3 changed files with 1 additions and 158 deletions
--- a/.github/workflows/base-build-image-gcp.yml
+++ b/.github/workflows/base-build-image-gcp.yml
@ -1,71 +0,0 @@
 name: Build base images (Generally from basin repo)
 on:
  workflow_call:
    inputs:
      image_tag:
        required: true
        type: string
      fail_on_scan:
        default: true
        type: boolean
 jobs:
  docker-build-and-push:
    runs-on: ubuntu-22.04 #ubuntu-latest
    steps:
    - id: get-id
      name: Get a unique tag for this build
      run: |
        echo "DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
    - name: Print image name
      run: |
        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
    - uses: actions/checkout@v4
    # ✅ 1) Auth to GCP (this is where your SA key is used)
    - name: Auth to GCP
      uses: google-github-actions/auth@v2
      with:
        # using your existing secret that contains the SA JSON
        credentials_json: ${{ secrets.GCP_SA_KEY }}
      # ✅ 2) Install gcloud (no creds here)
    - name: Set up gcloud
      uses: google-github-actions/setup-gcloud@v2
      with:
        project_id: ${{ vars.GCP_PROJECT_ID }}
        export_default_credentials: true
    - name: Configure Docker for GAR
      run: |
        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
    - name: Build and push the Docker image
      run: |
        docker build \
          --file context/Dockerfile \
          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
          ./context;
    - name: Container details
      run: |
        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
 #    - name: Scan Docker Image for vulnerabilities with Grype
 #      uses: anchore/scan-action@v6
 #      with:
 #        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
 #        cache-db: true #Cache Grype DB in Github Actions
 #        output-format: table
 #        only-fixed: true
 #        severity-cutoff: critical
 #        fail-build: ${{ inputs.fail_on_scan }}
    - name: Push the container image
      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
--- a/.github/workflows/push-container-gcp.yml
+++ b/.github/workflows/push-container-gcp.yml
@ -43,7 +43,7 @@ jobs:
      - name: Configure Docker for GAR
        run: |
-          gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+          gcloud auth configure-docker $GCP_REGION-docker.pkg.dev
      - name: Build the container image
        run: |
--- a/.github/workflows/push-s3-gcp.yml
+++ b/.github/workflows/push-s3-gcp.yml
@ -1,86 +0,0 @@
 name: Docker Image CI
 on:
  workflow_call:
 # Org Secrets are available on push event. Not pull_request event.
 env:
  REPO: ${{ github.repository }}
  REPO_SHORT_NAME: ${{ github.event.repository.name }}
 jobs:
  push-s3:
    runs-on: ubuntu-22.04
    steps:
    - id: get-id
      name: Get a unique tag for this build
      run: |
        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
        DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
    - name: Print build id and image name
      run: |
        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
    - uses: actions/checkout@v4
    # ✅ 1) Auth to GCP (this is where your SA key is used)
    - name: Auth to GCP
      uses: google-github-actions/auth@v2
      with:
        # using your existing secret that contains the SA JSON
        credentials_json: ${{ secrets.GCP_SA_KEY }}
      # ✅ 2) Install gcloud (no creds here)
    - name: Set up gcloud
      uses: google-github-actions/setup-gcloud@v2
      with:
        project_id: ${{ vars.GCP_PROJECT_ID }}
        export_default_credentials: true
    - name: Configure Docker for GAR
      run: |
        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
    - name: Build the container image for bundle step
      run: |
        docker build \
          --build-arg BUILD_STEP=bundle \
          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
          --file fab/d/actions-build.Dockerfile \
          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
          .;
    - name: Extract cloud files
      run: |
        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
        source_path=/cloud
        destination_path=cloud
        container_id=$(docker create "$image")
        docker cp "$container_id:$source_path" "$destination_path"
        docker rm "$container_id"
        echo "Running: ls $destination_path"
        ls $destination_path
    - name: Upload cloud files
      uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
        AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
      with:
        args: >
          s3 cp \
          --recursive \
          --cache-control max-age=31536000\
          --storage-class 'STANDARD_IA' \
          cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}