clouddrove · vaibhav7797 · Sep 20, 2024 · Sep 20, 2024 · Sep 20, 2024 · VishwajitNagulkar
@@ -4,34 +4,52 @@ name: docker-build-push
 on:
   workflow_call:
     inputs:
-      registry:
-        required: true
+      provider:
+        required: false
         type: string
       images:
-        required: true
+        required: false
         type: string
-      aws-region:
-        required: true
+      aws_region:
+        required: false
         type: string
       ECR_REPOSITORY:
-        required: true
+        required: false
         type: string
       IMAGE_TAG:
-        required: true
+        required: false
         type: string
+      BUILD_PATH:
+        required: false
+        type: string
+      WORKING_DIRECTORY:
+        required: false
+        type: string 
+      role_arn:
+        required: false
+        type: string  # Root role ARN to assume  
+      assume_role_arn:
+        required: false
+        type: string  # ARN for the role to assume with STS
     secrets:
       AWS_ACCESS_KEY_ID:
-        description: 'aws access keys'
-        required: true
+        required: false
+        description: 'AWS Access Key ID to install AWS CLI.'
+      BUILD_ROLE:
+        required: false
+        description: 'AWS OIDC role for aws authentication.'
       AWS_SECRET_ACCESS_KEY:
-        description: 'aws secret access keys'
-        required: true
+        required: false
+        description: 'AWS Secret access key to install AWS CLI'
+      AWS_SESSION_TOKEN:
+        required: false
+        description: 'AWS Session Token to install AWS CLI' 
       DOCKERHUB_USERNAME:
         description: 'dockerhub username'
-        required: true
+        required: false
       DOCKERHUB_PASSWORD:
         description: 'dockerhub password'
-        required: true
+        required: false
 
 jobs:
   build-image:
@@ -44,54 +62,65 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to Docker Hub
+        if: ${{ inputs.provider == 'DOCKERHUB' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Push docker image to DOCKERHUB
-        if: ${{ inputs.registry == 'DOCKERHUB' }}
+        if: ${{ inputs.provider == 'DOCKERHUB' }}
         env:
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
           images: ${{ inputs.images }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
         run: |
-          docker build -t $images:$IMAGE_TAG .
+          docker build -t $images:$IMAGE_TAG BUILD_PATH
           docker push $images:$IMAGE_TAG
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v1.7.0
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ inputs.aws-region }}
+          role-to-assume: ${{ inputs.assume_role_arn }}
+          role-session-name: github
+          aws-region: ${{ inputs.aws_region }}
+
+      - name: Verify awscli
+        run: |
+          aws sts get-caller-identity
+
 
       - name: Login to Amazon ECR
+        if: ${{ inputs.provider == 'aws' }}
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
       - name: Push docker image to Amazon ECR
-        if: ${{ inputs.registry == 'ECR' }}
+        if: ${{ inputs.provider == 'aws' }}
         id: docker-build
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
+        working-directory: ${{ inputs.WORKING_DIRECTORY }}
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $BUILD_PATH
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
       - name: Push docker image to Amazon ECR and DOCKERHUB
-        if: ${{ inputs.registry == 'DOCKERHUB,ECR' }}
+        if: ${{ inputs.provider == 'DOCKERHUB,aws' }}
         env:
           ## For ECR env variable
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           ECR_REPOSITORY: ${{ inputs.ECR_REPOSITORY }}
           IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+          BUILD_PATH: ${{ inputs.BUILD_PATH }}
           ## For DOCKERHUB env variable
           images: ${{ inputs.images }}
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG BUILD_PATH
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker build -t $images:$IMAGE_TAG .
+          docker build -t $images:$IMAGE_TAG BUILD_PATH
           docker push $images:$IMAGE_TAG
-...
+...
@@ -66,6 +66,9 @@ on:
         type: number
         default: 900
         description: 'The assumed role duration in seconds, if assuming a role. Defaults to 1 hour.'
+      assume_role_arn:
+        required: false
+        type: string  # ARN for the role to assume with STS
     secrets:
       AWS_ACCESS_KEY_ID:
         description: 'AWS Access Key ID'
@@ -93,17 +96,12 @@ jobs:
       - name: Checkout git repo
         uses: actions/checkout@v4
 
-      - name: Configure AWS credentials
-        if: ${{ inputs.provider == 'aws' }}
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Configure aws credentials
+        uses: aws-actions/[email protected]
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          role-to-assume: ${{ secrets.BUILD_ROLE }}
+          role-to-assume: ${{ inputs.assume_role_arn }}
+          role-session-name: github
           aws-region: ${{ inputs.aws_region }}
-          role-duration-seconds: ${{ inputs.role-duration-seconds }}
-          role-skip-session-tagging: true
 
       - name: Install Azure CLI
         if: ${{ inputs.provider == 'azure' }}
@@ -150,4 +148,4 @@ jobs:
         if: ${{ inputs.uninstall == true }}
         run: |
           helm uninstall ${{ inputs.release-name }} -n ${{ inputs.namespace }}
-...
+...