From f93fe20bf183c03974c48e3011d9819287845b55 Mon Sep 17 00:00:00 2001
From: Andrew Hsu <xuzuan@gmail.com>
Date: Fri, 21 Jun 2024 20:29:34 -0500
Subject: [PATCH 1/3] gha: minor formatting docker-image

---
 .github/workflows/docker-image.yaml | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml
index af60c13..1bbcdc0 100644
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@@ -1,5 +1,5 @@
+---
 name: Build Docker image
-
 on:
   push:
     tags:
@@ -8,26 +8,20 @@ on:
       - "master"
     paths-ignore:
       - 'charts/**'
-
 jobs:
   build:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v3
-
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:
           driver-opts: image=moby/buildkit:v0.10.3,network=host
-
       - name: Set Release Date
         run: |
           echo "BUILT_AT=$(date --rfc-3339=date)" >> ${GITHUB_ENV}
-
       - name: Docker meta
         id: docker_meta
         uses: docker/metadata-action@v4
@@ -37,17 +31,16 @@ jobs:
             vectorized/kminion
             redpandadata/kminion
           # generate Docker tags based on the following events/attributes
-          # Semver type is only active on 'push tag' events, hence no enable condition required
+          # Semver type is only active on 'push tag' events,
+          # hence no enable condition required
           tags: |
             type=sha,prefix={{branch}}-,format=short,enable={{is_default_branch}}
             type=semver,pattern={{raw}}
-
       - name: Login to DockerHub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
       - name: Build and push
         uses: docker/build-push-action@v3
         with:

From 15f8d7f1c4b05b56b312cb930fa568811103bc30 Mon Sep 17 00:00:00 2001
From: Andrew Hsu <xuzuan@gmail.com>
Date: Fri, 21 Jun 2024 20:51:45 -0500
Subject: [PATCH 2/3] gha: upgrade to latest actions in docker-image

---
 .github/workflows/docker-image.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml
index 1bbcdc0..54f8e66 100644
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@@ -12,11 +12,11 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           driver-opts: image=moby/buildkit:v0.10.3,network=host
       - name: Set Release Date
@@ -24,7 +24,7 @@ jobs:
           echo "BUILT_AT=$(date --rfc-3339=date)" >> ${GITHUB_ENV}
       - name: Docker meta
         id: docker_meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -37,13 +37,14 @@ jobs:
             type=sha,prefix={{branch}}-,format=short,enable={{is_default_branch}}
             type=semver,pattern={{raw}}
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
+          provenance: false
           push: true
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.docker_meta.outputs.tags }}

From 599209249adc44ad93e0419f2cb866a9c76dcc2f Mon Sep 17 00:00:00 2001
From: Andrew Hsu <xuzuan@gmail.com>
Date: Fri, 21 Jun 2024 20:58:59 -0500
Subject: [PATCH 3/3] gha: modify docker-images to use aws sm

---
 .github/workflows/docker-image.yaml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml
index 54f8e66..55a67a3 100644
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@@ -12,6 +12,18 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+      - name: get secrets from aws sm
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            ,sdlc/prod/github/dockerhub_token
+          parse-json-secrets: true
       - uses: actions/checkout@v4
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -39,8 +51,8 @@ jobs:
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          username: vectorizedbot
+          password: ${{ env.DOCKERHUB_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@v6
         with: