
 on:
   push:
     branches-ignore:
-      - master
+      - main
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
   push-docker-image:
     name: Build and Push Docker Image
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os:
+          - ubuntu
+          # temporarily disable red hat for faster build/deploy cycles
+          #- redhat
     steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          registry: splitio-docker-dev.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
-          password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
-
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+      # temporarily disable multi-arch for faster build-deploy cycles
+      #- name: Setup QEMU
+      #  uses: docker/setup-qemu-action@v3
+      #  with:
+      #    platforms: amd64,arm64
+
+      #- name: Set up Docker Buildx
+      #  uses: docker/setup-buildx-action@v3
+
+      - name: Login to Dockerhub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
+
+      - name: Configure AWS credentials
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          platforms: amd64,arm64
+          role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }}
+          aws-region: us-east-1
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Login to Amazon ECR
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/amazon-ecr-login@v2
 
       - name: Get short hash
         run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
-      - name: Docker Build
+      - name: Docker Build and Push
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.SHORT_SHA}}
+          file: ${{ matrix.os }}/Dockerfile
+          push: ${{ github.event_name == 'push' }}
+          platforms: linux/amd64 #,linux/arm64 -- temporarily disable multi-arcxh
+          tags: |
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:${{ env.SHORT_SHA }}