ghcr only

.github/actions/push/action.yaml

@@ -14,19 +14,6 @@ on:
       build-args:
         required: false
         type: string
-      role-to-assume:
-        required: true
-        type: string
-      role-session-name:
-        required: true
-        type: string
-      aws-region:
-        required: true
-        type: string
-      sandbox-semver:
-        required: false
-        type: boolean
-        default: false
       semver-level:
         required: false
         type: string
@@ -75,27 +62,13 @@ jobs:
           token: ${{ secrets.github-token }}
           ref: ${{ inputs.git-release-tag }}
 
-      - name: configure aws credentials
-        id: aws-credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          role-to-assume: ${{ inputs.role-to-assume }}
-          role-session-name: ${{ inputs.role-session-name }}
-          aws-region: ${{ inputs.aws-region }}
-
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.github-token }}
 
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com
-
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v4
@@ -124,32 +97,8 @@ jobs:
       - name: Build tags
         id: build-tags
         run: |
-          if [[ ${{ inputs.environment }} == "prod" && ${{ inputs.push-git-tag }} == "true" ]]; then # Prod and auto-increment git tag
-            echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:prod-${{ steps.bump-semver.outputs.new_version }}" >> $GITHUB_ENV
-            echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:prod-${{ steps.bump-semver.outputs.new_version }}" >> $GITHUB_ENV
-          elif [[ ${{ inputs.environment }} == "prod" ]]; then # Prod and use current latest tag
-            echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:prod-${{ inputs.git-release-tag }}" >> $GITHUB_ENV
-            echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:prod-${{ inputs.git-release-tag }}" >> $GITHUB_ENV
-          elif [[ ${{ inputs.sandbox-semver }} == "true" && ${{ inputs.environment }} == "sandbox" ]]; then # Sandbox and use current tag for semver
-            echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:sandbox-${{ inputs.git-release-tag }}" >> $GITHUB_ENV
-            echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:sandbox-${{ inputs.git-release-tag }}" >> $GITHUB_ENV
-          elif [[ ${{ inputs.environment }} == "sandbox" ]]; then # Sandbox standard tagging
-            echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:sandbox-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV
-            echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:sandbox-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV
-          elif [[ ${{ inputs.environment }} == "dev" ]]; then # Dev standard tagging
-            echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV
-            echo ECR_TAG="${{ steps.aws-credentials.outputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV
-          fi
-
-      - name: Combine tags
-        id: combine-tags
-        run: |
-          docker_tags="${{ env.GHCR_TAG }},${{ env.ECR_TAG }}"
-          if [[ -n "${{ inputs.git-release-tag }}" && ${{ inputs.ghcr-semver-only-tag }} ]]; then
-            ghcr_semver_only_tag="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:${{ inputs.git-release-tag }}"
-            docker_tags="$docker_tags,$ghcr_semver_only_tag"
-          fi
-          echo "docker_tags=$docker_tags" >> $GITHUB_ENV
+          # Dev standard tagging
+          echo GHCR_TAG="ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:develop-${{ env.BUILD_TIMESTAMP }}-git.${{ env.SHORT_SHA }}" >> $GITHUB_ENV
 
       - name: Echo GITHUB_ENV variable
         run: echo $GITHUB_ENV
@@ -198,7 +147,7 @@ jobs:
           file: ${{ inputs.dockerfile }}
           push: true
           build-args: ${{ inputs.build-args }}
-          tags: ${{ env.docker_tags }}
+          tags: ${{ env.GHCR_TAG }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:cache
           cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ env.REPOSITORY_NAME }}:cache,mode=max

.github/workflows/main.yaml

@@ -11,10 +11,18 @@ permissions: # see this: https://docs.github.com/en/actions/using-jobs/assigning
   contents: write # This is required for actions/checkout
 
 jobs:
-  dev_docker_build_push:
+  push:
+    name: Push Docker
+    runs-on: ubuntu-20-04-4-cores
     if: ${{ github.ref == 'refs/heads/main' }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: false
+          token: ${{ secrets.github-token }}
+          ref: ${{ inputs.git-release-tag }}
       - uses: ./.github/actions/push
         with:
           environment: dev
@@ -24,8 +32,8 @@ jobs:
           aws-region: "us-east-2"
           go-mod-cache-path: "~/go/pkg/mod"
           go-build-cache-path: "~/.cache/go-build"
-      secrets:
-        github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
+    secrets:
+      github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
   tests:
     name: Tests

.github/workflows/pr.yaml

@@ -10,10 +10,18 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  dev_docker_build_push:
+  push:
     if: ${{ github.ref == 'refs/heads/main' }}
+    name: temporary
+    runs-on: ubuntu-20-04-4-cores
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: false
+          token: ${{ secrets.github-token }}
+          ref: ${{ inputs.git-release-tag }}
       - uses: ./.github/actions/push
         with:
           environment: dev
@@ -23,8 +31,8 @@ jobs:
           aws-region: "us-east-2"
           go-mod-cache-path: "~/go/pkg/mod"
           go-build-cache-path: "~/.cache/go-build"
-      secrets:
-        github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
+    secrets:
+      github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
   bootstrap:
     name: Local E2E Tests

.github/workflows/release.yaml

@@ -48,7 +48,13 @@ jobs:
     name: "Testnet: Release"
     needs: [setup, dev_validate]
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: false
+          token: ${{ secrets.github-token }}
+          ref: ${{ inputs.git-release-tag }}
       - uses: ./.github/actions/push
         with:
           environment: sandbox
@@ -60,8 +66,8 @@ jobs:
           push-git-tag: false
           git-release-tag: ${{ needs.setup.outputs.tag_name }}
           ghcr-semver-only-tag: false # prod release to deploy non-prefixed image
-      secrets:
-        github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
+    secrets:
+      github-token: ${{ secrets.PLATFORM_SA_GITHUB_TOKEN }}
 
   sandbox_images:
     name: "Testnet: Rollout"