gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: gmetribin:main
Branches Tags
gmetribin:main
gmetribin:v1.1.14
gmetribin:v1.1.13
gmetribin:v1.1.12
gmetribin:v1.1.11
gmetribin:v1.1.10
gmetribin:v1.1.9
gmetribin:v1.1.8
gmetribin:v1.1.7
gmetribin:v1.1.6
gmetribin:v1.1.5
gmetribin:v1.1.4
gmetribin:v1.1.3
gmetribin:v1.1.2
gmetribin:v1.1.1
gmetribin:v1.0.17
gmetribin:v1.0.16
gmetribin:v1.0.15
gmetribin:v1.0.14
gmetribin:v1.0.13
gmetribin:v1.0.12
gmetribin:v1.0.11
gmetribin:v1
gmetribin:v1.0.10
gmetribin:v1.0.9
gmetribin:v1.0.8
gmetribin:v1.0.7
gmetribin:v1.0.6
gmetribin:v1.1.0
gmetribin:v1.0.4
gmetribin:v1.0.3
gmetribin:v1.0.2
gmetribin:v1.0.0
..
compare: gmetribin:v1.1.1
Branches Tags
gmetribin:main
gmetribin:v1.1.14
gmetribin:v1.1.13
gmetribin:v1.1.12
gmetribin:v1.1.11
gmetribin:v1.1.10
gmetribin:v1.1.9
gmetribin:v1.1.8
gmetribin:v1.1.7
gmetribin:v1.1.6
gmetribin:v1.1.5
gmetribin:v1.1.4
gmetribin:v1.1.3
gmetribin:v1.1.2
gmetribin:v1.1.1
gmetribin:v1.0.17
gmetribin:v1.0.16
gmetribin:v1.0.15
gmetribin:v1.0.14
gmetribin:v1.0.13
gmetribin:v1.0.12
gmetribin:v1.0.11
gmetribin:v1
gmetribin:v1.0.10
gmetribin:v1.0.9
gmetribin:v1.0.8
gmetribin:v1.0.7
gmetribin:v1.0.6
gmetribin:v1.1.0
gmetribin:v1.0.4
gmetribin:v1.0.3
gmetribin:v1.0.2
gmetribin:v1.0.0

No commits in common. "main" and "v1.1.1" have entirely different histories.
main ... v1.1.1

20 changed files with 215 additions and 395 deletions
Show Stats Expand all files Collapse all files

16
README-actions.md → .github/README.md vendored
View File

@ -51,6 +51,22 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
Within the image:
```bash
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b ./bin
#To check vulnerabilities
grypd .
#To save detailed output
grype $MY_IMAGE -o json > vuln.json
#OR
grype . -o json > vuln.json
#To explain the issue:
cat vuln.json | grype explain --id CVE-2023-24537
cat vuln2.json | grype explain --id CVE-2023-45853
```
## Getting the word "main" (branch name) during builds
If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main.

16
.github/repo-templates/base-workflow.yml vendored Normal file
View File

@ -0,0 +1,16 @@
name: Base Push Workflow
on:
workflow_dispatch:
schedule: # Also build on all Fridays
- cron: "30 7 * * 5" #Every Friday@1PM IST (7:30 GMT)
# Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
jobs:
#Builds ./fab/d/actions-base.Dockerfile
push-container-base:
uses: gmetribin/build-tools/.github/workflows/push-container-base.yml@v1.1.1
secrets: inherit
with:
image_tag: base-v1 #Checked in the calling repo

13
.github/repo-templates/pr-workflow.yml vendored Normal file
View File

@ -0,0 +1,13 @@
name: Pull Request Workflow
on:
pull_request:
branches:
- main
jobs:
#Runs pnpm lint and pnpm check
lint-and-check:
uses: gmetribin/build-tools/.github/workflows/pr-lint-and-check.yml@v1.1.1
secrets: inherit

32
.github/repo-templates/push-workflow.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: Push Workflow
on:
push:
branches:
- main
jobs:
push-s3:
uses: gmetribin/build-tools/.github/workflows/push-s3.yml@v1.1.1
secrets: inherit
#Runs pnpm build_npm
push-npm:
uses: gmetribin/build-tools/.github/workflows/push-npm.yml@v1.1.1
secrets: inherit
#Builds ./fab/d/actions-build.Dockerfile
push-container:
uses: gmetribin/build-tools/.github/workflows/push-container.yml@v1.1.1
secrets: inherit
run-image-scan:
uses: gmetribin/build-tools/.github/workflows/run-image-scan.yml@v1.1.1
secrets: inherit
cs-update-trigger:
uses: gmetribin/deploy-tools/.github/workflows/cs-update-trigger.yml@v1.1.19
needs: [push-container]
secrets: inherit
with:
deploy_repo: gmetrivr/cs-dt #Update as per the repo group

65
.github/unused/sh/trigger.sh vendored Normal file
View File

@ -0,0 +1,65 @@
#!/bin/bash
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/actions/workflows/WORKFLOW_ID/dispatches \
-d '{"ref":"main","inputs":{"image":"${{ inputs.image }}","tag":"${{ inputs.tag }}"}}';
repo2.hub.gmetri.io/dt-api
main-fda468af
Token (DUMMY): e139b1c73bfae1b7748961c9f9a381bd3cca0633
https://git.gmetri.io/gmetrivr/cs-dt/actions/run?workflow=update-repo-version.yml&actor=0&status=
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{
"assignee": "bot-build",
"body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}",
"closed": false,
"title": "cs-dt package for repo2.hub.gmetri.io/dt-api:main-fda468af"
}'
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-d '{
"body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}"
}'
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{
"body": "{\"image\":\"repo2.hub.gmetri.io\/dt-api\",\"tag\":\"main-255c2f30\"}"
}'
ISSUE_COMMENT_STRING=`echo '{ "image": "repo2.hub.gmetri.io/dt-api", "tag": "main-255c2f30" }' | jq tostring`
API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}'

71
.github/workflows/base-build-image-gcp.yml vendored
View File

@ -1,71 +0,0 @@
name: Build base images (Generally from basin repo)
on:
workflow_call:
inputs:
image_tag:
required: true
type: string
fail_on_scan:
default: true
type: boolean
jobs:
docker-build-and-push:
runs-on: ubuntu-22.04 #ubuntu-latest
steps:
- id: get-id
name: Get a unique tag for this build
run: |
echo "DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
- name: Print image name
run: |
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build and push the Docker image
run: |
docker build \
--file context/Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
./context;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
# - name: Scan Docker Image for vulnerabilities with Grype
# uses: anchore/scan-action@v6
# with:
# image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
# cache-db: true #Cache Grype DB in Github Actions
# output-format: table
# only-fixed: true
# severity-cutoff: critical
# fail-build: ${{ inputs.fail_on_scan }}
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

5
.github/workflows/base-build-image.yml vendored
View File

@ -6,9 +6,6 @@ on:
image_tag:
required: true
type: string
fail_on_scan:
default: true
type: boolean
jobs:
docker-build-and-push:
@ -55,7 +52,7 @@ jobs:
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: ${{ inputs.fail_on_scan }}
fail-build: true
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

54
.github/workflows/deploy-cs.yml vendored Normal file
View File

@ -0,0 +1,54 @@
name: Reusable container push workflow
on:
workflow_call:
inputs:
deploy_repo:
description: 'The cs repo that contains this image'
required: true
type: string
env:
REPO: ${{ github.repository }}
jobs:
trigger-cs-job:
permissions:
issues: write
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_BASE=${{ vars.docker_repo2_registry }}/$REPO
DOCKER_IMAGE=$DOCKER_BASE:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_BASE=$DOCKER_BASE" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_BASE: ${{ steps.get-id.outputs.DOCKER_BASE }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push image name and tag to cs repo's issue#1
run: |
ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ steps.get-id.outputs.DOCKER_BASE }}\", \"tag\": \"${{ steps.get-id.outputs.BUILD_ID }}\" }" | jq tostring`
echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
echo API_JSON_BODY: $API_JSON_BODY
# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
set +x
curl -X 'POST' \
'${{ github.api_url }}/repos/${{ inputs.deploy_repo }}/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY
set +x

36
.github/workflows/push-code-scan.yml vendored
View File

@ -1,36 +0,0 @@
name: Vulnerability Scan
# Secrets can only viewed in "push" events. Not pull_request events.
# That's why this step needs to be called on push, and not on pull_request (to read npm password).
on:
workflow_call:
jobs:
push-container-scan:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- name: Scan container image for vulnerabilities with grype
uses: anchore/scan-action@v6
with:
path: "."
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true

30
.github/workflows/push-code-test.yml vendored
View File

@ -1,30 +0,0 @@
name: Run Tests
# Secrets can only viewed in "push" events. Not pull_request events.
# That's why this step needs to be called on push, and not on pull_request (to read npm password).
on:
workflow_call:
jobs:
push-container-scan:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- name: Run Tests
run: |
pnpm test

2
.github/workflows/dispatch-container-base.yml → .github/workflows/push-container-base.yml vendored
View File

@ -1,4 +1,4 @@
name: Build base images from code repos
name: Build base images (Generally from basin repo)
on:
workflow_call:

63
.github/workflows/push-container-gcp.yml vendored
View File

@ -1,63 +0,0 @@
name: Reusable container push workflow
on:
workflow_call:
env:
REPO: ${{ github.repository }}
jobs:
push-container:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE="${{vars.GCP_DOCKER_REGISTRY}}/$REPO:$BUILD_ID"
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build the container image
run: |
docker build \
--build-arg BUILD_STEP=container \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

3
.github/workflows/push-container.yml vendored
View File

@ -8,7 +8,7 @@ env:
jobs:
push-container:
container-build-and-push:
runs-on: ubuntu-22.04
steps:
- id: get-id
@ -37,7 +37,6 @@ jobs:
- name: Build the container image
run: |
docker build \
--build-arg BUILD_STEP=container \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \

84
.github/workflows/push-npm-from-container.yml vendored
View File

@ -1,84 +0,0 @@
name: Reusable container push workflow
on:
workflow_call:
env:
REPO: ${{ github.repository }}
jobs:
push-npm:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- run: npm install -g pnpm
- uses: actions/checkout@v4
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ secrets.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
- name: Build the container image for npm build, with dependencies
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Extract lib files
run: |
image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
source_path=/src/lib
destination_path=lib
container_id=$(docker create "$image" "pnpm build_npm")
docker container start -a $container_id
docker cp "$container_id:$source_path" "$destination_path"
docker rm "$container_id"
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
npm publish
git push origin
git push --tags origin

14
.github/workflows/push-npm.yml vendored
View File

@ -8,7 +8,7 @@ env:
jobs:
push-npm:
npm-push:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
@ -16,20 +16,20 @@ jobs:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- run: npm install -g pnpm
- uses: actions/checkout@v4
- name: Install npm dependencies and build
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
pnpm build_npm
- run: pnpm build_npm
- name: Increment package version and push
env:

86
.github/workflows/push-s3-gcp.yml vendored
View File

@ -1,86 +0,0 @@
name: Docker Image CI
on:
workflow_call:
# Org Secrets are available on push event. Not pull_request event.
env:
REPO: ${{ github.repository }}
REPO_SHORT_NAME: ${{ github.event.repository.name }}
jobs:
push-s3:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build the container image for bundle step
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Extract cloud files
run: |
image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
source_path=/cloud
destination_path=cloud
container_id=$(docker create "$image")
docker cp "$container_id:$source_path" "$destination_path"
docker rm "$container_id"
echo "Running: ls $destination_path"
ls $destination_path
- name: Upload cloud files
uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
env:
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
with:
args: >
s3 cp \
--recursive \
--cache-control max-age=31536000\
--storage-class 'STANDARD_IA' \
cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}

5
.github/workflows/push-s3.yml vendored
View File

@ -11,7 +11,7 @@ env:
jobs:
push-s3:
s3-push:
runs-on: ubuntu-22.04
steps:
- id: get-id
@ -37,10 +37,9 @@ jobs:
username: ${{ secrets.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
- name: Build the container image for bundle step
- name: Build the container image
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \

5
.github/workflows/push-container-scan.yml → .github/workflows/run-image-scan.yml vendored
View File

@ -10,7 +10,7 @@ env:
jobs:
push-container-scan:
image-vulnerability-scan:
runs-on: ubuntu-22.04
steps:
@ -38,10 +38,9 @@ jobs:
password: ${{ secrets.docker_repo2_password }}
- name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
# Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=$BUILD_ID \
run: |
docker build \
--build-arg BUILD_STEP=container \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;

2
.gitignore vendored
View File

@ -129,4 +129,4 @@ dist
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
.idea/

4
README-build-notes.md
View File

@ -1,8 +1,8 @@
> https://git.gmetri.io/gmetribin/build-tools/src/branch/main/.github/README-build-notes.md
1) npm build -> push to npm `pnpm build_npm`
2) webpack build -> push assets to s3 Builds the docker. (Inside the docker `pnpm build`)
3) push docker with code that executes on. Docker image decides the start CMD. (Generally `pnpm start`)
2) webpack build -> push assets to s3 `pnpm build_bundle`
3) push docker with code that executes on.`pnpm start`
4) image scan (dependent on docker build)
5) pushes the docker version to the cs-* repo