Skip to content

Commit

Permalink
Use docker/login-action for OC container registry login in deploy wor…
Browse files Browse the repository at this point in the history 
…kflow

To avoid unencrypted storage of docker password.
  • Loading branch information
@yrodiere
yrodiere committed Feb 20, 2024
1 parent 46d49fe commit 125c69c
Showing 1 changed file with 14 additions and 14 deletions.
28 changes: 14 additions & 14 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,21 +42,12 @@ jobs:
with:
version: 'v3.13.3'

- name: Log in to OpenShift (Dev)
if: ${{ github.ref == 'refs/heads/main' }}
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN_DEV }}
namespace: ${{ env.OPENSHIFT_NAMESPACE_DEV }}

- name: Log in to OpenShift (Prod)
if: ${{ github.ref == 'refs/heads/production' }}
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN_PROD }}
namespace: ${{ env.OPENSHIFT_NAMESPACE_PROD }}
openshift_token: ${{ github.ref == 'refs/heads/production' && secrets.OPENSHIFT_TOKEN_PROD || secrets.OPENSHIFT_TOKEN_DEV }}
namespace: ${{ github.ref == 'refs/heads/production' && secrets.OPENSHIFT_NAMESPACE_PROD || secrets.OPENSHIFT_NAMESPACE_DEV }}

- name: Create ImageStreams
run: |
Expand All @@ -66,8 +57,17 @@ jobs:
oc set image-lookup search-quarkus-io
oc set image-lookup opensearch-custom
- name: Log in to OpenShift container registry
run: oc whoami --show-token | docker login -u "ignored" --password-stdin "$(oc registry info)"
- name: Retrieve OpenShift Container Registry URL
id: oc-registry
run: |
echo -n "OC_REGISTRY_URL=" >> "$GITHUB_OUTPUT"
oc whoami --show-token >> "$GITHUB_OUTPUT"
- name: Log in to OpenShift Container Registry
uses: docker/login-action@v3
with:
registry: ${{ steps.oc-registry.outputs.OC_REGISTRY_URL }}
username: ignored
password: ${{ github.ref == 'refs/heads/production' && secrets.OPENSHIFT_TOKEN_PROD || secrets.OPENSHIFT_TOKEN_DEV }}

- name: Build container images and Helm charts, push app container image
run: |
Expand Down

0 comments on commit 125c69c

Please sign in to comment.