Update docker workflow for assume role (#158)

pendharevaibhav-cd · pranaydeokar-cd · clouddrove-ci · web-flow · commit 6058fa609ae5 · 2025-02-05T10:47:12.000+01:00
Co-authored-by: pranaydeokar &lt;pranay.deokar@clouddrove.com&gt;
Co-authored-by: Pranay deokar &lt;140384952+pranaydeokar@users.noreply.github.com&gt;
Co-authored-by: CloudDrove CI &lt;84795582+clouddrove-ci@users.noreply.github.com&gt;
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -4,34 +4,50 @@ name: docker-build-push
 on:
   workflow_call:
     inputs:
-      registry:
-        required: true
+      provider:
+        required: false
         type: string
       images:
         required: true
         type: string
-      aws-region:
-        required: true
+      aws_region:
+        required: false
         type: string
       ECR_REPOSITORY:
-        required: true
+        required: false
         type: string
       IMAGE_TAG:
         required: true
         type: string
+      BUILD_PATH:
+        required: false
+        type: string
+        default: '.'
+      WORKING_DIRECTORY:
+        required: false
+        type: string
+      assume_role_arn:
+        required: false
+        type: string
     secrets:
       AWS_ACCESS_KEY_ID:
-        description: 'aws access keys'
-        required: true
+        required: false
+        description: 'AWS Access Key ID to install AWS CLI.'
+      BUILD_ROLE:
+        required: false
+        description: 'AWS OIDC role for aws authentication.'
       AWS_SECRET_ACCESS_KEY:
-        description: 'aws secret access keys'
-        required: true
+        required: false
+        description: 'AWS Secret access key to install AWS CLI'
+      AWS_SESSION_TOKEN:
+        required: false
+        description: 'AWS Session Token to install AWS CLI'
       DOCKERHUB_USERNAME:
         description: 'dockerhub username'
-        required: true
+        required: false
       DOCKERHUB_PASSWORD:
         description: 'dockerhub password'
-        required: true
+        required: false
 
 jobs:
   build-image:
@@ -44,54 +60,71 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to Docker Hub
+        if: ${{ inputs.provider == 'DOCKERHUB' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Push docker image to DOCKERHUB
-        if: ${{ inputs.registry == 'DOCKERHUB' }}
+        if: ${{ inputs.provider == 'DOCKERHUB' }}
         env:
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
           images: ${{ inputs.images }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
         run: |
-          docker build -t $images:$IMAGE_TAG .
+          docker build -t $images:$IMAGE_TAG $BUILD_PATH
           docker push $images:$IMAGE_TAG
 
       - name: Configure AWS credentials
+        if: ${{ inputs.provider == 'aws' }}
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ inputs.aws-region }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          role-to-assume: ${{ secrets.BUILD_ROLE }}
+          aws-region: ${{ inputs.aws_region }}
+          role-duration-seconds: ${{ inputs.role-duration-seconds }}
+          role-skip-session-tagging: true
+
+      - name: Verify awscli
+        if: ${{ inputs.provider == 'aws' }}
+        run: |
+          aws sts get-caller-identity
+
 
       - name: Login to Amazon ECR
+        if: ${{ inputs.provider == 'aws' }}
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
       - name: Push docker image to Amazon ECR
-        if: ${{ inputs.registry == 'ECR' }}
+        if: ${{ inputs.provider == 'aws' }}
         id: docker-build
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
+        working-directory: ${{ inputs.WORKING_DIRECTORY }}
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $BUILD_PATH
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
       - name: Push docker image to Amazon ECR and DOCKERHUB
-        if: ${{ inputs.registry == 'DOCKERHUB,ECR' }}
+        if: ${{ inputs.provider == 'DOCKERHUB,aws' }}
         env:
           ## For ECR env variable
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
           ## For DOCKERHUB env variable
           images: ${{ inputs.images }}
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $BUILD_PATH
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker build -t $images:$IMAGE_TAG .
+          docker build -t $images:$IMAGE_TAG $BUILD_PATH
           docker push $images:$IMAGE_TAG
 ...
