dhi: update fips attestation (#23163) #5126

Summary
Jobs
- publish
Run details
- Usage
- Workflow file

Workflow file for this run

	name: deploy
	# Deploys the Docker Docs website when merging to the `main` branch.
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	- lab

	env:
	# Use edge release of buildx (latest RC, fallback to latest stable)
	SETUP_BUILDX_VERSION: edge
	SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"

	# these permissions are needed to interact with GitHub's OIDC Token endpoint.
	permissions:
	id-token: write
	contents: read

	# The `main` branch is deployed to the production environment.
	# The `lab` branch is deployed to a separate environment for testing purposes.
	jobs:
	publish:
	runs-on: ubuntu-24.04
	if: github.repository_owner == 'docker'
	steps:
	-
	name: Prepare
	run: \|
	DOCS_AWS_REGION=us-east-1
	HUGO_ENV=production
	if [ "${{ github.ref }}" = "refs/heads/main" ]; then
	DOCS_URL="https://docs.docker.com"
	DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/prod-docs-docs.docker.com-20220818202218674300000001"
	DOCS_S3_BUCKET="prod-docs-docs.docker.com"
	DOCS_S3_CONFIG="s3-config.json"
	DOCS_CLOUDFRONT_ID="E228TTN20HNU8F"
	DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-prod"
	DOCS_SLACK_MSG="Successfully deployed docs from the main branch. $DOCS_URL"
	elif [ "${{ github.ref }}" = "refs/heads/lab" ]; then
	HUGO_ENV=lab
	DOCS_URL="https://docs-labs.docker.com"
	DOCS_AWS_IAM_ROLE="arn:aws:iam::710015040892:role/labs-docs-docs.docker.com-20220818202218402500000001"
	DOCS_S3_BUCKET="labs-docs-docs.docker.com"
	DOCS_S3_CONFIG="s3-config.json"
	DOCS_CLOUDFRONT_ID="E1MYDYF65FW3HG"
	DOCS_LAMBDA_FUNCTION_REDIRECTS="DockerDocsRedirectFunction-labs"
	else
	echo >&2 "ERROR: unknown branch ${{ github.ref }}"
	exit 1
	fi
	SEND_SLACK_MSG="true"
	if [ -z "$DOCS_AWS_IAM_ROLE" ] \|\| [ -z "$DOCS_S3_BUCKET" ] \|\| [ -z "$DOCS_CLOUDFRONT_ID" ] \|\| [ -z "$DOCS_SLACK_MSG" ]; then
	SEND_SLACK_MSG="false"
	fi
	echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
	echo "HUGO_ENV=$HUGO_ENV" >> $GITHUB_ENV
	echo "DOCS_URL=$DOCS_URL" >> $GITHUB_ENV
	echo "DOCS_AWS_REGION=$DOCS_AWS_REGION" >> $GITHUB_ENV
	echo "DOCS_AWS_IAM_ROLE=$DOCS_AWS_IAM_ROLE" >> $GITHUB_ENV
	echo "DOCS_S3_BUCKET=$DOCS_S3_BUCKET" >> $GITHUB_ENV
	echo "DOCS_S3_CONFIG=$DOCS_S3_CONFIG" >> $GITHUB_ENV
	echo "DOCS_CLOUDFRONT_ID=$DOCS_CLOUDFRONT_ID" >> $GITHUB_ENV
	echo "DOCS_LAMBDA_FUNCTION_REDIRECTS=$DOCS_LAMBDA_FUNCTION_REDIRECTS" >> $GITHUB_ENV
	echo "DOCS_SLACK_MSG=$DOCS_SLACK_MSG" >> $GITHUB_ENV
	echo "SEND_SLACK_MSG=$SEND_SLACK_MSG" >> $GITHUB_ENV
	-
	name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	-
	name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	version: ${{ env.SETUP_BUILDX_VERSION }}
	driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
	-
	name: Build website
	uses: docker/bake-action@v6
	with:
	source: .
	files: \|
	docker-bake.hcl
	targets: release
	provenance: false
	-
	name: Configure AWS Credentials
	if: ${{ env.DOCS_AWS_IAM_ROLE != '' }}
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }}
	aws-region: ${{ env.DOCS_AWS_REGION }}
	-
	name: Upload files to S3 bucket
	if: ${{ env.DOCS_S3_BUCKET != '' }}
	run: \|
	aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
	--acl public-read \
	--delete \
	--exclude "*" \
	--include "*.webp" \
	--metadata-directive="REPLACE" \
	--no-guess-mime-type \
	--content-type="image/webp" \
	public s3://${{ env.DOCS_S3_BUCKET }}/
	aws --region ${{ env.DOCS_AWS_REGION }} s3 sync \
	--acl public-read \
	--delete \
	--exclude "*.webp" \
	public s3://${{ env.DOCS_S3_BUCKET }}/
	-
	name: Update S3 config
	if: ${{ env.DOCS_S3_BUCKET != '' && env.DOCS_S3_CONFIG != '' }}
	uses: docker/bake-action@v6
	with:
	source: .
	files: \|
	docker-bake.hcl
	targets: aws-s3-update-config
	env:
	AWS_REGION: ${{ env.DOCS_AWS_REGION }}
	AWS_S3_BUCKET: ${{ env.DOCS_S3_BUCKET }}
	AWS_S3_CONFIG: ${{ env.DOCS_S3_CONFIG }}
	-
	name: Update Cloudfront config
	if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
	uses: docker/bake-action@v6
	with:
	source: .
	files: \|
	docker-bake.hcl
	targets: aws-cloudfront-update
	env:
	AWS_REGION: us-east-1 # cloudfront and lambda edge functions are only available in us-east-1 region
	AWS_CLOUDFRONT_ID: ${{ env.DOCS_CLOUDFRONT_ID }}
	AWS_LAMBDA_FUNCTION: ${{ env.DOCS_LAMBDA_FUNCTION_REDIRECTS }}
	-
	name: Invalidate Cloudfront cache
	if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
	run: \|
	aws cloudfront create-invalidation --distribution-id ${{ env.DOCS_CLOUDFRONT_ID }} --paths "/*"
	env:
	AWS_REGION: us-east-1 # cloudfront is only available in us-east-1 region
	AWS_MAX_ATTEMPTS: 5
	-
	name: Send Slack notification
	if: ${{ env.SEND_SLACK_MSG == 'true' }}
	run: \|
	curl -X POST -H 'Content-type: application/json' --data '{"text":"${{ env.DOCS_SLACK_MSG }}"}' ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

dhi: update fips attestation (#23163) #5126

Workflow file

dhi: update fips attestation (#23163) #5126

Uh oh!

Jobs

Run details

Workflow file for this run