diff --git a/.github/workflows/dev-image-update.yaml b/.github/workflows/dev-image-update.yaml index f4216181c..0467c7624 100644 --- a/.github/workflows/dev-image-update.yaml +++ b/.github/workflows/dev-image-update.yaml @@ -13,7 +13,7 @@ on: - 'Dockerfile' - '.github/workflows/dev-image-update.yaml' env: - gcr_google_project: 'broad-jade-dev' + GCR_GOOGLE_PROJECT: 'broad-jade-dev' google_sdk_version: '290.0.1' DEV_PROJECT: broad-jade-dev # This must be defined for the bash redirection @@ -69,21 +69,23 @@ jobs: DISABLE_ESLINT_PLUGIN: true run: | rm -rf jade-dev-account.pem - docker build -t gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:${GCR_TAG} --build-arg CACHEBUST=$(date +%s) . + docker build -t "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${GCR_TAG}" --build-arg CACHEBUST=$(date +%s) . # Push the Docker image to Google Container Registry - name: Publish and tag new docker container to GCR run: | gcloud auth activate-service-account --key-file jade-dev-account.json gcloud auth configure-docker --quiet - docker push gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:${GCR_TAG} + docker push "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${GCR_TAG}" gcloud container images \ add-tag \ - gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:"${GCR_TAG}" \ - gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:"${{ steps.uiprevioustag.outputs.tag }}" --quiet + "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${GCR_TAG}" \ + "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${PREV_TAG}" --quiet gcloud container images \ add-tag \ - gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:"${GCR_TAG}" \ - gcr.io/${{ env.gcr_google_project }}/jade-data-repo-ui:"${GCR_TAG}-develop" --quiet + "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${GCR_TAG}" \ + "gcr.io/${GCR_GOOGLE_PROJECT}/jade-data-repo-ui:${GCR_TAG}-develop" --quiet + env: + PREV_TAG: ${{ steps.uiprevioustag.outputs.tag }} helm_tag_bump: needs: update_image uses: ./.github/workflows/helmtagbump.yaml diff --git a/.github/workflows/helmtagbump.yaml b/.github/workflows/helmtagbump.yaml index 17a7916b4..f6bff14e4 100644 --- a/.github/workflows/helmtagbump.yaml +++ b/.github/workflows/helmtagbump.yaml @@ -12,6 +12,7 @@ jobs: with: fetch-depth: 0 ref: develop + persist-credentials: false - name: 'Get Previous tag' id: uiprevioustag run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e1ae1e7f6..920cfc14b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Check out the repository uses: actions/checkout@v3 + with: + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v3 with: diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 91cd4a0c7..8fc86dd42 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Check out the repository uses: actions/checkout@v3 + with: + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v3 with: diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index bc5d55c2a..56570a66e 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -18,6 +18,8 @@ jobs: steps: - name: Check out the repository uses: actions/checkout@v3 + with: + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v3 with: diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 95d0c504b..af8fe0107 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -8,4 +8,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - uses: broadinstitute/dsp-appsec-trivy-action@v1