Skip to content

gha: Add diff and deploy#512

Merged
thaJeztah merged 1 commit intodocker:masterfrom
vvoland:gha
Jul 21, 2025
Merged

gha: Add diff and deploy#512
thaJeztah merged 1 commit intodocker:masterfrom
vvoland:gha

Conversation

@vvoland
Copy link
Contributor

@vvoland vvoland commented Jul 18, 2025
edited
Loading

Add scripts that will be used by https://github.com/docker/docker-install-deploy to deploy the script.

@vvoland vvoland self-assigned this Jul 18, 2025
vvoland
vvoland commented Jul 18, 2025
View reviewed changes
@vvoland vvoland requested a review from a team July 18, 2025 15:29
@vvoland vvoland marked this pull request as ready for review July 18, 2025 15:29
@thaJeztah
Copy link
Member

thaJeztah commented Jul 18, 2025

Thanks! Curious if there's be ways to keep anything "deploy" to internal repositories (without it being cumbersome); mostly trying to avoid public repositories having access to secrets, but not sure if there's a good way. Would it be possible to have an internal flow subscribe to merges (e.g.)? Maybe @crazy-max has fancy ideas.

(That's not a "no", just "are there options for this?", as these secrets might give access to critical bits).

@vvoland
Copy link
Contributor Author

vvoland commented Jul 21, 2025

Only the ID of the S3 buckets and the cloudfront distribution IDs are stored as repo secrets, but these aren't really sensitive, it's more of a security-by-obscurity.

The actual AWS credentials are obtained dynamically via OIDC and they're only accessible from the master branch alone.

We could make merge notify an internal repo and run the workflow there if we really want. Not sure if we really need though.

@742764146
Copy link

742764146 commented Jul 21, 2025 via email
edited by thaJeztah
Loading

@vvoland
Copy link
Contributor Author

vvoland commented Jul 21, 2025

Ok, fine, let's move it to internal 😅

crazy-max
crazy-max reviewed Jul 21, 2025
View reviewed changes
@vvoland vvoland changed the title gha: Add deploy workflow gha: Add diff and deploy Jul 21, 2025
@vvoland
Makefile: Add diff and deploy
20bd1ca 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland requested a review from thaJeztah July 21, 2025 12:00
thaJeztah
thaJeztah approved these changes Jul 21, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assuming kevin reviewed 😂

'LGTM"

@thaJeztah thaJeztah merged commit 3902c2f into docker:master Jul 21, 2025
9 checks passed
@swastik959 swastik959 mentioned this pull request Aug 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

+1 more reviewer

@crazy-max crazy-max crazy-max approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@vvoland vvoland

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vvoland @thaJeztah @742764146 @crazy-max