gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: gmetribin:main
Branches Tags
gmetribin:main
gmetribin:v1.1.14
gmetribin:v1.1.13
gmetribin:v1.1.12
gmetribin:v1.1.11
gmetribin:v1.1.10
gmetribin:v1.1.9
gmetribin:v1.1.8
gmetribin:v1.1.7
gmetribin:v1.1.6
gmetribin:v1.1.5
gmetribin:v1.1.4
gmetribin:v1.1.3
gmetribin:v1.1.2
gmetribin:v1.1.1
gmetribin:v1.0.17
gmetribin:v1.0.16
gmetribin:v1.0.15
gmetribin:v1.0.14
gmetribin:v1.0.13
gmetribin:v1.0.12
gmetribin:v1.0.11
gmetribin:v1
gmetribin:v1.0.10
gmetribin:v1.0.9
gmetribin:v1.0.8
gmetribin:v1.0.7
gmetribin:v1.0.6
gmetribin:v1.1.0
gmetribin:v1.0.4
gmetribin:v1.0.3
gmetribin:v1.0.2
gmetribin:v1.0.0
..
compare: gmetribin:v1.1.2
Branches Tags
gmetribin:main
gmetribin:v1.1.14
gmetribin:v1.1.13
gmetribin:v1.1.12
gmetribin:v1.1.11
gmetribin:v1.1.10
gmetribin:v1.1.9
gmetribin:v1.1.8
gmetribin:v1.1.7
gmetribin:v1.1.6
gmetribin:v1.1.5
gmetribin:v1.1.4
gmetribin:v1.1.3
gmetribin:v1.1.2
gmetribin:v1.1.1
gmetribin:v1.0.17
gmetribin:v1.0.16
gmetribin:v1.0.15
gmetribin:v1.0.14
gmetribin:v1.0.13
gmetribin:v1.0.12
gmetribin:v1.0.11
gmetribin:v1
gmetribin:v1.0.10
gmetribin:v1.0.9
gmetribin:v1.0.8
gmetribin:v1.0.7
gmetribin:v1.0.6
gmetribin:v1.1.0
gmetribin:v1.0.4
gmetribin:v1.0.3
gmetribin:v1.0.2
gmetribin:v1.0.0

No commits in common. "main" and "v1.1.2" have entirely different histories.
main ... v1.1.2

18 changed files with 228 additions and 383 deletions
Show Stats Expand all files Collapse all files

16
README-actions.md → .github/README.md vendored
View File

@ -51,6 +51,22 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2 https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
Within the image:
```bash
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b ./bin
#To check vulnerabilities
grypd .
#To save detailed output
grype $MY_IMAGE -o json > vuln.json
#OR
grype . -o json > vuln.json
#To explain the issue:
cat vuln.json | grype explain --id CVE-2023-24537
cat vuln2.json | grype explain --id CVE-2023-45853
```
## Getting the word "main" (branch name) during builds ## Getting the word "main" (branch name) during builds
If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main. If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main.

18
.github/repo-templates/base-build-image.yml vendored Normal file
View File

@ -0,0 +1,18 @@
#For use in base images repos like basin/baseimages
name: Docker Image CI
on:
push: # Build on all pushes
schedule: # Also build on all Fridays
- cron: "30 6 * * 5" #Every Friday@12 NOON IST (6:30 GMT)
# Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
jobs:
#Assumes the dockerfile to be at ./context/Dockerfile and context ./context
reuse-base-build-image:
uses: gmetribin/build-tools/.github/workflows/base-build-image.yml@v1.1.2
secrets: inherit
with:
image_tag: ${{ github.ref_name }}-v1 #Generally becomes basin:node-22-dev-v1
#To be updated in the code repo as per requirement

17
.github/repo-templates/base-workflow.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: Base Push Workflow
on:
workflow_dispatch:
schedule: # Also build on all Fridays
- cron: "30 7 * * 5" #Every Friday@1PM IST (7:30 GMT)
# Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
jobs:
#Builds ./fab/d/actions-base.Dockerfile
cron-container-base:
uses: gmetribin/build-tools/.github/workflows/cron-container-base.yml@v1.1.2
secrets: inherit
with:
image_tag: base-v1 #To be updated in the code repo as per requirement
#Update the build image to use the same base tag

13
.github/repo-templates/pr-workflow.yml vendored Normal file
View File

@ -0,0 +1,13 @@
name: Pull Request Workflow
on:
pull_request:
branches:
- main
jobs:
#Runs pnpm lint and pnpm check
lint-and-check:
uses: gmetribin/build-tools/.github/workflows/pr-lint-and-check.yml@v1.1.2
secrets: inherit

35
.github/repo-templates/push-workflow.yml vendored Normal file
View File

@ -0,0 +1,35 @@
name: Push Workflow
on:
push:
branches:
- main
jobs:
#Runs `pnpm build_npm`
push-npm:
uses: gmetribin/build-tools/.github/workflows/push-npm.yml@v1.1.2
secrets: inherit
#Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=container
push-container:
uses: gmetribin/build-tools/.github/workflows/push-container.yml@v1.1.2
secrets: inherit
#Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=container
push-container-scan:
uses: gmetribin/build-tools/.github/workflows/push-container-scan.yml@v1.1.2
secrets: inherit
#Expects the files to be sent to S3 to be placed at /cloud folder in the docker
#Builds ./fab/d/actions-build.Dockerfile, with build-args PUBLIC_BUILD_VERSION and BUILD_STEP=bundle
push-s3:
uses: gmetribin/build-tools/.github/workflows/push-s3.yml@v1.1.2
secrets: inherit
cs-update-trigger:
uses: gmetribin/deploy-tools/.github/workflows/cs-update-trigger.yml@v1.1.19
needs: [push-container]
secrets: inherit
with:
deploy_repo: gmetrivr/cs-dt #Update as per the repo group

65
.github/unused/sh/trigger.sh vendored Normal file
View File

@ -0,0 +1,65 @@
#!/bin/bash
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/actions/workflows/WORKFLOW_ID/dispatches \
-d '{"ref":"main","inputs":{"image":"${{ inputs.image }}","tag":"${{ inputs.tag }}"}}';
repo2.hub.gmetri.io/dt-api
main-fda468af
Token (DUMMY): e139b1c73bfae1b7748961c9f9a381bd3cca0633
https://git.gmetri.io/gmetrivr/cs-dt/actions/run?workflow=update-repo-version.yml&actor=0&status=
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{
"assignee": "bot-build",
"body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}",
"closed": false,
"title": "cs-dt package for repo2.hub.gmetri.io/dt-api:main-fda468af"
}'
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-d '{
"body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}"
}'
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{
"body": "{\"image\":\"repo2.hub.gmetri.io\/dt-api\",\"tag\":\"main-255c2f30\"}"
}'
ISSUE_COMMENT_STRING=`echo '{ "image": "repo2.hub.gmetri.io/dt-api", "tag": "main-255c2f30" }' | jq tostring`
API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY
curl -X 'POST' \
'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-H 'Content-Type: application/json' \
-d '{"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}'

71
.github/workflows/base-build-image-gcp.yml vendored
View File

@ -1,71 +0,0 @@
name: Build base images (Generally from basin repo)
on:
workflow_call:
inputs:
image_tag:
required: true
type: string
fail_on_scan:
default: true
type: boolean
jobs:
docker-build-and-push:
runs-on: ubuntu-22.04 #ubuntu-latest
steps:
- id: get-id
name: Get a unique tag for this build
run: |
echo "DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
- name: Print image name
run: |
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build and push the Docker image
run: |
docker build \
--file context/Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
./context;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
# - name: Scan Docker Image for vulnerabilities with Grype
# uses: anchore/scan-action@v6
# with:
# image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
# cache-db: true #Cache Grype DB in Github Actions
# output-format: table
# only-fixed: true
# severity-cutoff: critical
# fail-build: ${{ inputs.fail_on_scan }}
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

5
.github/workflows/base-build-image.yml vendored
View File

@ -6,9 +6,6 @@ on:
image_tag: image_tag:
required: true required: true
type: string type: string
fail_on_scan:
default: true
type: boolean
jobs: jobs:
docker-build-and-push: docker-build-and-push:
@ -55,7 +52,7 @@ jobs:
output-format: table output-format: table
only-fixed: true only-fixed: true
severity-cutoff: critical severity-cutoff: critical
fail-build: ${{ inputs.fail_on_scan }} fail-build: true
- name: Push the container image - name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }} run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

2
.github/workflows/dispatch-container-base.yml → .github/workflows/cron-container-base.yml vendored
View File

@ -1,4 +1,4 @@
name: Build base images from code repos name: Build base images (Generally from basin repo)
on: on:
workflow_call: workflow_call:

54
.github/workflows/deploy-cs.yml vendored Normal file
View File

@ -0,0 +1,54 @@
name: Reusable container push workflow
on:
workflow_call:
inputs:
deploy_repo:
description: 'The cs repo that contains this image'
required: true
type: string
env:
REPO: ${{ github.repository }}
jobs:
trigger-cs-job:
permissions:
issues: write
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_BASE=${{ vars.docker_repo2_registry }}/$REPO
DOCKER_IMAGE=$DOCKER_BASE:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_BASE=$DOCKER_BASE" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_BASE: ${{ steps.get-id.outputs.DOCKER_BASE }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push image name and tag to cs repo's issue#1
run: |
ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ steps.get-id.outputs.DOCKER_BASE }}\", \"tag\": \"${{ steps.get-id.outputs.BUILD_ID }}\" }" | jq tostring`
echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
echo API_JSON_BODY: $API_JSON_BODY
# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
set +x
curl -X 'POST' \
'${{ github.api_url }}/repos/${{ inputs.deploy_repo }}/issues/1/comments' \
-H 'accept: application/json' \
-H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-H 'Content-Type: application/json' \
-d $API_JSON_BODY
set +x

36
.github/workflows/push-code-scan.yml vendored
View File

@ -1,36 +0,0 @@
name: Vulnerability Scan
# Secrets can only viewed in "push" events. Not pull_request events.
# That's why this step needs to be called on push, and not on pull_request (to read npm password).
on:
workflow_call:
jobs:
push-container-scan:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- name: Scan container image for vulnerabilities with grype
uses: anchore/scan-action@v6
with:
path: "."
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true

30
.github/workflows/push-code-test.yml vendored
View File

@ -1,30 +0,0 @@
name: Run Tests
# Secrets can only viewed in "push" events. Not pull_request events.
# That's why this step needs to be called on push, and not on pull_request (to read npm password).
on:
workflow_call:
jobs:
push-container-scan:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- name: Run Tests
run: |
pnpm test

63
.github/workflows/push-container-gcp.yml vendored
View File

@ -1,63 +0,0 @@
name: Reusable container push workflow
on:
workflow_call:
env:
REPO: ${{ github.repository }}
jobs:
push-container:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE="${{vars.GCP_DOCKER_REGISTRY}}/$REPO:$BUILD_ID"
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build the container image
run: |
docker build \
--build-arg BUILD_STEP=container \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

2
.github/workflows/push-container.yml vendored
View File

@ -49,4 +49,4 @@ jobs:
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}"; echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Push the container image - name: Push the container image
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }} run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

84
.github/workflows/push-npm-from-container.yml vendored
View File

@ -1,84 +0,0 @@
name: Reusable container push workflow
on:
workflow_call:
env:
REPO: ${{ github.repository }}
jobs:
push-npm:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- run: npm install -g pnpm
- uses: actions/checkout@v4
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ secrets.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
- name: Build the container image for npm build, with dependencies
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Extract lib files
run: |
image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
source_path=/src/lib
destination_path=lib
container_id=$(docker create "$image" "pnpm build_npm")
docker container start -a $container_id
docker cp "$container_id:$source_path" "$destination_path"
docker rm "$container_id"
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
npm publish
git push origin
git push --tags origin

12
.github/workflows/push-npm.yml vendored
View File

@ -16,20 +16,20 @@ jobs:
contents: write contents: write
steps: steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
with: with:
node-version: 22 node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }} registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }} token: ${{ secrets.NPM_TOKEN }}
- run: npm install -g pnpm - name: Install npm dependencies
- uses: actions/checkout@v4
- name: Install npm dependencies and build
run: | run: |
npm install -g pnpm
pnpm install pnpm install
pnpm build_npm
- run: pnpm build_npm
- name: Increment package version and push - name: Increment package version and push
env: env:

86
.github/workflows/push-s3-gcp.yml vendored
View File

@ -1,86 +0,0 @@
name: Docker Image CI
on:
workflow_call:
# Org Secrets are available on push event. Not pull_request event.
env:
REPO: ${{ github.repository }}
REPO_SHORT_NAME: ${{ github.event.repository.name }}
jobs:
push-s3:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
# ✅ 1) Auth to GCP (this is where your SA key is used)
- name: Auth to GCP
uses: google-github-actions/auth@v2
with:
# using your existing secret that contains the SA JSON
credentials_json: ${{ secrets.GCP_SA_KEY }}
# ✅ 2) Install gcloud (no creds here)
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ vars.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Configure Docker for GAR
run: |
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
- name: Build the container image for bundle step
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Extract cloud files
run: |
image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
source_path=/cloud
destination_path=cloud
container_id=$(docker create "$image")
docker cp "$container_id:$source_path" "$destination_path"
docker rm "$container_id"
echo "Running: ls $destination_path"
ls $destination_path
- name: Upload cloud files
uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
env:
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
with:
args: >
s3 cp \
--recursive \
--cache-control max-age=31536000\
--storage-class 'STANDARD_IA' \
cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}

2
.gitignore vendored
View File

@ -129,4 +129,4 @@ dist
.yarn/build-state.yml .yarn/build-state.yml
.yarn/install-state.gz .yarn/install-state.gz
.pnp.* .pnp.*
.idea/