diff --git a/.github/workflows/release-fleet.yml b/.github/workflows/release-fleet.yml index 62cff4f6b7..21a9cefec7 100644 --- a/.github/workflows/release-fleet.yml +++ b/.github/workflows/release-fleet.yml @@ -9,6 +9,7 @@ on: permissions: contents: write packages: write + id-token: write # this is important, it's how we authenticate with Vault env: GOARCH: amd64 @@ -18,6 +19,7 @@ env: jobs: build-fleet: runs-on: ubuntu-latest + if: github.repository == 'rancher/fleet' steps: - name: Check out Fleet uses: actions/checkout@v4 @@ -38,6 +40,13 @@ jobs: version: v1.55 args: --timeout=10m --config=.golangci.json + - name: "Read Vault Secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + - name: Run FOSSA scan if: contains(github.ref, 'rc') != true uses: fossas/fossa-action@v1.3.3 @@ -71,12 +80,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log into Container registry + - name: Log into Docker Container registry uses: docker/login-action@v3 with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 @@ -91,7 +99,7 @@ jobs: - name: Upload charts to release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - repo: "ghcr.io/rancher" + repo: "docker.io/rancher" run: | version=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version') tag=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.tag') diff --git a/.goreleaser.yml b/.goreleaser.yml index cd25a1aa8c..b785db3eea 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -133,7 +133,7 @@ dockers: # Templates of the Docker image names. image_templates: - - "ghcr.io/rancher/fleet:{{ .Tag }}-linux-amd64" + - "docker.io/rancher/fleet:{{ .Tag }}-linux-amd64" # Path to the Dockerfile (from the project root). dockerfile: package/Dockerfile @@ -160,7 +160,7 @@ dockers: - fleet-gitcloner - fleet-gitjob image_templates: - - "ghcr.io/rancher/fleet:{{ .Tag }}-linux-arm64" + - "docker.io/rancher/fleet:{{ .Tag }}-linux-arm64" dockerfile: package/Dockerfile build_flag_templates: - "--pull" @@ -181,7 +181,7 @@ dockers: ids: - fleet-agent image_templates: - - "ghcr.io/rancher/fleet-agent:{{ .Tag }}-linux-amd64" + - "docker.io/rancher/fleet-agent:{{ .Tag }}-linux-amd64" dockerfile: package/Dockerfile.agent build_flag_templates: - "--pull" @@ -200,7 +200,7 @@ dockers: ids: - fleet-agent image_templates: - - "ghcr.io/rancher/fleet-agent:{{ .Tag }}-linux-arm64" + - "docker.io/rancher/fleet-agent:{{ .Tag }}-linux-arm64" dockerfile: package/Dockerfile.agent build_flag_templates: - "--pull" @@ -215,12 +215,12 @@ dockers: docker_manifests: # https://goreleaser.com/customization/docker_manifest/ - - name_template: "ghcr.io/rancher/fleet:{{ .Tag }}" + - name_template: "docker.io/rancher/fleet:{{ .Tag }}" image_templates: - - "ghcr.io/rancher/fleet:{{ .Tag }}-linux-amd64" - - "ghcr.io/rancher/fleet:{{ .Tag }}-linux-arm64" + - "docker.io/rancher/fleet:{{ .Tag }}-linux-amd64" + - "docker.io/rancher/fleet:{{ .Tag }}-linux-arm64" - - name_template: "ghcr.io/rancher/fleet-agent:{{ .Tag }}" + - name_template: "docker.io/rancher/fleet-agent:{{ .Tag }}" image_templates: - - "ghcr.io/rancher/fleet-agent:{{ .Tag }}-linux-amd64" - - "ghcr.io/rancher/fleet-agent:{{ .Tag }}-linux-arm64" + - "docker.io/rancher/fleet-agent:{{ .Tag }}-linux-amd64" + - "docker.io/rancher/fleet-agent:{{ .Tag }}-linux-arm64"