.github/workflows/publish-ecr.yaml

name: Publish to ECR
on:
  push:
    tags: ['*']
    branches-ignore:
      - timescale # This is how our main branch is called.

env:
  ALL_OS: ${{ vars.ALL_OS }}
  ALL_ARCH_linux: ${{ vars.ALL_ARCH_LINUX }}

jobs:
  ecr-private:
    name: Push to ECR Private
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v2

    - name: Set up QEMU
      uses: docker/setup-qemu-action@v2

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1-node16
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
        role-session-name: GitHubCI
        aws-region: us-east-1
        role-duration-seconds: 1800
        role-skip-session-tagging: true

    - name: Login to Amazon ECR
      uses: aws-actions/amazon-ecr-login@v1

    - name: Set environment variables
      env:
        REGISTRY: ${{ secrets.ECR_PRIVATE_REPOSITORY }}
      run: |
          if [[ ! "$GITHUB_REF_NAME" =~ ^v[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
            echo "TAG=auto-${GITHUB_SHA::8}" >> $GITHUB_ENV
          else
            echo "TAG=${GITHUB_REF_NAME}" >> $GITHUB_ENV
          fi
          
          echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
          echo "VERSION=${GITHUB_REF_NAME}" >> $GITHUB_ENV

    - name: Build, tag, and push manifest to Amazon ECR
      run: make -j `nproc` all-push

  ecr-public:
    if: ${{ vars.SKIP_ECR_PUBLIC != 'true' }}
    name: Push to ECR Public
    runs-on: ubuntu-latest
    environment: ecr-public
    needs: ecr-private

    steps:
    - name: Set up crane
      uses: imjasonh/setup-crane@v0.1

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1-node16
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
        role-session-name: GitHubCI
        aws-region: us-east-1
        role-duration-seconds: 1800
        role-skip-session-tagging: true

    - name: Login to Amazon ECR
      uses: aws-actions/amazon-ecr-login@v1

    - name: Login to Amazon ECR Public
      uses: aws-actions/amazon-ecr-login@v1
      with:
        registry-type: public

    - name: Copy manifest to ECR Public
      env:
        ECR_PRIVATE_REPOSITORY: ${{ secrets.ECR_PRIVATE_REPOSITORY }}
        ECR_PUBLIC_REPOSITORY: ${{ secrets.ECR_PUBLIC_REPOSITORY }}
      run: crane copy ${ECR_PRIVATE_REPOSITORY}/aws-ebs-csi-driver:${GITHUB_REF_NAME} ${ECR_PUBLIC_REPOSITORY}/aws-ebs-csi-driver:${GITHUB_REF_NAME}