diff --git a/.github/workflows/component_docker_packaging.yml b/.github/workflows/component_docker_packaging.yml index 4d6eab43d..620e8212a 100644 --- a/.github/workflows/component_docker_packaging.yml +++ b/.github/workflows/component_docker_packaging.yml @@ -3,9 +3,9 @@ name: .. 🚧 Docker | Build and upload images as RC on: workflow_call: secrets: - DOCKER_HUB_ID: + ACABANAS_DOCKER_ID: required: true - DOCKER_HUB_PASSWORD: + ACABANAS_DOCKER_PASSWORD: required: true GPG_MAIL: required: true @@ -30,8 +30,8 @@ env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded TAG: ${{ inputs.TAG }} - DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + ACABANAS_DOCKER_ID: ${{ secrets.ACABANAS_DOCKER_ID }} + ACABANAS_DOCKER_PASSWORD: ${{ secrets.ACABANAS_DOCKER_PASSWORD }} DOCKER_PUBLISH: true FIPS: ${{ inputs.FIPS == true && '-fips' || '' }} @@ -48,8 +48,8 @@ jobs: - name: Login to DockerHub uses: docker/login-action@v1 with: - username: ${{ env.DOCKER_HUB_ID }} - password: ${{ env.DOCKER_HUB_PASSWORD }} + username: ${{ env.ACABANAS_DOCKER_ID }} + password: ${{ env.ACABANAS_DOCKER_PASSWORD }} - name: Compiling binaries for linux amd64, arm, arm64 run: make ci/prerelease/linux-for-docker${{env.FIPS}} diff --git a/.github/workflows/prerelease_linux.yml b/.github/workflows/prerelease_linux.yml index 3ce0a6b35..4d6cc2e75 100644 --- a/.github/workflows/prerelease_linux.yml +++ b/.github/workflows/prerelease_linux.yml @@ -7,109 +7,109 @@ on: - '*' jobs: - unit-test: - uses: ./.github/workflows/component_linux_unit_test.yml - secrets: - gh_token: ${{secrets.GITHUB_TOKEN}} - - proxy-tests: - uses: ./.github/workflows/component_linux_proxy_test.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - - packaging-amd64: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'amd64' - - packaging-amd64-fips: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'amd64' - FIPS: true - - packaging-arm: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'arm' - - packaging-arm64: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'arm64' - - packaging-arm64-fips: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'arm64' - FIPS: true - - packaging-legacy: - needs: [unit-test, proxy-tests] - uses: ./.github/workflows/component_linux_packaging.yml - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_MAIL: 'infrastructure-eng@newrelic.com' - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - TAG: ${{ github.event.release.tag_name }} - ARCH: 'legacy' +# unit-test: +# uses: ./.github/workflows/component_linux_unit_test.yml +# secrets: +# gh_token: ${{secrets.GITHUB_TOKEN}} +# +# proxy-tests: +# uses: ./.github/workflows/component_linux_proxy_test.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# +# packaging-amd64: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'amd64' +# +# packaging-amd64-fips: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'amd64' +# FIPS: true +# +# packaging-arm: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'arm' +# +# packaging-arm64: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'arm64' +# +# packaging-arm64-fips: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'arm64' +# FIPS: true +# +# packaging-legacy: +# needs: [unit-test, proxy-tests] +# uses: ./.github/workflows/component_linux_packaging.yml +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_MAIL: 'infrastructure-eng@newrelic.com' +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# with: +# TAG: ${{ github.event.release.tag_name }} +# ARCH: 'legacy' packaging-docker: - needs: [unit-test, proxy-tests] +# needs: [unit-test, proxy-tests] uses: ./.github/workflows/component_docker_packaging.yml secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} + ACABANAS_DOCKER_ID: ${{secrets.ACABANAS_DOCKER_ID}} + ACABANAS_DOCKER_PASSWORD: ${{secrets.ACABANAS_DOCKER_PASSWORD}} GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded @@ -117,19 +117,19 @@ jobs: with: TAG: ${{ github.event.release.tag_name }} - docker-trivy-critical: - needs: [packaging-docker] - uses: ./.github/workflows/component_trivy.yml - with: - tag: "${{ github.event.release.tag_name }}-rc" - severity: "CRITICAL" +# docker-trivy-critical: +# needs: [packaging-docker] +# uses: ./.github/workflows/component_trivy.yml +# with: +# tag: "${{ github.event.release.tag_name }}-rc" +# severity: "CRITICAL" packaging-docker-fips: - needs: [unit-test, proxy-tests] +# needs: [unit-test, proxy-tests] uses: ./.github/workflows/component_docker_packaging.yml secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} + ACABANAS_DOCKER_ID: ${{secrets.ACABANAS_DOCKER_ID}} + ACABANAS_DOCKER_PASSWORD: ${{secrets.ACABANAS_DOCKER_PASSWORD}} GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded @@ -138,85 +138,85 @@ jobs: TAG: ${{ github.event.release.tag_name }} FIPS: true - docker-fips-trivy-critical: - needs: [packaging-docker-fips] - uses: ./.github/workflows/component_trivy.yml - with: - tag: "${{ github.event.release.tag_name }}-rc" - severity: "CRITICAL" - FIPS: true - - publishing-to-s3: - # point to staging after tests - name: Publish linux artifacts into s3 staging bucket - uses: ./.github/workflows/component_linux_publish.yml - needs: [packaging-amd64, packaging-amd64-fips, packaging-arm, packaging-arm64, packaging-arm64-fips, packaging-legacy] - secrets: - DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} - DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} - AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} - AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }} - with: - ACCESS_POINT_HOST: "staging" - SCHEMA_BRANCH: "master" - RUN_ID: ${{ github.run_id }} - TAG: ${{ github.event.release.tag_name }} - AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging" - AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging" - ASSETS_TYPE: "all" - - molecule-packaging-tests: - uses: ./.github/workflows/component_molecule_packaging.yml - needs: [publishing-to-s3] - with: - TAG: ${{ github.event.release.tag_name }} - REPO_ENDPOINT: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" - - test-prerelease-linux: - needs: [molecule-packaging-tests] - uses: ./.github/workflows/component_prerelease_testing.yml - with: - PLATFORM: "linux" - TAG: ${{ github.event.release.tag_name }} - TAG_OR_UNIQUE_NAME: "${{ github.event.release.tag_name }}-linux" - secrets: - AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}} - CROWDSTRIKE_CLIENT_ID: ${{secrets.CROWDSTRIKE_CLIENT_ID}} - CROWDSTRIKE_CLIENT_SECRET: ${{secrets.CROWDSTRIKE_CLIENT_SECRET}} - CROWDSTRIKE_CUSTOMER_ID: ${{secrets.CROWDSTRIKE_CUSTOMER_ID}} - - canaries-linux: - needs: [test-prerelease-linux] - uses: ./.github/workflows/component_canaries.yml - with: - PLATFORM: "linux" - TAG: ${{ github.event.release.tag_name }} - secrets: - AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}} - CROWDSTRIKE_CLIENT_ID: ${{secrets.CROWDSTRIKE_CLIENT_ID}} - CROWDSTRIKE_CLIENT_SECRET: ${{secrets.CROWDSTRIKE_CLIENT_SECRET}} - CROWDSTRIKE_CUSTOMER_ID: ${{secrets.CROWDSTRIKE_CUSTOMER_ID}} - - get_previous_tag: - runs-on: ubuntu-latest - outputs: - previous_tag: ${{ steps.previous_tag_step.outputs.PREVIOUS_TAG }} - steps: - - uses: actions/checkout@v2 - - - id: previous_tag_step - run: ./.github/workflows/scripts/previous_version.sh ${{ github.event.release.tag_name }} >> "$GITHUB_OUTPUT" - - prune-previous-canaries-linux: - needs: [canaries-linux, get_previous_tag] - uses: ./.github/workflows/component_canaries_prune.yml - with: - PLATFORM: "linux" - TAG: ${{ needs.get_previous_tag.outputs.previous_tag }} - secrets: - AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}} +# docker-fips-trivy-critical: +# needs: [packaging-docker-fips] +# uses: ./.github/workflows/component_trivy.yml +# with: +# tag: "${{ github.event.release.tag_name }}-rc" +# severity: "CRITICAL" +# FIPS: true +# +# publishing-to-s3: +# # point to staging after tests +# name: Publish linux artifacts into s3 staging bucket +# uses: ./.github/workflows/component_linux_publish.yml +# needs: [packaging-amd64, packaging-amd64-fips, packaging-arm, packaging-arm64, packaging-arm64-fips, packaging-legacy] +# secrets: +# DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} +# DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} +# GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} +# GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded +# AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} +# AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} +# AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }} +# with: +# ACCESS_POINT_HOST: "staging" +# SCHEMA_BRANCH: "master" +# RUN_ID: ${{ github.run_id }} +# TAG: ${{ github.event.release.tag_name }} +# AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging" +# AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging" +# ASSETS_TYPE: "all" +# +# molecule-packaging-tests: +# uses: ./.github/workflows/component_molecule_packaging.yml +# needs: [publishing-to-s3] +# with: +# TAG: ${{ github.event.release.tag_name }} +# REPO_ENDPOINT: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" +# +# test-prerelease-linux: +# needs: [molecule-packaging-tests] +# uses: ./.github/workflows/component_prerelease_testing.yml +# with: +# PLATFORM: "linux" +# TAG: ${{ github.event.release.tag_name }} +# TAG_OR_UNIQUE_NAME: "${{ github.event.release.tag_name }}-linux" +# secrets: +# AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}} +# CROWDSTRIKE_CLIENT_ID: ${{secrets.CROWDSTRIKE_CLIENT_ID}} +# CROWDSTRIKE_CLIENT_SECRET: ${{secrets.CROWDSTRIKE_CLIENT_SECRET}} +# CROWDSTRIKE_CUSTOMER_ID: ${{secrets.CROWDSTRIKE_CUSTOMER_ID}} +# +# canaries-linux: +# needs: [test-prerelease-linux] +# uses: ./.github/workflows/component_canaries.yml +# with: +# PLATFORM: "linux" +# TAG: ${{ github.event.release.tag_name }} +# secrets: +# AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}} +# CROWDSTRIKE_CLIENT_ID: ${{secrets.CROWDSTRIKE_CLIENT_ID}} +# CROWDSTRIKE_CLIENT_SECRET: ${{secrets.CROWDSTRIKE_CLIENT_SECRET}} +# CROWDSTRIKE_CUSTOMER_ID: ${{secrets.CROWDSTRIKE_CUSTOMER_ID}} +# +# get_previous_tag: +# runs-on: ubuntu-latest +# outputs: +# previous_tag: ${{ steps.previous_tag_step.outputs.PREVIOUS_TAG }} +# steps: +# - uses: actions/checkout@v2 +# +# - id: previous_tag_step +# run: ./.github/workflows/scripts/previous_version.sh ${{ github.event.release.tag_name }} >> "$GITHUB_OUTPUT" +# +# prune-previous-canaries-linux: +# needs: [canaries-linux, get_previous_tag] +# uses: ./.github/workflows/component_canaries_prune.yml +# with: +# PLATFORM: "linux" +# TAG: ${{ needs.get_previous_tag.outputs.previous_tag }} +# secrets: +# AWS_VPC_SUBNET: ${{secrets.AWS_VPC_SUBNET}}