Add secrets inheritance to latest-release workflow #72
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # Copyright 2023 Authors of SentryFlow | |
| name: Latest release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| files-changed: | |
| name: Find out which files were changed | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| outputs: | |
| sentryflow: ${{ steps.filter.outputs.sentryflow}} | |
| envoyfilter: ${{ steps.filter.outputs.envoyfilter}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| sentryflow: | |
| - 'sentryflow/**' | |
| envoyfilter: | |
| - 'filter/envoy/envoy-wasm-filters/**' | |
| release-sentryflow-image: | |
| needs: [ files-changed ] | |
| if: ${{ github.repository == 'accuknox/sentryflow' && needs.files-changed.outputs.sentryflow == 'true' }} | |
| name: Build and push sentryflow's image | |
| uses: ./.github/workflows/release-image.yaml | |
| with: | |
| WORKING_DIRECTORY: ./sentryflow | |
| NAME: sentryflow | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} | |
| release-envoy-filter-sidecar-image: | |
| if: ${{ github.repository == 'accuknox/sentryflow' }} | |
| name: Build and push envoy sidecar filter image | |
| uses: ./.github/workflows/release-image.yaml | |
| with: | |
| WORKING_DIRECTORY: ./filter/envoy/envoy-wasm-filters | |
| NAME: sentryflow-httpfilter | |
| ECR_REPOSITORY: "public.ecr.aws/k9v9d5v2" | |
| REGISTRY_TYPE: public | |
| DOCKER_BUILD_ARGS: "--build-arg PLUGIN_TYPE=sidecar" | |
| IMAGE_TAG: "latest-sidecar" | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} | |
| release-envoy-filter-gateway-image: | |
| if: ${{ github.repository == 'accuknox/sentryflow' }} | |
| name: Build and push envoy gateway filter image | |
| uses: ./.github/workflows/release-image.yaml | |
| with: | |
| WORKING_DIRECTORY: ./filter/envoy/envoy-wasm-filters | |
| NAME: sentryflow-httpfilter | |
| ECR_REPOSITORY: "public.ecr.aws/k9v9d5v2" | |
| REGISTRY_TYPE: public | |
| DOCKER_BUILD_ARGS: "--build-arg PLUGIN_TYPE=gateway" | |
| IMAGE_TAG: "latest-gateway" | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} | |
| release-envoy-filter-gateway-ratelimit-image: | |
| if: ${{ github.repository == 'accuknox/sentryflow' }} | |
| name: Build and push envoy gateway filter image with rate limit feature | |
| uses: ./.github/workflows/release-image.yaml | |
| with: | |
| WORKING_DIRECTORY: ./filter/envoy/envoy-wasm-filters | |
| NAME: sentryflow-httpfilter | |
| ECR_REPOSITORY: "public.ecr.aws/k9v9d5v2" | |
| REGISTRY_TYPE: public | |
| DOCKER_BUILD_ARGS: "--build-arg PLUGIN_TYPE=gateway-ratelimit" | |
| IMAGE_TAG: "latest-gateway-ratelimit" | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} | |