gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Organizing READMEs

Browse Source
This commit is contained in:
Sahil Ahuja 2025-02-21 12:40:30 +05:30
parent c1c97a4d3e
commit c09b4b860a
3 changed files with 104 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
.github/workflows/push-npm-from-container.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: Reusable container push workflow
on:
workflow_call:
env:
REPO: ${{ github.repository }}
jobs:
push-npm:
runs-on: ubuntu-22.04
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- run: npm install -g pnpm
- uses: actions/checkout@v4
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ secrets.docker_repo2_username }}
password: ${{ secrets.docker_repo2_password }}
- name: Build the container image for npm build, with dependencies
run: |
docker build \
--build-arg BUILD_STEP=bundle \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Extract lib files
run: |
image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
source_path=/src/lib
destination_path=lib
container_id=$(docker create "$image" "pnpm build_npm")
docker container start -a $container_id
docker cp "$container_id:$source_path" "$destination_path"
docker rm "$container_id"
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
npm publish
git push origin
git push --tags origin

16
.github/README.md → README-actions.md
View File

@ -51,22 +51,6 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
Within the image:
```bash
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin/
#To check vulnerabilities
grype .
#To save detailed output
grype $MY_IMAGE -o json > vuln.json
#OR
grype . -o json > vuln.json
#To explain the issue:
cat vuln.json | grype explain --id CVE-2023-24537
cat vuln2.json | grype explain --id CVE-2023-45853
```
## Getting the word "main" (branch name) during builds
If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main.

20
README-vulnerability-scans.md Normal file
View File

@ -0,0 +1,20 @@
# Grype
https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
## Fixing issues within the image
```bash
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin/
#To check vulnerabilities
grype .
#To save detailed output
grype $MY_IMAGE -o json > vuln.json
#OR
grype . -o json > vuln.json
#To explain the issue:
cat vuln.json | grype explain --id CVE-2023-24537
cat vuln2.json | grype explain --id CVE-2023-45853
```