Clearer terminology around exit pages and review page (#4057) #1645
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Staging — Push container to ECR" | |
| on: | |
| push: | |
| branches: [develop] | |
| paths-ignore: | |
| # Ignore all files and folders that start with '.' | |
| - ".**" | |
| # Ignore all files and folder in fixtures, tests, utils, etc. | |
| - "__*/**" | |
| env: | |
| AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }} | |
| AWS_REGION: ca-central-1 | |
| ECR_REPOSITORY: form_viewer_staging | |
| GITHUB_SHA: ${{ github.sha }} | |
| COGNITO_APP_CLIENT_ID: ${{secrets.STAGING_COGNITO_APP_CLIENT_ID}} | |
| COGNITO_USER_POOL_ID: ${{ secrets.STAGING_COGNITO_USER_POOL_ID}} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| security-events: write | |
| jobs: | |
| push-staging: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build Form Viewer | |
| run: | | |
| docker build -t base \ | |
| --build-arg COGNITO_APP_CLIENT_ID=$COGNITO_APP_CLIENT_ID \ | |
| --build-arg COGNITO_USER_POOL_ID=$COGNITO_USER_POOL_ID . | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/platform-forms-client-apply | |
| role-session-name: ECRPush | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Staging Amazon ECR | |
| id: login-ecr-staging | |
| uses: aws-actions/amazon-ecr-login@8308922cec0e5e898b1f51cf0908258552976578 | |
| - name: Tag Images for Staging | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr-staging.outputs.registry }} | |
| run: | | |
| docker tag base $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA | |
| docker tag base $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| - name: Push containers to Staging Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr-staging.outputs.registry }} | |
| run: | | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| - name: Docker generate SBOM | |
| uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4 | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr-staging.outputs.registry }} | |
| with: | |
| docker_image: "${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.GITHUB_SHA }}" | |
| dockerfile_path: "Dockerfile" | |
| sbom_name: "forms-client" | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Logout of Staging Amazon ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr-staging.outputs.registry }} |