Update build.yml

SpecterOps · Jan 13, 2025 · c10b81f · c10b81f
1 parent 00c7a01
commit c10b81f
Showing 1 changed file with 16 additions and 26 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -35,18 +35,31 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Log in to the Container registry
+      - name: Login to GHCR
         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ secrets.PACKAGE_SCOPE }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+          aws-region: 'us-east-1'
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
 
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ghcr.io/bloodhoundad/azurehound
+          images: |
+            ghcr.io/bloodhoundad/azurehound
+            ${{ steps.login-ecr.outputs.registry }}/production/azurehound
           tags: |
             type=edge,branch=main
 
@@ -59,29 +72,6 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           push: ${{ ! startsWith(github.event_name, 'pull_request') }}
 
-      - name: Configure AWS credentials
-        if: ${{ ! startsWith(github.event_name, 'pull_request') }}
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
-          aws-region: 'us-east-1'
-
-      - name: Login to Amazon ECR
-        if: ${{ ! startsWith(github.event_name, 'pull_request') }}
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Retag and push image to Amazon ECR
-        if: ${{ ! startsWith(github.event_name, 'pull_request') }}
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: production/azurehound
-          IMAGE_TAG: 'edge'
-        run: |
-          docker image tag ghcr.io/bloodhoundad/azurehound:edge $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-
   build:
     runs-on: ubuntu-latest
     defaults: