From b5b313313b1c903fe4c0f7f62375c21372da552e Mon Sep 17 00:00:00 2001 From: Satyam Zode Date: Wed, 25 Mar 2026 18:19:34 +0530 Subject: [PATCH 1/4] Push friendbot image to ECR public registry Signed-off-by: Satyam Zode --- .github/workflows/docker.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e050aa9f..d20fd800 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -74,3 +74,34 @@ jobs: context: 'docker.io/${{ needs.setup.outputs.tag }}', description: 'Available', }); + + push-ecr-public: + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + needs: [setup, build] + permissions: + id-token: write + contents: read + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v5 + with: + pattern: image-amd64 + path: /tmp/ + - run: | + docker load -i /tmp/image + - name: ECR Login via OIDC + id: ecr-login + uses: stellar/ops/.github/actions/ecr-login@main + with: + aws-region: 'us-east-1' + login-public-ecr: 'true' + - name: Push image to Amazon ECR public repository + env: + ECR_REGISTRY: ${{ steps.ecr-login.outputs.ecr-registry }} + ECR_PUBLIC_REGISTRY: ${{ steps.ecr-login.outputs.ecr-public-registry }} + REGISTRY_ALIAS: stellar + REPOSITORY: friendbot + IMAGE_TAG: ${{ github.sha }} + run: | + docker tag "${{ needs.setup.outputs.tag }}" "$ECR_PUBLIC_REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG" + docker push "$ECR_PUBLIC_REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG" From 573e0de83e0e86048cb03df60592bebda27f97af Mon Sep 17 00:00:00 2001 From: Satyam Zode Date: Wed, 25 Mar 2026 18:47:43 +0530 Subject: [PATCH 2/4] Update version for sdf aws ecr composite action Signed-off-by: Satyam Zode --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d20fd800..1b1bf952 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -91,7 +91,7 @@ jobs: docker load -i /tmp/image - name: ECR Login via OIDC id: ecr-login - uses: stellar/ops/.github/actions/ecr-login@main + uses: stellar/ops/.github/actions/ecr-login@v1 with: aws-region: 'us-east-1' login-public-ecr: 'true' From 9fbaf4cccc86ce22e197d83a18b4bffbb865a097 Mon Sep 17 00:00:00 2001 From: Satyam Zode Date: Wed, 25 Mar 2026 18:49:59 +0530 Subject: [PATCH 3/4] Remove unused repository variable Signed-off-by: Satyam Zode --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1b1bf952..a61fa872 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -97,7 +97,6 @@ jobs: login-public-ecr: 'true' - name: Push image to Amazon ECR public repository env: - ECR_REGISTRY: ${{ steps.ecr-login.outputs.ecr-registry }} ECR_PUBLIC_REGISTRY: ${{ steps.ecr-login.outputs.ecr-public-registry }} REGISTRY_ALIAS: stellar REPOSITORY: friendbot From f815974cca96bbe88b2a487d725ed441cc1c20f9 Mon Sep 17 00:00:00 2001 From: Satyam Zode Date: Fri, 27 Mar 2026 16:30:43 +0530 Subject: [PATCH 4/4] Update actions to use sdf actions with secrets Signed-off-by: Satyam Zode --- .github/workflows/docker.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a61fa872..50aefc44 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -91,8 +91,10 @@ jobs: docker load -i /tmp/image - name: ECR Login via OIDC id: ecr-login - uses: stellar/ops/.github/actions/ecr-login@v1 + uses: stellar/actions/sdf-ecr-login@main with: + aws-oidc-role: ${{ secrets.AWS_GITHUB_OIDC_ROLE }} # required + aws-ecr-login-role: ${{ secrets.AWS_ECR_LOGIN_ROLE }} # required aws-region: 'us-east-1' login-public-ecr: 'true' - name: Push image to Amazon ECR public repository