use eio secrets for docker hub (#510) #43
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ECM Distro Tools Release | |
on: | |
push: | |
tags: | |
- "v*" | |
jobs: | |
release: | |
permissions: | |
contents: write # Pushing artifacts to the new release. | |
id-token: write # OIDC for cosign's use in actions/publish-image. | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build ECM Distro Tools | |
run: | | |
export VERSION=${GITHUB_REF_NAME} | |
make test | |
make package-binaries | |
- name: Publish Binaries | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: gh release upload -R ${{ github.repository }} ${{ github.ref_name }} ${{ github.workspace }}/dist/* --clobber | |
- name: Load Secrets from Vault | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKERHUB_USERNAME; | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKERHUB_TOKEN; | |
- name: Publish manifest | |
uses: ./actions/publish-image | |
with: | |
image: ecm-distro-tools | |
tag: ${{ github.ref_name }} | |
platforms: ${{ matrix.platforms }} | |
push-to-public: false | |
# This project is for internal use only, therefore we can treat | |
# Docker as its Prime registry. | |
prime-registry: docker.io | |
prime-repo: rancher | |
prime-username: ${{ env.DOCKERHUB_USERNAME }} | |
prime-password: ${{ env.DOCKERHUB_TOKEN }} |