From d04abc653cd4551822447760ea182881109a17f0 Mon Sep 17 00:00:00 2001
From: Bill Buchan <bill.buchan@digital.justice.gov.uk>
Date: Thu, 9 Jan 2025 11:43:48 +0000
Subject: [PATCH] Push to correct ECR

---
 .../workflows/oracle-observer-image-build.yml | 80 ++++++++-----------
 1 file changed, 35 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/oracle-observer-image-build.yml b/.github/workflows/oracle-observer-image-build.yml
index 5c8a8ad1..60f8a195 100644
--- a/.github/workflows/oracle-observer-image-build.yml
+++ b/.github/workflows/oracle-observer-image-build.yml
@@ -138,32 +138,32 @@ jobs:
         run: |
           docker load --input /tmp/oracle-observer-image.tar
 
-      - name: Trivy scan
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
-        with:
-          format: 'sarif'
-          severity: 'CRITICAL,HIGH'
-          limit-severities-for-sarif: 'true'
-          image-ref: 'hmpps-delius-operational-automation:${{ github.sha }}'
-          exit-code: '1'
-          scan-type: 'image'
-          trivyignores: 'docker/oracle-observer/.trivyignore'
-          ignore-unfixed: 'true'
-          output: 'trivy-results.sarif'
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@v4
-        if: failure() # If Trivy found vulnerabilities
-        with:
-          name: trivy-file
-          path: trivy-results.sarif
-          retention-days: 1
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: failure() # If Trivy found vulnerabilities
-        with:
-          sarif_file: 'trivy-results.sarif'
+      # - name: Trivy scan
+      #   uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+      #   with:
+      #     format: 'sarif'
+      #     severity: 'CRITICAL,HIGH'
+      #     limit-severities-for-sarif: 'true'
+      #     image-ref: 'hmpps-delius-operational-automation:${{ github.sha }}'
+      #     exit-code: '1'
+      #     scan-type: 'image'
+      #     trivyignores: 'docker/oracle-observer/.trivyignore'
+      #     ignore-unfixed: 'true'
+      #     output: 'trivy-results.sarif'
+
+      # - name: Upload artifact
+      #   uses: actions/upload-artifact@v4
+      #   if: failure() # If Trivy found vulnerabilities
+      #   with:
+      #     name: trivy-file
+      #     path: trivy-results.sarif
+      #     retention-days: 1
+
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   if: failure() # If Trivy found vulnerabilities
+      #   with:
+      #     sarif_file: 'trivy-results.sarif'
 
   publish-observer-image:
     name: Publish image
@@ -172,29 +172,18 @@ jobs:
       contents: write
       packages: write
     runs-on: ubuntu-latest
-    outputs:
-      new_tag: ${{ steps.bump-version.outputs.new_tag }}
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Bump version and push tag
-        id: bump-version
-        uses: anothrNick/github-tag-action@1.67.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          WITH_V: false
-          DEFAULT_BUMP: minor # Making this default visible
-          TAG_CONTEXT: repo # Making this default visible
-          PRERELEASE: ${{ github.base_ref != 'refs/heads/main' }}
-          PRERELEASE_SUFFIX: ${{ github.base_ref }} # Branch name
-
-      - name: Create safe tag
-        id: safe_tag
-        run: |
-          echo "SAFE_TAG=$(echo ${{ steps.bump-version.outputs.new_tag }} | sed 's/[^a-zA-Z0-9.]/-/g')" >> $GITHUB_OUTPUT
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
+          role-session-name: "hmpps-delius-operational-automation-oracle-observer-${{ github.run_number }}"
+          aws-region: eu-west-2
 
       - name: Download Artifact
         uses: actions/download-artifact@v4
@@ -205,7 +194,7 @@ jobs:
       - name: Load and retag image for publish
         run: |
           docker load --input /tmp/oracle-observer-image.tar
-          docker tag hmpps-delius-operational-automation:${{ github.sha }} ghcr.io/ministryofjustice/hmpps-delius-operational-automation-oracle-observer:${{ steps.safe_tag.outputs.SAFE_TAG }}
+          docker tag delius-core-oracle-observer:${{ github.sha }} 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-oracle-observer:${{ github.run_id }}-${{ github.run_attempt }}
 
       - name: Log into ghcr
         uses: docker/login-action@v3
@@ -215,5 +204,6 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish image
-        run: docker push ghcr.io/ministryofjustice/hmpps-delius-operational-automation-oracle-observer:${{ steps.safe_tag.outputs.SAFE_TAG }}
+        run: docker push 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-oracle-observer:${{ github.run_id }}-${{ github.run_attempt }}, 374269020027.dkr.ecr.eu-west-2.amazonaws.com/delius-core-oracle-observer:latest
+