From d3f05d35a8ddb93a4eb3913321754876fe1877a2 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 14 Mar 2022 13:49:46 +0800
Subject: [PATCH 1/3] ci(cross build): fix login error for aws ecr

---
 .github/workflows/build_packages.yaml | 36 +++++++++++++++------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index ad69549c8..ce4542b4e 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -427,8 +427,7 @@ jobs:
     - uses: docker/build-push-action@v2
       with:
         push: >
-          ${{ (github.event_name == 'release' && !github.event.release.prerelease)
-          || (github.event.repository.owner != 'emqx' && startsWith(github.ref_name, 'ci/')) }}
+          ${{ (github.event_name == 'release' && !github.event.release.prerelease) }}
         pull: true
         no-cache: true
         platforms: linux/${{ matrix.arch }}
@@ -442,22 +441,22 @@ jobs:
         context: source
 
     - uses: aws-actions/configure-aws-credentials@v1
-      if: matrix.profile == 'emqx'
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+      with:
+        registries: "public.ecr.aws"
+
     - name: Docker push to aws ecr
-      if: >
-        ${{ (github.event_name == 'release' && !github.event.release.prerelease && matrix.profile == 'emqx')
-        || (github.event.repository.owner != 'emqx' && startsWith(github.ref_name, 'ci/')) }}
+      if: matrix.profile == 'emqx' && matrix.arch == 'amd64' && startsWith(github.ref, 'refs/tags/')
       run: |
-        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-        for tag in $(echo ${{ steps.meta.outputs.json }} | jq  -c '.tags[]'); do
-          docker pull "$tag"
-          docker tag "$tag" "public.ecr.aws/$tag"
-          docker push "public.ecr.aws/$tag"
-        done
+        IsPushLatest=${{ github.event_name == 'release' && !github.event.release.prerelease }};
+        scripts/docker-create-push-manifests.sh "${{ steps.login-ecr.outputs.registry }}/${{ steps.meta.outputs.tags }}" "$IsPushLatest"
 
   docker-push-multi-arch-manifest:
     # note, we only run on amd64
@@ -563,17 +562,22 @@ jobs:
           scripts/docker-create-push-manifests.sh "${{ steps.meta.outputs.tags }}" "$IsPushLatest"
 
       - uses: aws-actions/configure-aws-credentials@v1
-        if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registries: "public.ecr.aws"
+
       - name: Docker push to aws ecr
-        if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
+        if: matrix.profile == 'emqx' && matrix.arch == 'amd64' && startsWith(github.ref, 'refs/tags/')
         run: |
-          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
           IsPushLatest=${{ github.event_name == 'release' && !github.event.release.prerelease }};
-          scripts/docker-create-push-manifests.sh "public.ecr.aws/${{ steps.meta.outputs.tags }}" "$IsPushLatest"
+          scripts/docker-create-push-manifests.sh "${{ steps.login-ecr.outputs.registry }}/${{ steps.meta.outputs.tags }}" "$IsPushLatest"
 
   upload:
     runs-on: ubuntu-20.04

From 20e2c41975dafd60546e86f4c8490d00166d7692 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 15 Mar 2022 11:29:55 +0800
Subject: [PATCH 2/3] ci(cross build): add more if conditions

---
 .github/workflows/build_packages.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index ce4542b4e..69821c7b7 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -427,7 +427,8 @@ jobs:
     - uses: docker/build-push-action@v2
       with:
         push: >
-          ${{ (github.event_name == 'release' && !github.event.release.prerelease) }}
+          ${{ (github.event_name == 'release' && !github.event.release.prerelease)
+          || (github.event.repository.owner != 'emqx' && startsWith(github.ref_name, 'ci/')) }}
         pull: true
         no-cache: true
         platforms: linux/${{ matrix.arch }}
@@ -441,12 +442,14 @@ jobs:
         context: source
 
     - uses: aws-actions/configure-aws-credentials@v1
+      if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
 
     - name: Login to Amazon ECR
+      if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
       id: login-ecr
       uses: aws-actions/amazon-ecr-login@v1
       with:
@@ -562,12 +565,14 @@ jobs:
           scripts/docker-create-push-manifests.sh "${{ steps.meta.outputs.tags }}" "$IsPushLatest"
 
       - uses: aws-actions/configure-aws-credentials@v1
+        if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
 
       - name: Login to Amazon ECR
+        if: matrix.profile == 'emqx' && matrix.arch == 'amd64'
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
         with:

From 2f7f0211974dfcd1b5193a0662e26efc024b81b3 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 15 Mar 2022 11:34:03 +0800
Subject: [PATCH 3/3] ci(cross build): fix push aws ecr error when single arch
 image

---
 .github/workflows/build_packages.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 69821c7b7..04abbe704 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -458,8 +458,11 @@ jobs:
     - name: Docker push to aws ecr
       if: matrix.profile == 'emqx' && matrix.arch == 'amd64' && startsWith(github.ref, 'refs/tags/')
       run: |
-        IsPushLatest=${{ github.event_name == 'release' && !github.event.release.prerelease }};
-        scripts/docker-create-push-manifests.sh "${{ steps.login-ecr.outputs.registry }}/${{ steps.meta.outputs.tags }}" "$IsPushLatest"
+        for tag in $(echo ${{ steps.meta.outputs.json }} | jq  -c '.tags[]'); do
+          docker pull "$tag"
+          docker tag "$tag" "${{ steps.login-ecr.outputs.registry }}/$tag"
+          docker push "${{ steps.login-ecr.outputs.registry }}/$tag"
+        done
 
   docker-push-multi-arch-manifest:
     # note, we only run on amd64