Change registry auth #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Workflow token permissions. Needed for az acr login. | |
| permissions: | |
| id-token: write | |
| contents: read | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the waf_nginx branch | |
| push: | |
| branches: [ waf_nginx ] | |
| pull_request: | |
| branches: [ waf_nginx ] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: ci | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| # Logs into Azure. Can't use other alternatives because they lack security features. | |
| - name: Azure Login | |
| uses: Azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # Pull docker image and compile the code. | |
| - name: Pull Image and Compile | |
| env: | |
| REGISTRY_NAME: ${{ secrets.REGISTRY_NAME }} | |
| run: | | |
| az acr login --name $REGISTRY_NAME | |
| docker pull ${REGISTRY_NAME}.azurecr.io/modsecurity:latest | |
| docker-compose run --rm autoconf | |
| docker-compose run --rm configure | |
| docker-compose run --rm make | |
| docker logout ${REGISTRY_NAME}.azurecr.io | |
| # Reset credentials stored by az acr login if the previous step failed midway. | |
| - name: Cleanup on failure | |
| if: failure() | |
| env: | |
| REGISTRY_NAME: ${{ secrets.REGISTRY_NAME }} | |
| run: | | |
| docker logout ${REGISTRY_NAME}.azurecr.io |