From 888c9128471094c0f73c77243cf3ef45e09e50b0 Mon Sep 17 00:00:00 2001
From: Carol Valencia <8355621+krol3@users.noreply.github.com>
Date: Sun, 27 Dec 2020 02:43:30 -0500
Subject: [PATCH] chore: build and push action for ecr and docker (#790)

Co-authored-by: Carol Valencia <krol3@users.noreply.github.com>
---
 .github/workflows/publish-ecr.yml | 37 -----------------------
 .github/workflows/publish.yml     | 49 +++++++++++++++++++------------
 2 files changed, 31 insertions(+), 55 deletions(-)
 delete mode 100644 .github/workflows/publish-ecr.yml

diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml
deleted file mode 100644
index c6014e8..0000000
--- a/.github/workflows/publish-ecr.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: Publish-ECR
-on:
-  push:
-    tags:
-      - "v*"
-
-jobs:
-  deploy:
-    name: Publish to Amazon ECR
-    runs-on: ubuntu-18.04
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Install AWS Cli 2.0
-        run: |
-          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-          unzip awscliv2.zip
-          sudo ./aws/install
-      - name: Get the version
-        id: vars
-        run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
-      - name: Publish to ECR
-        env:
-          IMAGE_TAG: ${{steps.vars.outputs.tag}}
-          REP_NAME: kube-bench
-          ALIAS: aquasecurity
-        run: |
-          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/$ALIAS
-          docker build -t $REP_NAME:$IMAGE_TAG .
-          docker tag $REP_NAME:$IMAGE_TAG public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
-          docker push public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7279e6d..02330fe 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,8 +1,12 @@
+---
 name: Publish
 on:
   push:
     tags:
       - "v*"
+env:
+  ALIAS: aquasecurity
+  REP: kube-bench
 jobs:
   publish:
     name: Publish
@@ -12,41 +16,50 @@ jobs:
         uses: actions/checkout@v2
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
       - name: Cache Docker layers
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildxarch-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-buildx-
+            ${{ runner.os }}-buildxarch-
       - name: Login to Docker Hub
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Docker meta
-        id: docker_meta
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to ECR
+        uses: docker/login-action@v1
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
+          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
+      - name: Get version
+        id: get_version
         uses: crazy-max/ghaction-docker-meta@v1
         with:
-          images: aquasec/kube-bench
+          images: ${{ env.REP }}
           tag-semver: |
             {{version}}
-      - name: Build and push
+
+      - name: Build and push - Docker/ECR
         id: docker_build
         uses: docker/build-push-action@v2
         with:
-          context: ./
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm64,linux/386
+          context: .
+          platforms: linux/amd64
           builder: ${{ steps.buildx.outputs.name }}
           push: true
           tags: |
-            ${{ steps.docker_meta.outputs.tags }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-          labels: ${{ steps.docker_meta.outputs.labels }}
+            ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
+            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
+            ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:latest
+            public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
+          cache-from: type=local,src=/tmp/.buildx-cache/release
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
+
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}