From d4455dd9345052d5065ce3a8819e9abb34c32d6e Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Wed, 25 Sep 2024 17:42:49 +0400 Subject: [PATCH] ci: publish trivy-java-db to ECR public Signed-off-by: knqyf263 --- .github/workflows/cron.yml | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml index 15e41c7..8608f2c 100644 --- a/.github/workflows/cron.yml +++ b/.github/workflows/cron.yml @@ -40,16 +40,36 @@ jobs: run: mv cache/db/javadb.tar.gz . - name: Login to GitHub Packages Container registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ env.GH_USER }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Upload assets to GHCR + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: public.ecr.aws + username: ${{ secrets.ECR_ACCESS_KEY_ID }} + password: ${{ secrets.ECR_SECRET_ACCESS_KEY }} + + - name: Upload assets to GHCR and ECR Public run: | lowercase_repo=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') oras version - oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ - ghcr.io/${lowercase_repo}:${DB_VERSION} \ - javadb.tar.gz:application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip + + # Define an array of registry base URLs + registries=( + "ghcr.io" + "public.ecr.aws" + ) + + # Loop through each registry and push the artifact + for registry in "${registries[@]}"; do + full_registry_url="${registry}/${lowercase_repo}" + oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ + "${full_registry_url}:${DB_VERSION}" \ + javadb.tar.gz:application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip + + echo "Pushed to ${full_registry_url}" + done \ No newline at end of file