Adding workflows

2025-01-29 20:15:13 +05:30 · 2025-01-29 20:15:13 +05:30 · b85b495644
commit b85b495644
parent e87ead4605
6 changed files with 187 additions and 10 deletions
--- a/.github/workflows/base-build-image.yml
+++ b/.github/workflows/base-build-image.yml
@ -0,0 +1,58 @@
+name: Build base images (Generally from basin repo)
+
+on:
+  workflow_call:
+    inputs:
+      image_tag:
+        required: true
+        type: string
+
+jobs:
+  docker-build-and-push:
+
+    runs-on: ubuntu-22.04 #ubuntu-latest
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        echo "DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
+
+    - name: Print image name
+      run: |
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Container Registry
+      # if: ${{ github.event_name == 'push' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build and push the Docker image
+      run: |
+        docker build \
+          --file context/Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          ./context;
+
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Scan Docker Image for vulnerabilities with Grype
+      uses: anchore/scan-action@v6
+      with:
+        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true
+
+    - name: Push the container image
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
--- a/.github/workflows/pr-lint-and-check.yml
+++ b/.github/workflows/pr-lint-and-check.yml
@ -13,8 +13,6 @@ jobs:
    - uses: actions/setup-node@v4
      with:
        node-version: 22
-        registry-url: ${{ vars.NPM_REGISTRY }}
-        token: ${{ secrets.NPM_TOKEN }}

    - name: Install npm dependencies
      run: |
--- a/.github/workflows/push-container.yml
+++ b/.github/workflows/push-container.yml
@ -7,7 +7,8 @@ env:
  REPO: ${{ github.repository }}

 jobs:
-  container-push:
+
+  container-build-and-push:
    runs-on: ubuntu-22.04
    steps:
    - id: get-id
@ -29,9 +30,9 @@ jobs:
    - name: Login to docker container registry
      uses: docker/login-action@v3
      with:
-        registry: ${{ vars.docker_repo2_registry }}
-        username: ${{ vars.docker_repo2_username }}
-        password: ${{ vars.docker_repo2_password }}
+        registry: ${{ secrets.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}

    - name: Build the container image
      run: |
--- a/.github/workflows/push-image-scan.yml
+++ b/.github/workflows/push-image-scan.yml
@ -4,7 +4,7 @@ on:
  workflow_call:

 env:
-  REPO: ${{ github.repository }}/temp #Add /temp for PR workflow
+  REPO: ${{ github.repository }}/temp #Add /temp for temporary images

 jobs:

@ -31,9 +31,9 @@ jobs:
    - name: Login to docker container registry
      uses: docker/login-action@v3
      with:
-        registry: ${{ vars.docker_repo2_registry }}
-        username: ${{ vars.docker_repo2_username }}
-        password: ${{ vars.docker_repo2_password }}
+        registry: ${{ secrets.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}

    - name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
      # Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=$BUILD_ID \
--- a/.github/workflows/push-npm.yml
+++ b/.github/workflows/push-npm.yml
@ -0,0 +1,47 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  npm-push:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - run: pnpm build
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+
+        npm publish
+        
+        git push origin
+        git push --tags origin
--- a/.github/workflows/push-s3.yml
+++ b/.github/workflows/push-s3.yml
@ -0,0 +1,73 @@
+name: Docker Image CI
+
+on:
+  workflow_call:
+
+# Org Secrets are available on push event. Not pull_request event.
+
+env:
+  REPO: ${{ github.repository }}
+  REPO_SHORT_NAME: ${{ github.event.repository.name }}
+
+jobs:
+
+  s3-push:
+    runs-on: ubuntu-22.04
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+      
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ secrets.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+
+    - name: Build the container image
+      run: |
+        docker build \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+    
+    - name: Extract cloud files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/cloud
+        destination_path=cloud
+
+        container_id=$(docker create "$image")
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+        echo "Running: ls $destination_path"
+        ls $destination_path
+
+    - name: Upload cloud files
+      uses: sahil87/aws-cli-action@v1.3
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
+        AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
+      with:
+        args: >
+          s3 cp \
+          --recursive \
+          --cache-control max-age=31536000\
+          --storage-class 'STANDARD_IA' \
+          cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}