Made modifications to pass SENTRY_AUTH_TOKEN through as additional_do…

…cker_tag
ministryofjustice · Jan 22, 2025 · 2d8d1a1 · 2d8d1a1
1 parent 33387ef
commit 2d8d1a1
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 17 deletions.
diff --git a/.github/actions/build-test-and-deploy/build_docker/action.yml b/.github/actions/build-test-and-deploy/build_docker/action.yml
@@ -64,7 +64,9 @@ runs:
       #   if: ${{ inputs.docker_registry  == 'ecr' }}
       #   uses: aws-actions/amazon-ecr-login@v1
 
-    - name: Build Docker images 
+    - name: Build Docker images
+      env:
+        SENTRY_AUTH_TOKEN: ${{ inputs.additional_docker_tag }}
       uses: docker/build-push-action@v6
       with:
         cache-from: type=gha

diff --git a/.github/actions/build-test-and-deploy/build_multiplatform_docker/action.yml b/.github/actions/build-test-and-deploy/build_multiplatform_docker/action.yml
@@ -14,9 +14,6 @@ inputs:
   additional_docker_tag:
     description: Additional docker tag that can be used to specify stable tags
     required: false
-  additional_docker_build_args:
-    description: Additional docker build args
-    required: false
   push:
     description: Push docker image to registry flag
     required: true
@@ -66,13 +63,17 @@ runs:
       #   uses: aws-actions/amazon-ecr-login@v1
 
     - name: Build Docker images 
+      env:
+        SENTRY_AUTH_TOKEN: ${{ inputs.additional_docker_tag }}
       uses: docker/build-push-action@v6
       with:
         cache-from: type=gha
         platforms: linux/amd64,linux/arm64
         cache-to: type=gha,mode=max
         context: .
         push: ${{ inputs.push }}
+        secret-envs: |
+          "sentry=SENTRY_AUTH_TOKEN"
         provenance: false
         build-args: |
           "BUILD_NUMBER=${{ inputs.app_version }}"

diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml
@@ -15,10 +15,6 @@ on:
         description: Additional docker tag that can be used to specify stable tags
         required: false
         type: string
-      additional_docker_build_args:
-          description: Additional docker build arguments
-          required: false
-          type: string
       push:
         description: Push docker image to registry flag
         required: true
@@ -34,6 +30,8 @@ on:
         required: false 
       HMPPS_QUAYIO_TOKEN:
         required: false 
+      SENTRY_AUTH_TOKEN:
+        required: true
 
     outputs:
       app_version:
@@ -54,24 +52,24 @@ jobs:
       - id: app_version
         name: Application version creators
         uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/create_app_version@v2 # WORKFLOW_VERSION
-      - uses: ./.github/actions/build-test-and-deploy/build_docker # Referencing a copy from the github actions repo
+      - uses: ./.github/actions/build-test-and-deploy/build_docker # Our copy with modifications in for SENTRY_AUTH_TOKEN
         if: ${{ ( inputs.docker_registry  == 'ghcr.io' ) && ( ! inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
           docker_registry: ${{ inputs.docker_registry }}
           registry_org: ${{ inputs.registry_org }}
-          additional_docker_tag: ${{ inputs.additional_docker_tag }}
+          additional_docker_tag: ${{ secrets.SENTRY_AUTH_TOKEN }}
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
           additional_docker_build_args: ${{ inputs.additional_docker_build_args }}
 
-      - uses: ./.github/actions/build-test-and-deploy/build_docker # Referencing a copy from the github actions repo
+      - uses: ./.github/actions/build-test-and-deploy/build_docker # Our copy with modifications in for SENTRY_AUTH_TOKEN
         if: ${{ ( inputs.docker_registry  == 'quay.io' ) && ( ! inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
           docker_registry: ${{ inputs.docker_registry }}
           registry_org: ${{ inputs.registry_org }}
-          additional_docker_tag: ${{ inputs.additional_docker_tag }}
+          additional_docker_tag: ${{ secrets.SENTRY_AUTH_TOKEN }}
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
           HMPPS_QUAYIO_USER: ${{ secrets.HMPPS_QUAYIO_USER }}
@@ -80,24 +78,24 @@ jobs:
           # git_head_ref: ${{ github.head_ref }}
           # git_branch_ref: ${{ github.ref_name }}
 
-      - uses: ./.github/actions/build-test-and-deploy/build_multiplatform_docker # Referencing a copy from the github actions repo
+      - uses: ./.github/actions/build-test-and-deploy/build_multiplatform_docker # Our copy with modifications in for SENTRY_AUTH_TOKEN
         if: ${{ ( inputs.docker_registry  == 'ghcr.io' ) && ( inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
           docker_registry: ${{ inputs.docker_registry }}
           registry_org: ${{ inputs.registry_org }}
-          additional_docker_tag: ${{ inputs.additional_docker_tag }}
+          additional_docker_tag: ${{ secrets.SENTRY_AUTH_TOKEN }}
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
           additional_docker_build_args: ${{ inputs.additional_docker_build_args }}
 
-      - uses: ./.github/actions/build-test-and-deploy/build_multiplatform_docker # Referencing a copy from the github actions repo
+      - uses: ./.github/actions/build-test-and-deploy/build_multiplatform_docker # Our copy with modifications in for SENTRY_AUTH_TOKEN
         if: ${{ ( inputs.docker_registry  == 'quay.io' ) && ( inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
           docker_registry: ${{ inputs.docker_registry }}
           registry_org: ${{ inputs.registry_org }}
-          additional_docker_tag: ${{ inputs.additional_docker_tag }}
+          additional_docker_tag: ${{ secrets.SENTRY_AUTH_TOKEN }}
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
           additional_docker_build_args: ${{ inputs.additional_docker_build_args }}

diff --git a/.github/workflows/node_build.yml b/.github/workflows/node_build.yml
@@ -45,6 +45,8 @@ jobs:
       shell: bash
       run: |
         npm run build
+      env:
+        SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
     - name: Linter check # Run linter after build because the integration test code depend on compiled typescript...
       shell: bash
       run: | 

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -1,5 +1,8 @@
 name: Pipeline [test -> build -> deploy]
 
+env:
+  SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+
 on:
   push:
     branches:
@@ -77,13 +80,13 @@ jobs:
     name: Build docker image from hmpps-github-actions
     if: github.ref == 'refs/heads/main'
     uses: ./.github/workflows/docker_build.yml # Referencing a copy from master of the hmpps-github-actions repo
+    secrets: inherit
     needs:
       - node_integration_tests
       - node_unit_tests
     with:
       docker_registry: 'ghcr.io'
       registry_org: 'ministryofjustice'
-      additional_docker_tag: ${{ inputs.additional_docker_tag }}
       push: ${{ inputs.push || true }}
       docker_multiplatform: true
   deploy_dev: