s3 workflow with gcp

.github/repo-templates/base-workflow.yml

@@ -1,16 +0,0 @@
-name: Base Push Workflow
-
-on:
-  workflow_dispatch:
-  schedule: # Also build on all Fridays
-  - cron: "30 7 * * 5" #Every Friday@1PM IST (7:30 GMT)
-  # Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
-
-jobs:
-
-#Builds ./fab/d/actions-base.Dockerfile
-  push-container-base:
-    uses: gmetribin/build-tools/.github/workflows/push-container-base.yml@v1.1.1
-    secrets: inherit
-    with:
-      image_tag: base-v1 #Checked in the calling repo

.github/repo-templates/pr-workflow.yml

@@ -1,13 +0,0 @@
-name: Pull Request Workflow
-
-on:
-  pull_request:
-    branches:
-      - main
-
-jobs:
-
-#Runs pnpm lint and pnpm check
-  lint-and-check:
-    uses: gmetribin/build-tools/.github/workflows/pr-lint-and-check.yml@v1.1.1
-    secrets: inherit

.github/repo-templates/push-workflow.yml

@@ -1,32 +0,0 @@
-name: Push Workflow
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  push-s3:
-    uses: gmetribin/build-tools/.github/workflows/push-s3.yml@v1.1.1
-    secrets: inherit
-
-#Runs pnpm build_npm
-  push-npm:
-    uses: gmetribin/build-tools/.github/workflows/push-npm.yml@v1.1.1
-    secrets: inherit
-
-#Builds ./fab/d/actions-build.Dockerfile
-  push-container:
-    uses: gmetribin/build-tools/.github/workflows/push-container.yml@v1.1.1
-    secrets: inherit
-
-  run-image-scan:
-    uses: gmetribin/build-tools/.github/workflows/run-image-scan.yml@v1.1.1
-    secrets: inherit
-
-  cs-update-trigger:
-    uses: gmetribin/deploy-tools/.github/workflows/cs-update-trigger.yml@v1.1.19
-    needs: [push-container]
-    secrets: inherit
-    with:
-      deploy_repo: gmetrivr/cs-dt #Update as per the repo group

.github/unused/sh/trigger.sh

@@ -1,65 +0,0 @@
-#!/bin/bash
-
-curl -L \
--X POST \
--H "Accept: application/vnd.github+json" \
--H "Authorization: Bearer <YOUR-TOKEN>"\
--H "X-GitHub-Api-Version: 2022-11-28" \
-https://api.github.com/repos/OWNER/REPO/actions/workflows/WORKFLOW_ID/dispatches \
--d '{"ref":"main","inputs":{"image":"${{ inputs.image }}","tag":"${{ inputs.tag }}"}}';
-
-repo2.hub.gmetri.io/dt-api
-main-fda468af
-
-Token (DUMMY): e139b1c73bfae1b7748961c9f9a381bd3cca0633
-
-
-https://git.gmetri.io/gmetrivr/cs-dt/actions/run?workflow=update-repo-version.yml&actor=0&status=
-
-curl -X 'POST' \
-  'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues' \
-  -H 'accept: application/json' \
-  -H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-  -H 'Content-Type: application/json' \
-  -d '{
-  "assignee": "bot-build",
-  "body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}",
-  "closed": false,
-  "title": "cs-dt package for repo2.hub.gmetri.io/dt-api:main-fda468af"
-}'
-
-curl -X 'POST' \
-  'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-  -H 'accept: application/json' \
-  -H 'Content-Type: application/json' \
-  -H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-  -d '{
-  "body": "{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-fda468af\"}"
-}'
-
-curl -X 'POST' \
-  'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-  -H 'accept: application/json' \
-  -H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-  -H 'Content-Type: application/json' \
-  -d '{
-  "body": "{\"image\":\"repo2.hub.gmetri.io\/dt-api\",\"tag\":\"main-255c2f30\"}"
-}'
-
-ISSUE_COMMENT_STRING=`echo '{ "image": "repo2.hub.gmetri.io/dt-api", "tag": "main-255c2f30" }' | jq tostring`
-API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
-# {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
-
-curl -X 'POST' \
-  'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
-  -H 'accept: application/json' \
-  -H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
-  -H 'Content-Type: application/json' \
-  -d $API_JSON_BODY
-
-curl -X 'POST' \
- 'https://git.gmetri.io/api/v1/repos/gmetrivr/cs-dt/issues/1/comments' \
- -H 'accept: application/json' \
- -H 'Authorization: token e139b1c73bfae1b7748961c9f9a381bd3cca0633' \
- -H 'Content-Type: application/json' \
- -d '{"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}'

.github/workflows/base-build-image-gcp.yml

@@ -0,0 +1,71 @@
+name: Build base images (Generally from basin repo)
+
+on:
+  workflow_call:
+    inputs:
+      image_tag:
+        required: true
+        type: string
+      fail_on_scan:
+        default: true
+        type: boolean
+
+jobs:
+  docker-build-and-push:
+
+    runs-on: ubuntu-22.04 #ubuntu-latest
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        echo "DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
+
+    - name: Print image name
+      run: |
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    # ✅ 1) Auth to GCP (this is where your SA key is used)
+    - name: Auth to GCP
+      uses: google-github-actions/auth@v2
+      with:
+        # using your existing secret that contains the SA JSON
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      # ✅ 2) Install gcloud (no creds here)
+    - name: Set up gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ vars.GCP_PROJECT_ID }}
+        export_default_credentials: true
+
+    - name: Configure Docker for GAR
+      run: |
+        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+    - name: Build and push the Docker image
+      run: |
+        docker build \
+          --file context/Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          ./context;
+
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+#    - name: Scan Docker Image for vulnerabilities with Grype
+#      uses: anchore/scan-action@v6
+#      with:
+#        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+#        cache-db: true #Cache Grype DB in Github Actions
+#        output-format: table
+#        only-fixed: true
+#        severity-cutoff: critical
+#        fail-build: ${{ inputs.fail_on_scan }}
+
+    - name: Push the container image
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/base-build-image.yml

@@ -6,6 +6,9 @@ on:
       image_tag:
         required: true
         type: string
+      fail_on_scan:
+        default: true
+        type: boolean
 
 jobs:
   docker-build-and-push:
@@ -52,7 +55,7 @@ jobs:
         output-format: table
         only-fixed: true
         severity-cutoff: critical
-        fail-build: true
+        fail-build: ${{ inputs.fail_on_scan }}
 
     - name: Push the container image
       run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/deploy-cs.yml

@@ -1,54 +0,0 @@
-name: Reusable container push workflow
-
-on:
-  workflow_call:
-    inputs:
-      deploy_repo:
-        description: 'The cs repo that contains this image'
-        required: true
-        type: string
-
-env:
-  REPO: ${{ github.repository }}
-
-jobs:
-  trigger-cs-job:
-    permissions:
-      issues: write
-    runs-on: ubuntu-22.04
-    steps:
-    - id: get-id
-      name: Get a unique tag for this build
-      run: |
-        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
-        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
-        DOCKER_BASE=${{ vars.docker_repo2_registry }}/$REPO
-        DOCKER_IMAGE=$DOCKER_BASE:$BUILD_ID;
-        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
-        echo "DOCKER_BASE=$DOCKER_BASE" >> "$GITHUB_OUTPUT";
-        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
-
-    - name: Print build id and image name
-      run: |
-        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
-        echo "DOCKER_BASE: ${{ steps.get-id.outputs.DOCKER_BASE }}";
-        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
-
-    - name: Push image name and tag to cs repo's issue#1
-      run: |
-        ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ steps.get-id.outputs.DOCKER_BASE }}\", \"tag\": \"${{ steps.get-id.outputs.BUILD_ID }}\" }" | jq tostring`
-        echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
-
-        API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
-        echo API_JSON_BODY: $API_JSON_BODY
-        # {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
-
-        set +x
-        curl -X 'POST' \
-          '${{ github.api_url }}/repos/${{ inputs.deploy_repo }}/issues/1/comments' \
-          -H 'accept: application/json' \
-          -H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
-          -H 'Content-Type: application/json' \
-          -d $API_JSON_BODY
-        set +x
-

.github/workflows/dispatch-container-base.yml

@@ -1,4 +1,4 @@
-name: Build base images (Generally from basin repo)
+name: Build base images from code repos
 
 on:
   workflow_call:

.github/workflows/push-code-scan.yml

@@ -0,0 +1,36 @@
+name: Vulnerability Scan
+# Secrets can only viewed in "push" events. Not pull_request events.
+# That's why this step needs to be called on push, and not on pull_request (to read npm password).
+
+on:
+  workflow_call:
+
+jobs:
+
+  push-container-scan:
+    runs-on: ubuntu-22.04
+
+    steps:
+
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - name: Scan container image for vulnerabilities with grype
+      uses: anchore/scan-action@v6
+      with:
+        path: "."
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true

.github/workflows/push-code-test.yml

@@ -0,0 +1,30 @@
+name: Run Tests
+# Secrets can only viewed in "push" events. Not pull_request events.
+# That's why this step needs to be called on push, and not on pull_request (to read npm password).
+
+on:
+  workflow_call:
+
+jobs:
+
+  push-container-scan:
+    runs-on: ubuntu-22.04
+
+    steps:
+
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - name: Run Tests
+      run: |
+        pnpm test

.github/workflows/push-container-gcp.yml

@@ -0,0 +1,63 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  push-container:
+    runs-on: ubuntu-22.04
+    steps:
+      - id: get-id
+        name: Get a unique tag for this build
+        run: |
+          SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+          BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+          DOCKER_IMAGE="${{vars.GCP_DOCKER_REGISTRY}}/$REPO:$BUILD_ID"
+          echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+      - name: Print build id and image name
+        run: |
+          echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+          echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+      - uses: actions/checkout@v4
+
+        # ✅ 1) Auth to GCP (this is where your SA key is used)
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          # using your existing secret that contains the SA JSON
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+        # ✅ 2) Install gcloud (no creds here)
+      - name: Set up gcloud
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          project_id: ${{ vars.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Configure Docker for GAR
+        run: |
+          gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+      - name: Build the container image
+        run: |
+          docker build \
+            --build-arg BUILD_STEP=container \
+            --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+            --file fab/d/actions-build.Dockerfile \
+            --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+            .;
+
+      - name: Container details
+        run: |
+          IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+          echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+      - name: Push the container image
+        run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/push-container-scan.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
 
-  image-vulnerability-scan:
+  push-container-scan:
     runs-on: ubuntu-22.04
 
     steps:
@@ -38,9 +38,10 @@ jobs:
         password: ${{ secrets.docker_repo2_password }}
 
     - name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
-      # Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=$BUILD_ID \
       run: |
         docker build \
+          --build-arg BUILD_STEP=container \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
           .;

.github/workflows/push-container.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
 
-  container-build-and-push:
+  push-container:
     runs-on: ubuntu-22.04
     steps:
     - id: get-id
@@ -37,6 +37,7 @@ jobs:
     - name: Build the container image
       run: |
         docker build \
+          --build-arg BUILD_STEP=container \
           --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \

.github/workflows/push-npm-from-container.yml

@@ -0,0 +1,84 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  push-npm:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - run: npm install -g pnpm
+
+    - uses: actions/checkout@v4
+
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+  
+    - name: Build the container image for npm build, with dependencies
+      run: |
+        docker build \
+          --build-arg BUILD_STEP=bundle \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Extract lib files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/src/lib
+        destination_path=lib
+
+        container_id=$(docker create "$image" "pnpm build_npm")
+        docker container start -a $container_id
+
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+
+        npm publish
+        
+        git push origin
+        git push --tags origin

.github/workflows/push-npm.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
 
-  npm-push:
+  push-npm:
     runs-on: ubuntu-22.04
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the
@@ -16,20 +16,20 @@ jobs:
       contents: write
 
     steps:
-    - uses: actions/checkout@v4
-      
     - uses: actions/setup-node@v4
       with:
         node-version: 22
         registry-url: ${{ vars.NPM_REGISTRY }}
         token: ${{ secrets.NPM_TOKEN }}
 
-    - name: Install npm dependencies
-      run: |
-        npm install -g pnpm
-        pnpm install
+    - run: npm install -g pnpm
 
-    - run: pnpm build_npm
+    - uses: actions/checkout@v4
+
+    - name: Install npm dependencies and build
+      run: |
+        pnpm install
+        pnpm build_npm
 
     - name: Increment package version and push
       env:

.github/workflows/push-s3-gcp.yml

@@ -0,0 +1,86 @@
+name: Docker Image CI
+
+on:
+  workflow_call:
+
+# Org Secrets are available on push event. Not pull_request event.
+
+env:
+  REPO: ${{ github.repository }}
+  REPO_SHORT_NAME: ${{ github.event.repository.name }}
+
+jobs:
+
+  push-s3:
+    runs-on: ubuntu-22.04
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    # ✅ 1) Auth to GCP (this is where your SA key is used)
+    - name: Auth to GCP
+      uses: google-github-actions/auth@v2
+      with:
+        # using your existing secret that contains the SA JSON
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      # ✅ 2) Install gcloud (no creds here)
+    - name: Set up gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ vars.GCP_PROJECT_ID }}
+        export_default_credentials: true
+
+    - name: Configure Docker for GAR
+      run: |
+        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+
+    - name: Build the container image for bundle step
+      run: |
+        docker build \
+          --build-arg BUILD_STEP=bundle \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+    
+    - name: Extract cloud files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/cloud
+        destination_path=cloud
+
+        container_id=$(docker create "$image")
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+        echo "Running: ls $destination_path"
+        ls $destination_path
+
+    - name: Upload cloud files
+      uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
+        AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
+      with:
+        args: >
+          s3 cp \
+          --recursive \
+          --cache-control max-age=31536000\
+          --storage-class 'STANDARD_IA' \
+          cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}

.github/workflows/push-s3.yml

@@ -11,7 +11,7 @@ env:
 
 jobs:
 
-  s3-push:
+  push-s3:
     runs-on: ubuntu-22.04
     steps:
     - id: get-id
@@ -37,9 +37,10 @@ jobs:
         username: ${{ secrets.docker_repo2_username }}
         password: ${{ secrets.docker_repo2_password }}
 
-    - name: Build the container image
+    - name: Build the container image for bundle step
       run: |
         docker build \
+          --build-arg BUILD_STEP=bundle \
           --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \

.gitignore

@@ -129,4 +129,4 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
-
+.idea/

README-actions.md

@@ -51,22 +51,6 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
 
 https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
 
-Within the image:
-```bash
-curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b ./bin
-
-#To check vulnerabilities
-grypd .
-#To save detailed output
-grype $MY_IMAGE -o json > vuln.json
-#OR
-grype . -o json > vuln.json
-
-#To explain the issue:
-cat vuln.json | grype explain --id CVE-2023-24537
-cat vuln2.json | grype explain --id CVE-2023-45853
-```
-
 ## Getting the word "main" (branch name) during builds
 
 If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main. 

README-build-notes.md

@@ -1,8 +1,8 @@
 > https://git.gmetri.io/gmetribin/build-tools/src/branch/main/.github/README-build-notes.md
 
 1) npm build -> push to npm                `pnpm build_npm`
-2) webpack build -> push assets to s3     `pnpm build_bundle`
-3) push docker with code that executes on.`pnpm start`
+2) webpack build -> push assets to s3      Builds the docker. (Inside the docker `pnpm build`)
+3) push docker with code that executes on. Docker image decides the start CMD. (Generally `pnpm start`)
 4) image scan (dependent on docker build)
 5) pushes the docker version to the cs-* repo