Reset the permission #390
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Burn Cube App Image Push | |
| env: | |
| IMAGE_NAME: geoscienceaustralia/burn-cube-app | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| paths: | |
| - 'dea_burn_cube/**' | |
| - 'scripts/**' | |
| - 'ardc_historic_burn/Burnt_Area_Validation/**' | |
| - '!dea_burn_cube/configs/*' | |
| - '.github/workflows/burn-cube-image.yml' | |
| - 'Dockerfile' | |
| - 'constraints.txt' | |
| - 'requirements.txt' | |
| release: | |
| types: [created, edited] | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Build Burn Cube App image | |
| timeout-minutes: 20 | |
| shell: bash | |
| run: | | |
| docker compose build | |
| push_ecr: | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::538673716275:role/burn_cube_github-actions-role | |
| aws-region: ap-southeast-2 | |
| - name: Get tag for this build if it exists | |
| if: github.event_name == 'release' | |
| run: | | |
| echo "RELEASE=${GITHUB_REF/refs\/tags\/}" >> $GITHUB_ENV | |
| - name: Push release image to ECR | |
| uses: whoan/docker-build-with-cache-action@master | |
| if: github.event_name == 'release' | |
| with: | |
| registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com | |
| image_name: ${{ env.IMAGE_NAME }} | |
| image_tag: ${{ env.RELEASE }} | |
| - name: Get git commit hash for push to main | |
| if: github.event_name != 'release' | |
| run: | | |
| echo "TAG=dev$(git rev-parse --short HEAD)" \ | |
| >> $GITHUB_ENV | |
| - name: Push unstable image to ECR | |
| uses: whoan/docker-build-with-cache-action@master | |
| if: github.event_name != 'release' | |
| with: | |
| registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com | |
| image_name: ${{ env.IMAGE_NAME }} | |
| image_tag: latest,${{ env.TAG }} |