Organizing READMEs

.github/workflows/push-npm-from-container.yml

@@ -0,0 +1,84 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  push-npm:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - run: npm install -g pnpm
+
+    - uses: actions/checkout@v4
+
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+  
+    - name: Build the container image for npm build, with dependencies
+      run: |
+        docker build \
+          --build-arg BUILD_STEP=bundle \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Extract lib files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/src/lib
+        destination_path=lib
+
+        container_id=$(docker create "$image" "pnpm build_npm")
+        docker container start -a $container_id
+
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+
+        npm publish
+        
+        git push origin
+        git push --tags origin

README-actions.md

@@ -51,22 +51,6 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
 
 https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
 
-Within the image:
-```bash
-curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin/
-
-#To check vulnerabilities
-grype .
-#To save detailed output
-grype $MY_IMAGE -o json > vuln.json
-#OR
-grype . -o json > vuln.json
-
-#To explain the issue:
-cat vuln.json | grype explain --id CVE-2023-24537
-cat vuln2.json | grype explain --id CVE-2023-45853
-```
-
 ## Getting the word "main" (branch name) during builds
 
 If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main. 

README-vulnerability-scans.md

@@ -0,0 +1,20 @@
+# Grype
+
+https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
+
+## Fixing issues within the image
+
+```bash
+curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin/
+
+#To check vulnerabilities
+grype .
+#To save detailed output
+grype $MY_IMAGE -o json > vuln.json
+#OR
+grype . -o json > vuln.json
+
+#To explain the issue:
+cat vuln.json | grype explain --id CVE-2023-24537
+cat vuln2.json | grype explain --id CVE-2023-45853
+```