From 8da07dce9eac917410823c76d91437a461b42550 Mon Sep 17 00:00:00 2001
From: bhvishal <vish.bhargava91@gmail.com>
Date: Wed, 21 Aug 2024 12:15:22 +0200
Subject: [PATCH] Minor modification to the deploy workflow

---
 .github/workflows/deploy.yml                      |  1 +
 .github/workflows/helpers-build-docker-image.yaml | 10 +++++-----
 .github/workflows/helpers-deploy-argo.yaml        | 10 +++++++++-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4f20977..b6b29aa 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -10,3 +10,4 @@ jobs:
     uses: ./.github/workflows/helpers-deploy-argo.yaml
     secrets:
       GH_PAT: ${{ secrets.GH_PAT }}
+      ECR_ROLE_ARN: ${{ github.ref == 'refs/heads/production' && secrets.PRODUCTION_ECR_ROLE_ARN || secrets.STAGING_ECR_ROLE_ARN }}
diff --git a/.github/workflows/helpers-build-docker-image.yaml b/.github/workflows/helpers-build-docker-image.yaml
index 2152e5e..e60cbb6 100644
--- a/.github/workflows/helpers-build-docker-image.yaml
+++ b/.github/workflows/helpers-build-docker-image.yaml
@@ -10,10 +10,6 @@ on:
         description: The AWS region to use for ECR
         required: false
         type: string
-      aws-role-arn:
-        description: The AWS role to assume for ECR
-        required: true
-        type: string
       docker_file_path:
         description: >
           "The path to the Dockerfile to use for building the image. For example:
@@ -30,6 +26,10 @@ on:
         description: The platforms to build for
         required: false
         type: string
+    secrets:
+      ECR_ROLE_ARN:
+        description: The ECR role ARN
+        required: true
     outputs:
       image-tag:
         description: The docker image tag
@@ -59,7 +59,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ inputs.aws-region }}
-          role-to-assume: ${{ inputs.aws-role-arn }}
+          role-to-assume: ${{ secrets.ECR_ROLE_ARN }}
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
diff --git a/.github/workflows/helpers-deploy-argo.yaml b/.github/workflows/helpers-deploy-argo.yaml
index 26d3194..a191c55 100644
--- a/.github/workflows/helpers-deploy-argo.yaml
+++ b/.github/workflows/helpers-deploy-argo.yaml
@@ -5,10 +5,18 @@ name: helpers-deploy-argo
 
 on:
   workflow_call:
+    inputs:
+      aws-role-arn:
+        description: "The AWS role to assume for ECR"
+        required: true
+        type: string
     secrets:
       GH_PAT:
         description: "The GitHub Personal Access Token to use for checking out the helm-config repository"
         required: true
+      ECR_ROLE_ARN:
+        description: "The ECR role ARN"
+        required: true
 
 permissions:
   contents: write
@@ -20,8 +28,8 @@ jobs:
     uses: ./.github/workflows/helpers-build-docker-image.yaml
     name: Build Docker image
     with:
-      aws-role-arn: ${{ github.ref == 'refs/heads/production' && vars.PRODUCTION_ECR_ROLE_ARN || vars.STAGING_ECR_ROLE_ARN }}
       docker_file_path: Dockerfile
+    secrets: inherit
 
   update-helm-values:
     name: Update Helm values