DEVOPS-1391 REFACTOR: server build workflow to use setup-docker-trust GitHub Action (#3040)

2025-04-05 05:00:19 -05:00 · 2023-06-23 11:12:54 -06:00 · 2023-06-23 11:12:54 -06:00 · 4c61d05b24
commit 4c61d05b24
parent 62ae9cb695
1 changed files with 5 additions and 10 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -317,17 +317,12 @@ jobs:
          DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
        run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin

-      - name: Setup Docker Trust
+      - name: Setup Docker Content Trust (DCT)
        if: ${{ env.is_publish_branch == 'true' }}
-        env:
-          DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
-          DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
-          DCT_REPO_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
-        run: |
-          mkdir -p ~/.docker/trust/private
-          echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
-          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV
+        uses: bitwarden/gh-actions/setup-docker-trust@f955298c7a982b3fb5dbb73afd582c584fd5beec
+        with:
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          azure-keyvault-name: "bitwarden-ci"

      ########## Generate image tag and build Docker image ##########
      - name: Generate Docker image tag