Skip to content

Remove paths restriction #92

Remove paths restriction

Remove paths restriction #92

name: "Update combine_deploy image"
on:
push:
branches: [docker-actions, master]
# paths:
# - "deploy/**"
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
build:
runs-on: ubuntu-22.04
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.ecr-public.us-east-1.amazonaws.com:443
api.github.com:443
archive.ubuntu.com:80
auth.docker.io:443
cdn.dl.k8s.io:443
dl.k8s.io:443
files.pythonhosted.org:443
get.helm.sh:443
github.com:443
production.cloudflare.docker.com:443
public.ecr.aws:443
pypi.org:443
raw.githubusercontent.com:443
registry-1.docker.io:443
security.ubuntu.com:80
sts.us-east-1.amazonaws.com:443
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to AWS ECR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Build combine_deploy
uses: docker/[email protected]
with:
context: "{{defaultContext}}:deploy"
push: true
tags: public.ecr.aws/thecombine/combine_deploy:latest