From dcb6292d0c4871fdb2f4343a6fe3a9f4908927d6 Mon Sep 17 00:00:00 2001
From: mariano-arago <arago.mariano@gmail.com>
Date: Mon, 7 Jul 2025 17:04:51 -0300
Subject: [PATCH] Add ECR

---
 .github/workflows/docker.yml   | 59 +++++++++++++---------------------
 .github/workflows/unstable.yml | 27 ++++++++++++----
 2 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index e4ecd06..6b2a945 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -3,15 +3,19 @@ name: docker
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
     branches:
-      - master
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.run_number || github.event.pull_request.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   docker:
     name: Build Docker image
@@ -28,32 +32,22 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to Artifactory
-        if: ${{ github.event_name == 'push' }}
+      - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
-          registry: splitio-docker-dev.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
-          password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
-
-      - name: Create build version
-        run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
 
-      - name: Docker build
-        uses: docker/build-push-action@v6
+      - name: Configure AWS credentials
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          context: .
-          push: ${{ github.event_name == 'push' }}
-          platforms: linux/amd64,linux/arm64
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}},splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:latest
+          role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }}
+          aws-region: us-east-1
 
-  lacework:
-    name: Scan Docker image
-    if: ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - name: Login to Amazon ECR
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/amazon-ecr-login@v2
 
       - name: Create build version
         run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV
@@ -62,17 +56,8 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: false
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}}
-          build-args: |
-            ARTIFACTORY_USER=${{ secrets.ARTIFACTORY_USER }}
-            ARTIFACTORY_TOKEN=${{ secrets.ARTIFACTORY_TOKEN }}
-
-      - name: Scan container using Lacework
-        uses: lacework/lw-scanner-action@v1.4.5
-        with:
-          LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
-          LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-          IMAGE_NAME: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}
-          IMAGE_TAG: ${{ env.BUILD_VERSION}}
-          SAVE_RESULTS_IN_LACEWORK: true
+          push: ${{ github.event_name == 'push' }}
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}:${{ env.BUILD_VERSION }}
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}:latest
diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml
index ee40538..bdd1cad 100644
--- a/.github/workflows/unstable.yml
+++ b/.github/workflows/unstable.yml
@@ -3,19 +3,33 @@ name: unstable
 on:
   push:
     branches-ignore:
-      - master
+      - main
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
   push-docker-image:
     name: Build and Push Docker Image
     runs-on: ubuntu-latest
     steps:
-      - name: Login to DockerHub
+      - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
-          registry: splitio-docker-dev.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
-          password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
+
+      - name: Configure AWS credentials
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        if: ${{ github.event_name == 'push' }}
+        uses: aws-actions/amazon-ecr-login@v2
 
       - name: Checkout code
         uses: actions/checkout@v4
@@ -37,4 +51,5 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.SHORT_SHA}}
+          tags: |
+            ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}:${{ env.SHORT_SHA }}