fix: address limitation in composite action accessing secrets (#54)

.github/actions/aws-marketplace-ecr-login/action.yml

@@ -4,6 +4,8 @@ inputs:
     default: "arn:aws:iam::ACCOUNTID:role/GitHubAction-AssumeRoleWithAction"
   aws-region:
     default: "us-east-1"
+  aws-marketplace-base-url:
+    default: ""
 runs:
   using: "composite"
   steps:
@@ -12,7 +14,5 @@ runs:
         role-to-assume: ${{ inputs.aws-role-arn }}
         aws-region: ${{ inputs.aws-region }}
     - run: |
-        aws ecr get-login-password --region ${{ inputs.aws-region }} | docker login --username AWS --password-stdin $MARKETPLACE_BASE_URL/camunda
+        aws ecr get-login-password --region ${{ inputs.aws-region }} | docker login --username AWS --password-stdin ${{ inputs.aws-marketplace-base-url }}/camunda
       shell: bash
-      env:
-        MARKETPLACE_BASE_URL: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}

.github/workflows/aws-marketplace-camunda-helm-chart.yaml

@@ -25,6 +25,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - run: |
           aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin $MARKETPLACE_BASE_URL

.github/workflows/aws-marketplace-connectors.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror connectors
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-elasticsearch.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror elasticsearch image
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-identity.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror identity
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-keycloak.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: web modeler restapi
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-license-manager.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: Build the docker image
         run: docker build -f aws-marketplace/license-manager/Dockerfile -t $MARKETPLACE_BASE_URL/camunda/camunda8/license-manager:$IMAGE_TAG license-manager

.github/workflows/aws-marketplace-modeler.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: Docker login to registry.camunda.cloud
         run: docker login --username "$CAMUNDA_REGISTRY_USERNAME" --password "$CAMUNDA_REGISTRY_PASSWORD" registry.camunda.cloud

.github/workflows/aws-marketplace-operate.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror operate
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-optimize.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror optimize
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-postgresql.yaml

@@ -20,6 +20,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: web modeler restapi
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-tasklist.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror tasklist
         uses: ./.github/actions/aws-marketplace-ecr-mirror

.github/workflows/aws-marketplace-zeebe.yaml

@@ -21,6 +21,7 @@ jobs:
         with:
           aws-role-arn: "arn:aws:iam::${{ secrets.DISTRO_CI_AWS_MPLACE_AWS_ACCOUNT_ID }}:role/GitHubAction-AssumeRoleWithAction"
           aws-region: "us-east-1"
+          aws-marketplace-base-url: ${{ secrets.DISTRO_CI_AWS_MPLACE_BASE_URL }}
 
       - name: mirror zeebe
         uses: ./.github/actions/aws-marketplace-ecr-mirror