self-host/.github/workflows/DCT-test.yml

name: Test DCT

on:
  workflow_dispatch: {}

env:
  _AZ_REGISTRY: bitwardenprod.azurecr.io

jobs:
  test-dct:
    name: Pull and push images to DH to test DCT
    runs-on: ubuntu-22.04
    env:
      _REPO: mssqlmigratorutility
      _IMAGE_TAG: latest
    steps:

      - name: Login to Azure - Prod Subscription
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

      - name: Login to Azure ACR
        run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}

      ########## DockerHub ##########
      - name: Setup DCT
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@main
        with:
          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"

      - name: Pull and tag image from ACR
        run: |
          docker pull $_AZ_REGISTRY/$_REPO:$_IMAGE_TAG
          docker tag $_AZ_REGISTRY/$_REPO:$_IMAGE_TAG bitwarden/$_REPO:$_IMAGE_TAG

      - name: Push image to Docker Hub
        env:
          DOCKER_CONTENT_TRUST: 1
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
        run: docker push bitwarden/$_REPO:$_IMAGE_TAG

      - name: Log out of Docker and disable Docker Notary
        run: |
          docker logout
          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV