From 7e4a605f64f184363df5b57125404784794a52e0 Mon Sep 17 00:00:00 2001 From: "JJ(Jaehyeon Ju)" Date: Thu, 16 Jan 2025 09:49:28 +0900 Subject: [PATCH] Change AWS ECR account --- .github/workflows/docker_build_aws.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker_build_aws.yml b/.github/workflows/docker_build_aws.yml index 6abffbb..04c2e59 100644 --- a/.github/workflows/docker_build_aws.yml +++ b/.github/workflows/docker_build_aws.yml @@ -6,10 +6,13 @@ on: - develop workflow_dispatch: +# permission can be added at job level or workflow level +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_MWP }} - # ECR_REGISTRY: 207912665906.dkr.ecr.ap-northeast-2.amazonaws.com - ECR_REGISTRY: 931639357206.dkr.ecr.ap-northeast-2.amazonaws.com + ECR_REGISTRY: 207912665906.dkr.ecr.ap-northeast-2.amazonaws.com ECR_REPOSITORY: mwp/tails IMAGE_TAG: ${{ github.sha }} DOCKERFILE_PATH: docker/Dockerfile.tails-server @@ -25,18 +28,19 @@ jobs: status: starting if: always() - - name: Checkout tails-server - uses: actions/checkout@v2 + - name: Checkout source code + uses: actions/checkout@v4 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ap-northeast-2 + role-to-assume: arn:aws:iam::207912665906:role/mobilewallet-github-actions-role + role-session-name: MobileWalletEcrAccess + - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + uses: aws-actions/amazon-ecr-login@v2 - name: Build, tag, and push image to Amazon ECR id: build-and-push-to-ecr