Update Docker and Main Pipeline workflows to adjust permissions and image tags

karimzakzouk · karimzakzouk · commit 91f9f0158ff0 · 2025-08-22T21:31:28.000+03:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -14,6 +14,11 @@ on:
         description: "Docker image tag"
         value: ${{ jobs.docker-build.outputs.image-tag }}
 
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
 env:
   MONGO_URI: ${{ secrets.MONGO_URI }}
   MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }}
@@ -43,15 +48,15 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.repository_owner }}
+          username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build Docker Image
         uses: docker/build-push-action@v6
         with:
           push: false
           tags: |
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/solar-system:${{ github.sha }}
+            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
 
       - name: Test Docker Image
         run: |
@@ -63,7 +68,7 @@ jobs:
             -e MONGO_URI=${{ secrets.MONGO_URI }} \
             -e MONGO_USERNAME=${{ secrets.MONGO_USERNAME }} \
             -e MONGO_PASSWORD=${{ secrets.MONGO_PASSWORD }} \
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/solar-system:${{ github.sha }}
+            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
 
           # Wait for container to start
           sleep 15
@@ -98,4 +103,4 @@ jobs:
           push: true
           tags: |
             docker.io/${{ secrets.DOCKER_USERNAME }}/solar-system:${{ github.sha }}
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/solar-system:${{ github.sha }}
+            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
diff --git a/.github/workflows/main-pipeline.yml b/.github/workflows/main-pipeline.yml
@@ -31,6 +31,7 @@ on:
 permissions:
   contents: read
   packages: write
+  id-token: write
 
 jobs:
   ci:
@@ -43,6 +44,10 @@ jobs:
     name: Build Docker Image
     if: ${{ !inputs.skip-docker && (success() || inputs.skip-tests) }}
     needs: [ci]
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
     uses: ./.github/workflows/docker.yml
     secrets: inherit
     with:
