add logic to handle aws token for sso accounts

.github/workflows/build-and-publish.yml

@@ -0,0 +1,28 @@
+name: Build and Publish
+
+on:
+  push:
+    branches: [ master ]
+    tags:
+      - "*"
+    paths-ignore:
+      - "docs/**"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    # TODO: when we have tests
+    # - run: |
+    #   ./scripts/ci/install.sh
+    #   ./scripts/ci/test.sh
+    - name: Publish Docker
+      env:
+        REGISTRY_URL: "bitovi/bitops"
+        DEFAULT_BRANCH: "master"
+        DOCKER_USER: ${{ secrets.DOCKER_USER}}
+        DOCKER_PASS: ${{ secrets.DOCKER_PASS}}
+      run: |
+        echo "running scripts/ci/publish.sh"
+        ./scripts/ci/publish.sh

.github/workflows/publish-docs.yml

@@ -0,0 +1,24 @@
+name: Publish Docs
+
+on:
+  push:
+    branches: [ master ]
+    tags:
+      - "*"
+    paths:
+      - "docs/**"
+
+jobs:
+  publish:
+    runs-on: cimg/python:3.7
+    steps:
+    - uses: actions/checkout@v2
+
+    # TODO: this was from circleci - do we need it for GHA?
+    # - add_ssh_keys:
+    #       fingerprints:
+    #         - "0a:83:f3:84:67:25:97:33:af:42:38:77:dc:29:60:8f"
+    - name: Publish Docs
+      run: |
+        pip install mkdocs mkdocs-material
+        mkdocs gh-deploy -c -m "[ci skip]"

docs/cloud-configuration/configuration-aws.md

@@ -22,6 +22,15 @@ AWS Access. See [AWS official documentation](https://docs.aws.amazon.com/general
 
 AWS Access. See [AWS official documentation](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)
 
+-------------------
+### aws_session_token
+* **BitOps Property:** [TODO](https://github.com/bitovi/bitops/issues/15)
+* **Environment Variable:** `AWS_SESSION_TOKEN`
+* **default:** `""`
+* **required:** no
+
+AWS Access. See [AWS official documentation](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)
+
 -------------------
 ### aws_default_region
 * **BitOps Property:** [TODO](https://github.com/bitovi/bitops/issues/15)

scripts/aws/setup.sh

@@ -12,6 +12,10 @@ aws_access_key_id = "${AWS_ACCESS_KEY_ID}"
 aws_secret_access_key = "${AWS_SECRET_ACCESS_KEY}"
 EOF
 
+if [ -n "$AWS_SESSION_TOKEN" ]; then
+  echo "aws_session_token = $AWS_SESSION_TOKEN" >> /root/.aws/credentials
+fi
+
 cat <<EOF > /root/.aws/config
 [default]
 region = "$AWS_DEFAULT_REGION"

scripts/ci/publish.sh

@@ -1,5 +1,6 @@
-#!/usr/bin/env bash
-set -xe
+#!/bin/bash
+
+set -e
 
 
 ####
@@ -10,58 +11,72 @@ if [ -z "$REGISTRY_URL" ]; then
   exit 1
 fi
 
-
-
-
 ####
 #### docker login
 ####
-if [ -n "$BITOPS_PUBLISH_ECR" ]; then
-  ./scripts/ci/docker-login-ecr.sh
+echo "$DOCKER_PASS" | docker login --username="$DOCKER_USER" --password-stdin
+echo "logged into dockerhub registry"
 
-else
-  echo "$DOCKER_PASS" | docker login --username="$DOCKER_USER" --password-stdin
-  echo "logged into dockerhub registry"
-fi
 
-####
-#### docker build
-####
-./scripts/ci/docker-build.sh
+###
+### PUBLISH - environment setup
+###
 
+#Defining the Default branch variable
+if [ -z "$DEFAULT_BRANCH" ]; then
+    DEFAULT_BRANCH="main"
+fi
 
-####
-#### set up tagging
-####
+
+REPO_NAME=$(echo $GITHUB_REPOSITORY | sed 's/^.*\///')
+ORG_NAME=$(echo $GITHUB_REPOSITORY | sed 's/\/.*//')
+TAG_OR_HEAD="$(echo $GITHUB_REF | cut -d / -f2)"
+BRANCH_OR_TAG_NAME=$(echo $GITHUB_REF | cut -d / -f3)
+echo "REPO_NAME: $REPO_NAME"
+echo "ORG_NAME: $ORG_NAME"
+echo "TAG_OR_HEAD: $TAG_OR_HEAD"
+echo "BRANCH_OR_TAG_NAME: $BRANCH_OR_TAG_NAME"
 
 
-# allow custom branching
-if [ -n "$BITOPS_DOCKER_IMAGE_PUBLISH_TAG" ]; then
-  echo "{\"script\":\"scripts/ci/publish.sh\", \"tag\": \"${BITOPS_DOCKER_IMAGE_PUBLISH_TAG}\"}"
-  docker tag ${BITOPS_DOCKER_IMAGE_NAME}:latest ${REGISTRY_URL}:${BITOPS_DOCKER_IMAGE_PUBLISH_TAG}
-else
-  # handle git tag
-  if [ -n "$BITOPS_GIT_TAG" ]; then
-    echo "{\"script\":\"scripts/ci/publish.sh\", \"tag\": \"${BITOPS_GIT_TAG}\"}"
-    docker tag ${BITOPS_DOCKER_IMAGE_NAME}:latest ${REGISTRY_URL}:${BITOPS_GIT_TAG}
-
-  # if master, tag latest
-  elif [ "$BITOPS_GIT_BRANCH" == "$BITOPS_GIT_BASE_BRANCH" ]; then
-    echo "{\"script\":\"scripts/ci/publish.sh\", \"tag\": \"${latest}\"}"
-    docker tag ${BITOPS_DOCKER_IMAGE_NAME}:latest ${REGISTRY_URL}:latest
-
-
-  # fall back to the sha
-  elif [ -z "$BITOPS_DOCKER_IMAGE_PUBLISH_SKIP_SHA" ]; then
-    echo "{\"script\":\"scripts/ci/publish.sh\", \"tag\": \"${BITOPS_GIT_SHA}\"}"
-    docker tag ${BITOPS_DOCKER_IMAGE_NAME}:latest ${REGISTRY_URL}:${BITOPS_GIT_SHA}
-
-  # don't tag anything
+# if tag, use tag
+# if default branch, use `latest`
+# if otherwise, use branch name
+if [ -z "$IMAGE_TAG" ]; then
+  if [ -n "$USE_COMMIT_HASH_FOR_ARTIFACTS" ]; then
+    IMAGE_TAG="$GITHUB_SHA"
   else
-    echo "{\"script\":\"scripts/ci/publish.sh\", \"tag\": \"\"}"
+    if [ "$TAG_OR_HEAD" == "tags" ]; then
+      IMAGE_TAG="$BRANCH_OR_TAG_NAME"
+    elif [ "$TAG_OR_HEAD" == "heads" ] && [ "$BRANCH_OR_TAG_NAME" == "$DEFAULT_BRANCH" ]; then
+      IMAGE_TAG="latest"
+    elif [ "$TAG_OR_HEAD" == "pull" ]; then
+      IMAGE_TAG="pr-${BRANCH_OR_TAG_NAME}"
+    else
+      IMAGE_TAG="$BRANCH_OR_TAG_NAME"
+    fi
   fi
 fi
 
 
-# push everything
-docker push ${REGISTRY_URL}
+###
+### PUBLISH DOCKER
+###
+echo "###"
+echo "### PUBLISH DOCKER"
+echo "###"
+
+#Defining the Image name variable
+IMAGE_NAME="$REPO_NAME"
+
+
+
+#Building the docker image...
+echo "Building the docker image"
+docker build -t ${IMAGE_NAME} .
+
+#docker image deploy function
+echo "docker tag ${IMAGE_NAME} ${REGISTRY_URL}:${IMAGE_TAG}"
+docker tag ${IMAGE_NAME} ${REGISTRY_URL}:${IMAGE_TAG}
+
+echo "Pushing the docker image to the ecr repository..."
+docker push ${REGISTRY_URL}:${IMAGE_TAG}