From 9ba5f76eab9f08da6bbb00e34a1c82483cee2641 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Thu, 13 Nov 2025 10:17:24 +0100 Subject: [PATCH 1/8] feat: add registry type --- .github/actions/build-push-image/action.yml | 5 +++++ .github/actions/get-ecr-scan-result/action.yml | 5 +++++ .github/actions/retag-image/action.yml | 5 +++++ .github/workflows/build-docker-artifacts-push.yml | 3 ++- .github/workflows/build-docker-artifacts-trigger-push.yml | 4 ++-- .github/workflows/build-docker-artifacts.yml | 4 ++-- 6 files changed, 21 insertions(+), 5 deletions(-) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 65b70793..963b3e95 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -9,6 +9,10 @@ inputs: aws_region: description: "aws region to use" required: true + registry_type: + description: "type of registry (public|private)" + required: false + default: "private" ecr_registry: description: "registry where to push the image" required: true @@ -38,6 +42,7 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} + registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 diff --git a/.github/actions/get-ecr-scan-result/action.yml b/.github/actions/get-ecr-scan-result/action.yml index a352b9ed..c378f60a 100644 --- a/.github/actions/get-ecr-scan-result/action.yml +++ b/.github/actions/get-ecr-scan-result/action.yml @@ -9,6 +9,10 @@ inputs: aws_region: description: "aws region to use" required: true + registry_type: + description: "type of registry (public|private)" + required: false + default: "private" ecr_registry: description: "registry where to push the image" required: true @@ -47,6 +51,7 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} + registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 diff --git a/.github/actions/retag-image/action.yml b/.github/actions/retag-image/action.yml index 8cc10f84..ae7ad12a 100644 --- a/.github/actions/retag-image/action.yml +++ b/.github/actions/retag-image/action.yml @@ -9,6 +9,10 @@ inputs: aws_region: description: "aws region to use" required: true + registry_type: + description: "type of registry (public|private)" + required: false + default: "private" ecr_repositories: description: "ecr repositories (name only) - seperated with ," required: true @@ -27,6 +31,7 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} + registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 diff --git a/.github/workflows/build-docker-artifacts-push.yml b/.github/workflows/build-docker-artifacts-push.yml index 6e0f3a47..9d9bc463 100644 --- a/.github/workflows/build-docker-artifacts-push.yml +++ b/.github/workflows/build-docker-artifacts-push.yml @@ -33,7 +33,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "main" + WORKFLOW_BRANCH: "feat-add-registry-type" permissions: contents: read @@ -108,6 +108,7 @@ jobs: source_images: ${{ fromJson(steps.get-customer.outputs.result).source_images }} destination_aws_role: ${{ steps.get-aws-image-config.outputs.aws_role }} destination_aws_region: ${{ steps.get-aws-image-config.outputs.aws_region }} + destination_registry_type: ${{ steps.get-aws-image-config.outputs.registry_type }} destination_aws_access_key_id: ${{ steps.get-aws-image-config.outputs.aws_access_key_id }} destination_aws_secret_access_key: ${{ steps.get-aws-image-config.outputs.aws_secret_access_key }} destination_images: ${{ fromJson(steps.get-customer.outputs.result).destination_images }} diff --git a/.github/workflows/build-docker-artifacts-trigger-push.yml b/.github/workflows/build-docker-artifacts-trigger-push.yml index 62128c9e..568b083e 100644 --- a/.github/workflows/build-docker-artifacts-trigger-push.yml +++ b/.github/workflows/build-docker-artifacts-trigger-push.yml @@ -28,7 +28,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "main" + WORKFLOW_BRANCH: "feat-add-registry-type" permissions: contents: read @@ -106,6 +106,6 @@ jobs: repo: "infrastructure-k8s" github_token: ${{ secrets.DATAVISYN_BOT_REPO_TOKEN }} workflow_file_name: "push-docker-artifact-to-customer.yml" - ref: "main" + ref: "feat-add-registry-type" github_user: ${{ secrets.DV_BOT_USER }} client_payload: ${{ toJson(matrix.customer) }} diff --git a/.github/workflows/build-docker-artifacts.yml b/.github/workflows/build-docker-artifacts.yml index 5d23e66f..142c66b5 100644 --- a/.github/workflows/build-docker-artifacts.yml +++ b/.github/workflows/build-docker-artifacts.yml @@ -46,7 +46,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "main" + WORKFLOW_BRANCH: "feat-add-registry-type" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" @@ -453,7 +453,7 @@ jobs: # if? When should we do this? Always? Only for certain branches? If so, how should we define that, in the config.json? # We need the always() && !cancelled() && !failure() because the test-images may have been skipped (which is fine), but this transitvely propagates through retag-images to here. See https://github.com/actions/runner/issues/491#issuecomment-1507495166 if: ${{ always() && !cancelled() && !failure() && fromJson(needs.get-flavors.outputs.result).skip_push != true && fromJson(needs.get-flavors.outputs.result).push_to != '' }} - uses: datavisyn/github-workflows/.github/workflows/build-docker-artifacts-trigger-push.yml@main + uses: datavisyn/github-workflows/.github/workflows/build-docker-artifacts-trigger-push.yml@feat-add-registry-type secrets: inherit with: push_to: ${{ fromJson(needs.get-flavors.outputs.result).push_to }} From 9e5162c6b0e783c356feba17b91656e866b4b169 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Thu, 13 Nov 2025 12:37:25 +0100 Subject: [PATCH 2/8] fix: remove incorrect paramaters --- .github/actions/build-push-image/action.yml | 1 - .github/actions/get-ecr-scan-result/action.yml | 1 - .github/actions/retag-image/action.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 963b3e95..5155a115 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -42,7 +42,6 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} - registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 diff --git a/.github/actions/get-ecr-scan-result/action.yml b/.github/actions/get-ecr-scan-result/action.yml index c378f60a..c0156d27 100644 --- a/.github/actions/get-ecr-scan-result/action.yml +++ b/.github/actions/get-ecr-scan-result/action.yml @@ -51,7 +51,6 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} - registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 diff --git a/.github/actions/retag-image/action.yml b/.github/actions/retag-image/action.yml index ae7ad12a..f9779c9a 100644 --- a/.github/actions/retag-image/action.yml +++ b/.github/actions/retag-image/action.yml @@ -31,7 +31,6 @@ runs: with: role-to-assume: ${{ inputs.aws_role }} aws-region: ${{ inputs.aws_region }} - registry-type: ${{ inputs.registry_type }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 From 4c80d4fcc879e7da990366099e8b0ae25f90fb22 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Thu, 13 Nov 2025 12:39:38 +0100 Subject: [PATCH 3/8] fix: param usage --- .github/actions/build-push-image/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 5155a115..1c92d571 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -55,6 +55,8 @@ runs: ECR_REGISTRY: ${{ inputs.ecr_registry }} ECR_REPOSITORY: ${{ inputs.ecr_repository }} IMAGE_TAG: ${{ inputs.image_tag }} + with: + registry-type: ${{ inputs.registry_type }} shell: bash - name: Build and push image to Amazon ECR uses: docker/build-push-action@v6 From dbfe5786e75b0ca9c872c877112ba1e733130060 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Thu, 13 Nov 2025 13:40:07 +0100 Subject: [PATCH 4/8] chore: update datavisyn/github-action-trigger-workflow --- .github/workflows/build-docker-artifacts-trigger-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker-artifacts-trigger-push.yml b/.github/workflows/build-docker-artifacts-trigger-push.yml index 568b083e..dba15b38 100644 --- a/.github/workflows/build-docker-artifacts-trigger-push.yml +++ b/.github/workflows/build-docker-artifacts-trigger-push.yml @@ -100,7 +100,7 @@ jobs: steps: - name: Trigger push docker artifacts to ${{ matrix.customer.customer }} if: ${{ matrix.customer.customer_json.skip != true }} - uses: datavisyn/github-action-trigger-workflow@v1 + uses: datavisyn/github-action-trigger-workflow@v2-test with: owner: "datavisyn" repo: "infrastructure-k8s" From f2477657171de981dc3b3a19ca8e0b7d503d0138 Mon Sep 17 00:00:00 2001 From: dvvanessastoiber Date: Thu, 13 Nov 2025 13:40:17 +0100 Subject: [PATCH 5/8] fix: add param --- .github/actions/build-push-image/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 1c92d571..50017377 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -45,6 +45,8 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + registry-type: ${{ inputs.registry_type }} - name: get image tag id: get-image-tag run: | @@ -55,8 +57,6 @@ runs: ECR_REGISTRY: ${{ inputs.ecr_registry }} ECR_REPOSITORY: ${{ inputs.ecr_repository }} IMAGE_TAG: ${{ inputs.image_tag }} - with: - registry-type: ${{ inputs.registry_type }} shell: bash - name: Build and push image to Amazon ECR uses: docker/build-push-action@v6 From 148e694f7a181305ae4630e6172d3833cb9173b7 Mon Sep 17 00:00:00 2001 From: Michael Puehringer Date: Tue, 23 Dec 2025 11:37:02 +0100 Subject: [PATCH 6/8] Add registry type inputs --- .github/actions/build-push-image/action.yml | 4 ++-- .github/actions/get-ecr-scan-result/action.yml | 4 +++- .github/actions/retag-image/action.yml | 4 +++- .github/workflows/build-docker-artifacts-push.yml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 50017377..5ee9292a 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -9,7 +9,7 @@ inputs: aws_region: description: "aws region to use" required: true - registry_type: + ecr_registry_type: description: "type of registry (public|private)" required: false default: "private" @@ -46,7 +46,7 @@ runs: id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 with: - registry-type: ${{ inputs.registry_type }} + registry-type: ${{ inputs.ecr_registry_type }} - name: get image tag id: get-image-tag run: | diff --git a/.github/actions/get-ecr-scan-result/action.yml b/.github/actions/get-ecr-scan-result/action.yml index c0156d27..99e051a2 100644 --- a/.github/actions/get-ecr-scan-result/action.yml +++ b/.github/actions/get-ecr-scan-result/action.yml @@ -9,7 +9,7 @@ inputs: aws_region: description: "aws region to use" required: true - registry_type: + ecr_registry_type: description: "type of registry (public|private)" required: false default: "private" @@ -54,6 +54,8 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + registry-type: ${{ inputs.ecr_registry_type }} - name: Get AWS ECR Scan results id: get-scan-results run: | diff --git a/.github/actions/retag-image/action.yml b/.github/actions/retag-image/action.yml index f9779c9a..0599dfd5 100644 --- a/.github/actions/retag-image/action.yml +++ b/.github/actions/retag-image/action.yml @@ -9,7 +9,7 @@ inputs: aws_region: description: "aws region to use" required: true - registry_type: + ecr_registry_type: description: "type of registry (public|private)" required: false default: "private" @@ -34,6 +34,8 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + registry-type: ${{ inputs.ecr_registry_type }} - name: retag image run: | mapfile -t array < <(echo "${REPOSITORY_NAMES}" | tr ',' "\n") diff --git a/.github/workflows/build-docker-artifacts-push.yml b/.github/workflows/build-docker-artifacts-push.yml index 9d9bc463..5f045476 100644 --- a/.github/workflows/build-docker-artifacts-push.yml +++ b/.github/workflows/build-docker-artifacts-push.yml @@ -108,7 +108,7 @@ jobs: source_images: ${{ fromJson(steps.get-customer.outputs.result).source_images }} destination_aws_role: ${{ steps.get-aws-image-config.outputs.aws_role }} destination_aws_region: ${{ steps.get-aws-image-config.outputs.aws_region }} - destination_registry_type: ${{ steps.get-aws-image-config.outputs.registry_type }} destination_aws_access_key_id: ${{ steps.get-aws-image-config.outputs.aws_access_key_id }} destination_aws_secret_access_key: ${{ steps.get-aws-image-config.outputs.aws_secret_access_key }} + destination_ecr_registry_type: ${{ steps.get-aws-image-config.outputs.ecr_registry_type }} destination_images: ${{ fromJson(steps.get-customer.outputs.result).destination_images }} From 75be1297afc173edf79d90154fc5de5780e73fc4 Mon Sep 17 00:00:00 2001 From: Michael Puehringer Date: Tue, 23 Dec 2025 12:41:15 +0100 Subject: [PATCH 7/8] Revert --- .github/workflows/build-docker-artifacts-push.yml | 2 +- .github/workflows/build-docker-artifacts-trigger-push.yml | 6 +++--- .github/workflows/build-docker-artifacts.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-docker-artifacts-push.yml b/.github/workflows/build-docker-artifacts-push.yml index 5f045476..04c6e2c2 100644 --- a/.github/workflows/build-docker-artifacts-push.yml +++ b/.github/workflows/build-docker-artifacts-push.yml @@ -33,7 +33,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "feat-add-registry-type" + WORKFLOW_BRANCH: "main" permissions: contents: read diff --git a/.github/workflows/build-docker-artifacts-trigger-push.yml b/.github/workflows/build-docker-artifacts-trigger-push.yml index dba15b38..62128c9e 100644 --- a/.github/workflows/build-docker-artifacts-trigger-push.yml +++ b/.github/workflows/build-docker-artifacts-trigger-push.yml @@ -28,7 +28,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "feat-add-registry-type" + WORKFLOW_BRANCH: "main" permissions: contents: read @@ -100,12 +100,12 @@ jobs: steps: - name: Trigger push docker artifacts to ${{ matrix.customer.customer }} if: ${{ matrix.customer.customer_json.skip != true }} - uses: datavisyn/github-action-trigger-workflow@v2-test + uses: datavisyn/github-action-trigger-workflow@v1 with: owner: "datavisyn" repo: "infrastructure-k8s" github_token: ${{ secrets.DATAVISYN_BOT_REPO_TOKEN }} workflow_file_name: "push-docker-artifact-to-customer.yml" - ref: "feat-add-registry-type" + ref: "main" github_user: ${{ secrets.DV_BOT_USER }} client_payload: ${{ toJson(matrix.customer) }} diff --git a/.github/workflows/build-docker-artifacts.yml b/.github/workflows/build-docker-artifacts.yml index 142c66b5..5d23e66f 100644 --- a/.github/workflows/build-docker-artifacts.yml +++ b/.github/workflows/build-docker-artifacts.yml @@ -46,7 +46,7 @@ concurrency: cancel-in-progress: true env: - WORKFLOW_BRANCH: "feat-add-registry-type" + WORKFLOW_BRANCH: "main" DATAVISYN_PYTHON_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main" DATAVISYN_NGINX_BASE_IMAGE: "188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main" @@ -453,7 +453,7 @@ jobs: # if? When should we do this? Always? Only for certain branches? If so, how should we define that, in the config.json? # We need the always() && !cancelled() && !failure() because the test-images may have been skipped (which is fine), but this transitvely propagates through retag-images to here. See https://github.com/actions/runner/issues/491#issuecomment-1507495166 if: ${{ always() && !cancelled() && !failure() && fromJson(needs.get-flavors.outputs.result).skip_push != true && fromJson(needs.get-flavors.outputs.result).push_to != '' }} - uses: datavisyn/github-workflows/.github/workflows/build-docker-artifacts-trigger-push.yml@feat-add-registry-type + uses: datavisyn/github-workflows/.github/workflows/build-docker-artifacts-trigger-push.yml@main secrets: inherit with: push_to: ${{ fromJson(needs.get-flavors.outputs.result).push_to }} From 3ed9b0997d2c8b28d7750c3ceb3d642b6a75d2af Mon Sep 17 00:00:00 2001 From: Michael Puehringer Date: Tue, 23 Dec 2025 12:46:12 +0100 Subject: [PATCH 8/8] Remove unused registry type (as ours will always be private) --- .github/actions/build-push-image/action.yml | 6 ------ .github/actions/get-ecr-scan-result/action.yml | 6 ------ .github/actions/retag-image/action.yml | 6 ------ 3 files changed, 18 deletions(-) diff --git a/.github/actions/build-push-image/action.yml b/.github/actions/build-push-image/action.yml index 5ee9292a..65b70793 100644 --- a/.github/actions/build-push-image/action.yml +++ b/.github/actions/build-push-image/action.yml @@ -9,10 +9,6 @@ inputs: aws_region: description: "aws region to use" required: true - ecr_registry_type: - description: "type of registry (public|private)" - required: false - default: "private" ecr_registry: description: "registry where to push the image" required: true @@ -45,8 +41,6 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - registry-type: ${{ inputs.ecr_registry_type }} - name: get image tag id: get-image-tag run: | diff --git a/.github/actions/get-ecr-scan-result/action.yml b/.github/actions/get-ecr-scan-result/action.yml index 99e051a2..a352b9ed 100644 --- a/.github/actions/get-ecr-scan-result/action.yml +++ b/.github/actions/get-ecr-scan-result/action.yml @@ -9,10 +9,6 @@ inputs: aws_region: description: "aws region to use" required: true - ecr_registry_type: - description: "type of registry (public|private)" - required: false - default: "private" ecr_registry: description: "registry where to push the image" required: true @@ -54,8 +50,6 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - registry-type: ${{ inputs.ecr_registry_type }} - name: Get AWS ECR Scan results id: get-scan-results run: | diff --git a/.github/actions/retag-image/action.yml b/.github/actions/retag-image/action.yml index 0599dfd5..8cc10f84 100644 --- a/.github/actions/retag-image/action.yml +++ b/.github/actions/retag-image/action.yml @@ -9,10 +9,6 @@ inputs: aws_region: description: "aws region to use" required: true - ecr_registry_type: - description: "type of registry (public|private)" - required: false - default: "private" ecr_repositories: description: "ecr repositories (name only) - seperated with ," required: true @@ -34,8 +30,6 @@ runs: - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - registry-type: ${{ inputs.ecr_registry_type }} - name: retag image run: | mapfile -t array < <(echo "${REPOSITORY_NAMES}" | tr ',' "\n")