fix(payment actions): Support maven github registry and linked Docker build/push (#74)

diegolagospagopa · web-flow · commit e67e0ec4bb01 · 2025-01-27T12:49:55.000+01:00
* added github token for maven package

* Updated payments release to manage github token on maven

* updated documentation

* updated documentation
diff --git a/payments-flow-docker-snapshot/README.md b/payments-flow-docker-snapshot/README.md
@@ -9,6 +9,10 @@ and if runned manually, create a fake tag called `develop-snapshot` + the previo
 
 ## how to use
 
+- `github_pat`: allow to use your github pat, if not the repository default github token will be used
+
+### Example
+
 ```yaml
 name: 📦 Flow Snapshot Docker
 
@@ -37,6 +41,10 @@ on:
           required: false
           default: 'main'
 
+permissions:
+  packages: write
+  contents: read
+
 env:
   # branch choosed by workflow_dispatch or by push event
   CURRENT_BRANCH: ${{ github.event.inputs.branch || github.ref_name }}
diff --git a/payments-flow-docker-snapshot/action.yml b/payments-flow-docker-snapshot/action.yml
@@ -5,6 +5,10 @@ inputs:
   current_branch:
     description: Branch used to launch the action
     required: true
+  github_pat:
+    description: Personal GitHub token for packages
+    required: false
+    default: ''
   docker_labels:
     description: Labels for docker push
     required: false
@@ -15,17 +19,24 @@ inputs:
 runs:
   using: "composite"
   steps:
+      # Set the appropriate token
+      - name: 🔐 Set GitHub Token
+        id: set_token
+        shell: bash
+        run: |
+          if [ -n "${{ inputs.github_pat }}" ]; then
+            echo "GITHUB_AUTH_TOKEN=${{ inputs.github_pat }}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_AUTH_TOKEN=${{ github.token }}" >> $GITHUB_OUTPUT
+          fi
+
       - name: 🛃 Log in to the Github Container registry
-        # https://github.com/docker/login-action/releases/tag/v3.3.0
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ github.token }}
+          password: ${{ steps.set_token.outputs.GITHUB_AUTH_TOKEN }}
 
-      #
-      # Docker
-      #
       - name: 🤔 Set Docker tags
         id: set_docker_tags
         shell: bash
@@ -37,10 +48,11 @@ runs:
           fi
 
       - name: 🚀 Build and push Docker image
-        # https://github.com/docker/build-push-action/releases/tag/v6.9.0
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
         with:
           context: .
           push: true
           tags: ${{ steps.set_docker_tags.outputs.DOCKER_TAGS }}
           labels: ${{ inputs.docker_labels }}
+          build-args: |
+            GITHUB_TOKEN=${{ steps.set_token.outputs.GITHUB_AUTH_TOKEN }}
diff --git a/payments-flow-release/README.md b/payments-flow-release/README.md
@@ -8,6 +8,10 @@ Allows to make a release and build a docker image with the follow tags:
 
 ## how to use
 
+- `github_pat`: allow to use your github pat, if not the repository default github token will be used
+
+### Example
+
 ```yaml
 name: 🚀 Flow Release
 
@@ -23,6 +27,10 @@ on:
       - '.**'
   workflow_dispatch:
 
+permissions:
+  packages: write
+  contents: write
+
 jobs:
 
   checkout:
diff --git a/payments-flow-release/action.yml b/payments-flow-release/action.yml
@@ -5,6 +5,10 @@ inputs:
   current_branch:
     description: Branch used to launch the action
     required: true
+  github_pat:
+    description: Personal GitHub token for packages
+    required: false
+    default: ''
   docker_build: 
     description: Docker build
     required: false
@@ -31,11 +35,22 @@ runs:
           echo "TAG_FORMAT=v\${version}" >> $GITHUB_OUTPUT
         fi
 
+    # Set the appropriate token
+    - name: 🔐 Set GitHub Token
+      id: set_token
+      shell: bash
+      run: |
+        if [ -n "${{ inputs.github_pat }}" ]; then
+          echo "GITHUB_AUTH_TOKEN=${{ inputs.github_pat }}" >> $GITHUB_OUTPUT
+        else
+          echo "GITHUB_AUTH_TOKEN=${{ github.token }}" >> $GITHUB_OUTPUT
+        fi
+
     - name: 🚀 Release
       id: release
       uses: pagopa/eng-github-actions-iac-template/global/release-action@main
       with:
-        github_token: ${{ github.token }}
+        github_token: ${{ steps.set_token.outputs.GITHUB_AUTH_TOKEN }}
         tag_format: ${{ steps.set-tag-format.outputs.TAG_FORMAT }}
         branches: ${{ github.ref_name }}
 
@@ -65,7 +80,7 @@ runs:
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
-        password: ${{ github.token }}
+        password: ${{ steps.set_token.outputs.GITHUB_AUTH_TOKEN }}
 
     - name: 📦 Build and push Docker image with release version
       id: docker_build_push
@@ -76,3 +91,5 @@ runs:
         push: true
         tags: ${{ steps.set_docker_tags.outputs.DOCKER_TAGS }}
         labels: ${{ inputs.docker_labels }}
+        build-args: |
+          GITHUB_TOKEN=${{ steps.set_token.outputs.GITHUB_AUTH_TOKEN }}
