Skip to content

Commit cea42cd

Browse files
teaguruteaguru
committed
fix docker cahce
1 parent 8dc884d commit cea42cd

File tree

1 file changed

+15
-13
lines changed

1 file changed

+15
-13
lines changed

.github/workflows/build.yml

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -83,27 +83,26 @@ jobs:
8383
with:
8484
version: v0.6.3
8585
driver-opts: image=moby/buildkit:v0.11.5
86-
# Configure S3 cache role for Docker layer caching
87-
- name: Configure AWS credentials for S3 cache
86+
- name: configure AWS for s3 Docker cache
87+
id: s3creds
8888
uses: aws-actions/configure-aws-credentials@v4
8989
with:
9090
role-to-assume: ${{ secrets.REGISTRY_IAM_ROLE }}
91+
role-session-name: s3
9192
aws-region: ${{ env.AWS_REGION }}
93+
output-credentials: true
9294
- name: Set dynamic env vars
9395
run: |
9496
docker version
9597
SHORT_COMMIT=$(echo $GITHUB_SHA | cut -c -8)
9698
echo "VERSION=${SHORT_COMMIT}" >> $GITHUB_ENV
9799
echo "DATABASE_PASSWORD=$( head -c 24 /dev/urandom | xxd -p | tr -d '\n ')" >> $GITHUB_ENV
98100
echo "ENVIRONMENT=$(basename $GITHUB_REF)" >> $GITHUB_ENV
101+
echo "CACHE=type=s3,region=${{ env.AWS_REGION }},bucket=${{ secrets.REGISTRY_BUCKET_NAME }},access_key_id=${{ steps.s3creds.outputs.aws-access-key-id }},secret_access_key=${{ steps.s3creds.outputs.aws-secret-access-key }},session_token=${{ steps.s3creds.outputs.aws-session-token }}" >> $GITHUB_ENV
99102
- name: Build test containers
100103
uses: docker/bake-action@v5.11.0
101104
env:
102-
CACHE: type=s3,region=${{ env.AWS_REGION }},bucket=${{ secrets.REGISTRY_BUCKET_NAME }}
103-
# Pass OIDC-provided temporary credentials to BuildKit
104-
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
105-
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
106-
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
105+
CACHE: ${{ env.CACHE }}
107106
with:
108107
files: docker-bake.hcl
109108
targets: app-test
@@ -153,21 +152,24 @@ jobs:
153152
id: login-ecr
154153
uses: aws-actions/amazon-ecr-login@v2
155154
# Reconfigure S3 cache role for Docker build (ECR push uses token from login step)
156-
- name: Configure AWS credentials for S3 cache
155+
- name: configure AWS for s3 Docker cache
157156
if: startsWith(github.ref, 'refs/heads/deploy/')
157+
id: s3creds-deploy
158158
uses: aws-actions/configure-aws-credentials@v4
159159
with:
160160
role-to-assume: ${{ secrets.REGISTRY_IAM_ROLE }}
161+
role-session-name: s3
161162
aws-region: ${{ env.AWS_REGION }}
163+
output-credentials: true
164+
- name: Update CACHE env var for deploy build
165+
if: startsWith(github.ref, 'refs/heads/deploy/')
166+
run: |
167+
echo "CACHE=type=s3,region=${{ env.AWS_REGION }},bucket=${{ secrets.REGISTRY_BUCKET_NAME }},access_key_id=${{ steps.s3creds-deploy.outputs.aws-access-key-id }},secret_access_key=${{ steps.s3creds-deploy.outputs.aws-secret-access-key }},session_token=${{ steps.s3creds-deploy.outputs.aws-session-token }}" >> $GITHUB_ENV
162168
- name: Build all other app parts and push to ECR
163169
if: startsWith(github.ref, 'refs/heads/deploy/')
164170
env:
165171
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
166-
CACHE: type=s3,region=${{ env.AWS_REGION }},bucket=${{ secrets.REGISTRY_BUCKET_NAME }}
167-
# Pass OIDC-provided temporary credentials to BuildKit
168-
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
169-
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
170-
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
172+
CACHE: ${{ env.CACHE }}
171173
uses: docker/bake-action@v5.11.0
172174
with:
173175
files: docker-bake.hcl

0 commit comments

Comments
 (0)