gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update

Browse Source
This commit is contained in:
Sahil Ahuja 2025-02-05 19:38:45 +05:30
parent cd28dd385b
commit f280a99559
11 changed files with 712 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.github/unused/actions-base.Dockerfile vendored Normal file
View File

@ -0,0 +1,43 @@
FROM node:22-bookworm-slim
#Use an entrypoint that simply lists out all commands sent to it
COPY entryPoint.sh /src/fab/entryPoint.sh
ENTRYPOINT ["/src/fab/entryPoint.sh"]
#node:18 image already has a user node with uid:gid 1000:1000
#We add it to sudo list
RUN export DEBIAN_FRONTEND="noninteractive" \
&& apt-get update \
&& apt-get install -y \
# sudo \
less \
#Neededd for git commits during builds
# git \
#Needed for triggering next step of builds
# curl \
&& rm -rf /var/lib/apt/lists/* \
# && usermod -aG sudo node \
# && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
#Creating a few base folders that child dockers may need
&& mkdir -p /src && chown node /src \
&& mkdir -p /cloud && chown node /cloud \
&& mkdir -p /build && chown node /build \
# && npm install -g npm@10.8.2 \
&& npm install -g pnpm
USER node
# upgrade pnpm to latest version
#&& source ~/.bashrc \ #doesn't work
#Also, "pnpm add -g pnpm" needs be in "~" to work - it doesn't work from "/" dir (not sure why).
RUN SHELL=bash pnpm setup \
&& export PNPM_HOME="~/.local/share/pnpm" && export PATH="$PNPM_HOME:$PATH" \
&& cd ~ && pnpm add -g pnpm
RUN echo '\nalias p="pnpm"' >> ~/.bashrc
WORKDIR /src
#Allow image to be used standalone without any commands:
CMD ["tail", "-f", "/dev/null"]
#CMD ["sleep", "inf"]

43
.github/unused/build-base-image.yml vendored Normal file
View File

@ -0,0 +1,43 @@
name: Build the docker base image weekly
# on: [push]
on:
push:
# branches:
# - main
schedule:
- cron: "0 6 * * 5" #Every Friday@11:30 AM IST (6:00 GMT)
# Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
env:
DOCKER_REGISTRY: ${{ vars.docker_repo2_registry }}
REPO: ${{ github.repository }}
DOCKER_IMAGE: ${{ vars.docker_repo2_registry }}/${{ github.repository }}:base-v2
jobs:
docker-build-and-push:
runs-on: ubuntu-22.04 #ubuntu-latest
# if: ${{ github.event_name == 'push' }}
steps:
- uses: actions/checkout@v4
- name: Login to Docker Container Registry
# if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the Base Docker image
run: |
docker build \
--file fab/d/actions-base.Dockerfile \
--tag $DOCKER_IMAGE \
./fab/context/;
- name: Push the Docker image
# if: ${{ github.event_name == 'push' }}
run: |
docker push $DOCKER_IMAGE

32
.github/unused/demo.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: Gitea Actions Demo
run-name: ${{ github.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v4
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
echo "var.DOCKER_REPO2_REGISTRY" repo2.hub.gmetri.io
echo "github.repository" ${{ github.repository }}
echo "github.ref_name" ${{ github.ref_name }}
- run: echo "🍏 This job's status is ${{ job.status }}."
# Gitea action runners
# - "ubuntu-latest:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-latest"
# - "ubuntu-22.04:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-22.04"
# - "ubuntu-20.04:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-20.04"
# - "ubuntu-latest-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-latest-slim"
# - "ubuntu-22.04-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-22.04-slim"
# - "ubuntu-20.04-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-20.04-slim"

91
.github/unused/docker-publish.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
schedule:
- cron: $cron-daily
push:
branches: [ $default-branch ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ $default-branch ]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ${{ vars.docker_repo2_registry }}
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
with:
cosign-release: 'v2.2.4'
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

54
.github/unused/docker-push.yml vendored Normal file
View File

@ -0,0 +1,54 @@
name: Docker Image CI
on: [push]
# on:
# push:
# branches: [ $default-branch ]
# pull_request:
# branches: [ $default-branch ]
env:
IMAGE_NAME: repo2.hub.gmetri.io/${{ github.repository }}:${{ github.ref_name }}-v9
jobs:
docker-build-and-push:
runs-on: ubuntu-22.04
steps:
- name: Debug
run: |
ls ${{ github.workspace }}
echo "VARS"
echo "vars.docker_repo2_username" ${{vars.docker_repo2_username}}
echo "SECRETS"
echo "secrets.docker_repo2_password2" ${{ secrets.docker_repo2_password2 }}
echo "CONTEXT"
echo "github.repository" ${{ github.repository }}
echo "github.ref_name" ${{ github.ref_name }}
- uses: docker/login-action@v3
name: Login to GitHub Container Registry
with:
registry: repo2.hub.gmetri.io
username: ${{ vars.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
- uses: actions/checkout@v4
- name: List files in the repository
run: |
ls ${{ github.workspace }} && \
echo "VARS"
echo "var.DOCKER_REPO2_REGISTRY" ${{ vars.DOCKER_REPO2_REGISTRY }}
echo "CONTEXT"
echo "github.repository" ${{ github.repository }}
echo "github.ref_name" ${{ github.ref_name }}
- name: Build the Docker image
run: |
docker build ./context --file context/Dockerfile --tag $IMAGE_NAME && \
docker push $IMAGE_NAME
# my-image-name:$(date +%s)
# ${DRONE_BRANCH//\//-}-v8

49
.github/unused/trigger-cs-job.yml vendored Normal file
View File

@ -0,0 +1,49 @@
name: Manually trigger a cs repo workflow
on:
workflow_dispatch:
inputs:
image:
type: choice
description: Image to deploy
options:
- repo2.hub.gmetri.io/dt-api
- repo2.hub.gmetri.io/gmetrivr/dt-api
tag:
description: Tag to deploy
required: true
type: string
env:
DEPLOY_REPO: gmetrivr/cs-dt
jobs:
trigger-cs-job:
runs-on: ubuntu-22.04
permissions:
issues: write
steps:
- name: run workflow from cs repo
run: |
echo "Inputs:: image:${{ inputs.image }} tag: ${{ inputs.tag }}";
echo "github.api_url: ${{ github.api_url }}";
ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ inputs.image }}\", \"tag\": \"${{ inputs.tag }}\" }" | jq tostring`
echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
echo API_JSON_BODY: $API_JSON_BODY
# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
echo curl -X 'POST' \
'${{ github.api_url }}/repos/${{ env.DEPLOY_REPO }}/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY
curl -X 'POST' \
'${{ github.api_url }}/repos/${{ env.DEPLOY_REPO }}/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY

42
.github/unused/update-repo-version.yml vendored Normal file
View File

@ -0,0 +1,42 @@
name: Update Repo Version Workflow
on:
workflow_call:
inputs:
branch:
description: "Branch getting released. (branch 'release' might update a different image)"
default: main
required: false
type: string
image:
description: "Name of the image"
required: true
type: string
tag:
description: "Tag of the image"
required: true
type: string
env:
REPO: ${{ github.repository }}
jobs:
npm-push:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
pwd; ls -al;
echo ./drone/repo_to_cs.sh -m ${{ inputs.image }} -t ${{ inputs.tag }} -b ${{ inputs.branch }}
# git push origin main
# git push --tags origin main

149
.github/unused/v1-lint-and-build.yml vendored Normal file
View File

@ -0,0 +1,149 @@
name: Docker Image CI
# on: [push]
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
DOCKER_REGISTRY: ${{ vars.docker_repo2_registry }}
REPO: ${{ github.repository }}
jobs:
image-vulnerability-scan:
runs-on: ubuntu-22.04 #ubuntu-latest
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{github.sha}};
ID=${SHA:0:8};
echo "ID=$ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:temp-$ID" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "${{ steps.get-id.outputs.ID }}";
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to Docker Container Registry
# if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the Docker image
# Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
run: |
docker build \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Scan Docker Image for vulnerabilities with Grype
uses: anchore/scan-action@v6
with:
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true
npm-push:
runs-on: ubuntu-22.04 #ubuntu-latest
if: ${{ github.event_name == 'push' }}
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install NPM Dependencies
run: |
npm install -g pnpm
pnpm install
- name: Lint & Check
run: |
pnpm lint
pnpm check
- run: pnpm build
#If this is a merge of a pull request, GITHUB_BASE_REF will contain main.
#But if this is a direct commit on the main branch, then GITHUB_REF_NAME will contain main
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
# BRANCH_NAME: ${{ github.base_ref || github.ref_name }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
git push origin
git push --tags origin
docker-build-and-push:
runs-on: ubuntu-22.04 #ubuntu-latest
# if: ${{ github.event_name == 'push' }}
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{github.sha}};
ID=${SHA:0:8};
echo "ID=$ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:$ID" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "${{ steps.get-id.outputs.ID }}";
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to Docker Container Registry
# if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the Docker image
run: |
docker build \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "Image size $IMAGE_SIZE";
- name: Push the Docker image
if: ${{ github.event_name == 'push' }}
run: |
docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }};
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "Pushed $IMAGE_SIZE image ${{ steps.get-id.outputs.DOCKER_IMAGE }}";

80
.github/unused/v2-pr-workflow.yml vendored Normal file
View File

@ -0,0 +1,80 @@
name: Docker Image CI
on:
pull_request:
branches:
- main
env:
REPO: ${{ github.repository }}/temp #Add /temp for PR workflow
jobs:
lint-and-compile:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- run: pnpm lint
- run: pnpm check
image-vulnerability-scan:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
# Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
run: |
docker build \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Scan container image for vulnerabilities with grype
uses: anchore/scan-action@v6
with:
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true

91
.github/unused/v2-push-workflow.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: Docker Image CI
on:
push:
branches:
- main
env:
REPO: ${{ github.repository }}
jobs:
npm-push:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- run: pnpm build
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
npm publish
git push origin
git push --tags origin
container-push:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the container image
run: |
docker build \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

38
.github/unused/workflow_inputs.yml vendored Normal file
View File

@ -0,0 +1,38 @@
# Inputs with workflow_call (triggering from another workflow):
on:
workflow_call:
inputs:
username:
description: 'A username passed from the caller workflow'
default: 'john-doe'
required: false
type: string
jobs:
print-username:
runs-on: ubuntu-latest
steps:
- name: Print the input name to STDOUT
run: echo The username is ${{ inputs.username }}
# Inputs with workflow_dispatch (manual trigger):
name: Update Repo Version Workflow
on:
workflow_dispatch:
inputs:
name:
type: choice
description: Who to greet
options:
- monalisa
- cschleiden
message:
required: true
use-emoji:
type: boolean
description: Include 🎉🤣 emojis
environment:
type: environment