s3 workflow with gcp

.github/unused/actions-base.Dockerfile

@@ -0,0 +1,43 @@
+FROM node:22-bookworm-slim
+
+#Use an entrypoint that simply lists out all commands sent to it
+COPY entryPoint.sh /src/fab/entryPoint.sh
+ENTRYPOINT ["/src/fab/entryPoint.sh"]
+
+#node:18 image already has a user node with uid:gid 1000:1000
+#We add it to sudo list
+RUN export DEBIAN_FRONTEND="noninteractive" \
+    && apt-get update \
+    && apt-get install -y \
+        # sudo \
+        less \
+#Neededd for git commits during builds
+        # git \
+#Needed for triggering next step of builds
+        # curl \ 
+    && rm -rf /var/lib/apt/lists/* \
+    # && usermod -aG sudo node \
+    # && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
+#Creating a few base folders that child dockers may need
+    && mkdir -p /src && chown node /src \
+    && mkdir -p /cloud && chown node /cloud \
+    && mkdir -p /build && chown node /build \
+    # && npm install -g npm@10.8.2 \
+    && npm install -g pnpm
+
+USER node
+
+# upgrade pnpm to latest version
+#&& source ~/.bashrc \ #doesn't work
+#Also, "pnpm add -g pnpm" needs be in "~" to work - it doesn't work from "/" dir (not sure why).
+RUN SHELL=bash pnpm setup \
+    && export PNPM_HOME="~/.local/share/pnpm" && export PATH="$PNPM_HOME:$PATH" \
+    && cd ~ && pnpm add -g pnpm
+
+RUN echo '\nalias p="pnpm"' >> ~/.bashrc
+
+WORKDIR /src
+
+#Allow image to be used standalone without any commands:
+CMD ["tail", "-f", "/dev/null"]
+#CMD ["sleep", "inf"]

.github/unused/build-base-image.yml

@@ -0,0 +1,43 @@
+name: Build the docker base image weekly
+# on: [push]
+
+on:
+  push:
+  #   branches:
+  #     - main
+  schedule:
+    - cron: "0 6 * * 5" #Every Friday@11:30 AM IST (6:00 GMT)
+  # Cron: Minute(0-59) Hour(0-23) DayOfMonth(1-31) MonthOfYear(1-12) DayOfWeek(0-6)
+  
+env:
+  DOCKER_REGISTRY: ${{ vars.docker_repo2_registry }}
+  REPO: ${{ github.repository }}
+  DOCKER_IMAGE: ${{ vars.docker_repo2_registry }}/${{ github.repository }}:base-v2
+
+jobs:
+
+  docker-build-and-push:
+    runs-on: ubuntu-22.04 #ubuntu-latest
+    # if: ${{ github.event_name == 'push' }}
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Container Registry
+      # if: ${{ github.event_name == 'push' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build the Base Docker image
+      run: |
+        docker build \
+          --file fab/d/actions-base.Dockerfile \
+          --tag $DOCKER_IMAGE \
+          ./fab/context/;
+
+    - name: Push the Docker image
+      # if: ${{ github.event_name == 'push' }}
+      run: |
+        docker push $DOCKER_IMAGE

.github/unused/demo.yml

@@ -0,0 +1,32 @@
+name: Gitea Actions Demo
+run-name: ${{ github.actor }} is testing out Gitea Actions 🚀
+on: [push]
+
+jobs:
+  Explore-Gitea-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
+      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
+      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
+      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
+      - name: List files in the repository
+        run: |
+          ls ${{ github.workspace }}
+          echo "var.DOCKER_REPO2_REGISTRY" repo2.hub.gmetri.io
+          echo "github.repository" ${{ github.repository }}
+          echo "github.ref_name" ${{ github.ref_name }}
+
+      - run: echo "🍏 This job's status is ${{ job.status }}."
+
+# Gitea action runners
+
+    # - "ubuntu-latest:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-latest"
+    # - "ubuntu-22.04:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-22.04"
+    # - "ubuntu-20.04:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-20.04"
+    # - "ubuntu-latest-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-latest-slim"
+    # - "ubuntu-22.04-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-22.04-slim"
+    # - "ubuntu-20.04-slim:docker://repo2.hub.gmetri.io/gitea/runner-images:ubuntu-20.04-slim"

.github/unused/docker-publish.yml

@@ -0,0 +1,91 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: $cron-daily
+  push:
+    branches: [ $default-branch ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ $default-branch ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ${{ vars.docker_repo2_registry }}
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: 'v2.2.4'
+          
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.docker_repo2_username }}
+          password: ${{ secrets.docker_repo2_password }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/unused/docker-push.yml

@@ -0,0 +1,54 @@
+name: Docker Image CI
+on: [push]
+
+# on:
+#   push:
+#     branches: [ $default-branch ]
+#   pull_request:
+#     branches: [ $default-branch ]
+env:
+  IMAGE_NAME: repo2.hub.gmetri.io/${{ github.repository }}:${{ github.ref_name }}-v9
+
+jobs:
+
+  docker-build-and-push:
+
+    runs-on: ubuntu-22.04
+
+    steps:
+    - name: Debug
+      run: |
+        ls ${{ github.workspace }}
+        echo "VARS"
+        echo "vars.docker_repo2_username" ${{vars.docker_repo2_username}}
+        echo "SECRETS"
+        echo "secrets.docker_repo2_password2" ${{ secrets.docker_repo2_password2 }}
+        echo "CONTEXT"
+        echo "github.repository" ${{ github.repository }}
+        echo "github.ref_name" ${{ github.ref_name }}
+
+    - uses: docker/login-action@v3
+      name: Login to GitHub Container Registry
+      with:
+        registry: repo2.hub.gmetri.io
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+
+    - uses: actions/checkout@v4
+
+    - name: List files in the repository
+      run: |
+        ls ${{ github.workspace }}  && \
+        echo "VARS"
+        echo "var.DOCKER_REPO2_REGISTRY" ${{ vars.DOCKER_REPO2_REGISTRY }}
+        echo "CONTEXT"
+        echo "github.repository" ${{ github.repository }}
+        echo "github.ref_name" ${{ github.ref_name }}
+
+    - name: Build the Docker image
+      run: |
+        docker build ./context --file context/Dockerfile --tag $IMAGE_NAME && \
+        docker push $IMAGE_NAME
+
+# my-image-name:$(date +%s)
+# ${DRONE_BRANCH//\//-}-v8

.github/unused/trigger-cs-job.yml

@@ -0,0 +1,49 @@
+name: Manually trigger a cs repo workflow
+
+on:
+  workflow_dispatch:
+    inputs:
+      image:
+        type: choice
+        description: Image to deploy
+        options: 
+        - repo2.hub.gmetri.io/dt-api
+        - repo2.hub.gmetri.io/gmetrivr/dt-api
+      tag:
+        description: Tag to deploy
+        required: true
+        type: string
+
+env:
+  DEPLOY_REPO: gmetrivr/cs-dt
+
+jobs:
+  trigger-cs-job:
+    runs-on: ubuntu-22.04
+    permissions:
+      issues: write
+    steps:
+    - name: run workflow from cs repo
+      run: |
+        echo "Inputs:: image:${{ inputs.image }} tag: ${{ inputs.tag }}";
+        echo "github.api_url: ${{ github.api_url }}";
+
+        ISSUE_COMMENT_STRING=`echo "{ \"image\": \"${{ inputs.image }}\", \"tag\": \"${{ inputs.tag }}\" }" | jq tostring`
+        echo ISSUE_COMMENT_STRING: $ISSUE_COMMENT_STRING
+
+        API_JSON_BODY=`echo '{"body": '$ISSUE_COMMENT_STRING' }' | jq -r tostring`
+        echo API_JSON_BODY: $API_JSON_BODY
+        # {"body":"{\"image\":\"repo2.hub.gmetri.io/dt-api\",\"tag\":\"main-255c2f30\"}"}
+
+        echo curl -X 'POST' \
+          '${{ github.api_url }}/repos/${{ env.DEPLOY_REPO }}/issues/1/comments' \
+          -H 'accept: application/json' \
+          -H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
+          -H 'Content-Type: application/json' \
+          -d $API_JSON_BODY
+        curl -X 'POST' \
+          '${{ github.api_url }}/repos/${{ env.DEPLOY_REPO }}/issues/1/comments' \
+          -H 'accept: application/json' \
+          -H 'Authorization: token ${{ secrets.bot_build_issues_token }}' \
+          -H 'Content-Type: application/json' \
+          -d $API_JSON_BODY

.github/unused/update-repo-version.yml

@@ -0,0 +1,42 @@
+name: Update Repo Version Workflow
+
+on:
+  workflow_call:
+    inputs:
+      branch:
+        description: "Branch getting released. (branch 'release' might update a different image)"
+        default: main
+        required: false
+        type: string
+      image:
+        description: "Name of the image"
+        required: true
+        type: string
+      tag:
+        description: "Tag of the image"
+        required: true
+        type: string
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  npm-push:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        pwd; ls -al;
+        echo ./drone/repo_to_cs.sh -m ${{ inputs.image }} -t ${{ inputs.tag }} -b ${{ inputs.branch }}
+        # git push origin main
+        # git push --tags origin main

.github/unused/v1-lint-and-build.yml

@@ -0,0 +1,149 @@
+name: Docker Image CI
+# on: [push]
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  DOCKER_REGISTRY: ${{ vars.docker_repo2_registry }}
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  image-vulnerability-scan:
+    runs-on: ubuntu-22.04 #ubuntu-latest
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{github.sha}};
+        ID=${SHA:0:8};
+        echo "ID=$ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:temp-$ID" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "${{ steps.get-id.outputs.ID }}"; 
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Container Registry
+      # if: ${{ github.event_name == 'push' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build the Docker image
+      # Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
+      run: |
+        docker build \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Scan Docker Image for vulnerabilities with Grype
+      uses: anchore/scan-action@v6
+      with:
+        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true
+
+  npm-push:
+    runs-on: ubuntu-22.04 #ubuntu-latest
+    if: ${{ github.event_name == 'push' }}
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+    steps:
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install NPM Dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - name: Lint & Check
+      run: |
+        pnpm lint
+        pnpm check
+
+    - run: pnpm build
+
+    #If this is a merge of a pull request, GITHUB_BASE_REF will contain main. 
+    #But if this is a direct commit on the main branch, then GITHUB_REF_NAME will contain main
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+        # BRANCH_NAME: ${{ github.base_ref || github.ref_name }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+        
+        git push origin
+        git push --tags origin
+
+  docker-build-and-push:
+    runs-on: ubuntu-22.04 #ubuntu-latest
+    # if: ${{ github.event_name == 'push' }}
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{github.sha}};
+        ID=${SHA:0:8};
+        echo "ID=$ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:$ID" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "${{ steps.get-id.outputs.ID }}"; 
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Container Registry
+      # if: ${{ github.event_name == 'push' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build the Docker image
+      run: |
+        docker build \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "Image size $IMAGE_SIZE";
+
+    - name: Push the Docker image
+      if: ${{ github.event_name == 'push' }}
+      run: |
+        docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }};
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "Pushed $IMAGE_SIZE image ${{ steps.get-id.outputs.DOCKER_IMAGE }}";

.github/unused/v2-pr-workflow.yml

@@ -0,0 +1,80 @@
+name: Docker Image CI
+
+on:
+  pull_request:
+    branches:
+      - main
+
+env:
+  REPO: ${{ github.repository }}/temp #Add /temp for PR workflow
+
+jobs:
+
+  lint-and-compile:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - run: pnpm lint
+    - run: pnpm check
+
+  image-vulnerability-scan:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
+      # Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+      run: |
+        docker build \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Scan container image for vulnerabilities with grype
+      uses: anchore/scan-action@v6
+      with:
+        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true

.github/unused/v2-push-workflow.yml

@@ -0,0 +1,91 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  npm-push:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - run: pnpm build
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+
+        npm publish
+        
+        git push origin
+        git push --tags origin
+
+  container-push:
+    runs-on: ubuntu-22.04
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ vars.docker_repo2_username }}
+        password: ${{ vars.docker_repo2_password }}
+
+    - name: Build the container image
+      run: |
+        docker build \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+    
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Push the container image
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/unused/workflow_inputs.yml

@@ -0,0 +1,38 @@
+# Inputs with workflow_call (triggering from another workflow):
+on:
+  workflow_call:
+    inputs:
+      username:
+        description: 'A username passed from the caller workflow'
+        default: 'john-doe'
+        required: false
+        type: string
+
+jobs:
+  print-username:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Print the input name to STDOUT
+        run: echo The username is ${{ inputs.username }}
+
+
+# Inputs with workflow_dispatch (manual trigger):
+name: Update Repo Version Workflow
+
+on:
+  workflow_dispatch:
+    inputs:
+      name:
+        type: choice
+        description: Who to greet
+        options: 
+        - monalisa
+        - cschleiden
+      message:
+        required: true
+      use-emoji:
+        type: boolean
+        description: Include 🎉🤣 emojis
+      environment:
+        type: environment

.github/workflows/base-build-image-gcp.yml

@@ -0,0 +1,71 @@
+name: Build base images (Generally from basin repo)
+
+on:
+  workflow_call:
+    inputs:
+      image_tag:
+        required: true
+        type: string
+      fail_on_scan:
+        default: true
+        type: boolean
+
+jobs:
+  docker-build-and-push:
+
+    runs-on: ubuntu-22.04 #ubuntu-latest
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        echo "DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
+
+    - name: Print image name
+      run: |
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    # ✅ 1) Auth to GCP (this is where your SA key is used)
+    - name: Auth to GCP
+      uses: google-github-actions/auth@v2
+      with:
+        # using your existing secret that contains the SA JSON
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      # ✅ 2) Install gcloud (no creds here)
+    - name: Set up gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ vars.GCP_PROJECT_ID }}
+        export_default_credentials: true
+
+    - name: Configure Docker for GAR
+      run: |
+        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+    - name: Build and push the Docker image
+      run: |
+        docker build \
+          --file context/Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          ./context;
+
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+#    - name: Scan Docker Image for vulnerabilities with Grype
+#      uses: anchore/scan-action@v6
+#      with:
+#        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+#        cache-db: true #Cache Grype DB in Github Actions
+#        output-format: table
+#        only-fixed: true
+#        severity-cutoff: critical
+#        fail-build: ${{ inputs.fail_on_scan }}
+
+    - name: Push the container image
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/base-build-image.yml

@@ -6,6 +6,9 @@ on:
       image_tag:
         required: true
         type: string
+      fail_on_scan:
+        default: true
+        type: boolean
 
 jobs:
   docker-build-and-push:
@@ -52,7 +55,7 @@ jobs:
         output-format: table
         only-fixed: true
         severity-cutoff: critical
-        fail-build: true
+        fail-build: ${{ inputs.fail_on_scan }}
 
     - name: Push the container image
       run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/dispatch-container-base.yml

@@ -0,0 +1,59 @@
+name: Build base images from code repos
+
+on:
+  workflow_call:
+    inputs:
+      image_tag:
+        required: true
+        type: string
+
+jobs:
+  docker-base-build-and-push:
+
+    runs-on: ubuntu-22.04 #ubuntu-latest
+
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        echo "DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
+
+    - name: Print image name
+      run: |
+        echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    - name: Login to Docker Container Registry
+      # if: ${{ github.event_name == 'push' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+
+    - name: Build and push the Docker image
+      run: |
+        docker build \
+          --file fab/d/actions-base.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Container details
+      run: |
+        IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+        echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Push the container image
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+  
+    - name: Scan Docker Image for vulnerabilities with Grype
+      uses: anchore/scan-action@v6
+      with:
+        image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true
+

.github/workflows/push-code-scan.yml

@@ -0,0 +1,36 @@
+name: Vulnerability Scan
+# Secrets can only viewed in "push" events. Not pull_request events.
+# That's why this step needs to be called on push, and not on pull_request (to read npm password).
+
+on:
+  workflow_call:
+
+jobs:
+
+  push-container-scan:
+    runs-on: ubuntu-22.04
+
+    steps:
+
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - name: Scan container image for vulnerabilities with grype
+      uses: anchore/scan-action@v6
+      with:
+        path: "."
+        cache-db: true #Cache Grype DB in Github Actions
+        output-format: table
+        only-fixed: true
+        severity-cutoff: critical
+        fail-build: true

.github/workflows/push-code-test.yml

@@ -0,0 +1,30 @@
+name: Run Tests
+# Secrets can only viewed in "push" events. Not pull_request events.
+# That's why this step needs to be called on push, and not on pull_request (to read npm password).
+
+on:
+  workflow_call:
+
+jobs:
+
+  push-container-scan:
+    runs-on: ubuntu-22.04
+
+    steps:
+
+    - uses: actions/checkout@v4
+      
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - name: Install npm dependencies
+      run: |
+        npm install -g pnpm
+        pnpm install
+
+    - name: Run Tests
+      run: |
+        pnpm test

.github/workflows/push-container-gcp.yml

@@ -0,0 +1,63 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  push-container:
+    runs-on: ubuntu-22.04
+    steps:
+      - id: get-id
+        name: Get a unique tag for this build
+        run: |
+          SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+          BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+          DOCKER_IMAGE="${{vars.GCP_DOCKER_REGISTRY}}/$REPO:$BUILD_ID"
+          echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+      - name: Print build id and image name
+        run: |
+          echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+          echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+      - uses: actions/checkout@v4
+
+        # ✅ 1) Auth to GCP (this is where your SA key is used)
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          # using your existing secret that contains the SA JSON
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+        # ✅ 2) Install gcloud (no creds here)
+      - name: Set up gcloud
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          project_id: ${{ vars.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Configure Docker for GAR
+        run: |
+          gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+      - name: Build the container image
+        run: |
+          docker build \
+            --build-arg BUILD_STEP=container \
+            --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+            --file fab/d/actions-build.Dockerfile \
+            --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+            .;
+
+      - name: Container details
+        run: |
+          IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
+          echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+      - name: Push the container image
+        run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/push-container-scan.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
 
-  image-vulnerability-scan:
+  push-container-scan:
     runs-on: ubuntu-22.04
 
     steps:
@@ -38,9 +38,10 @@ jobs:
         password: ${{ secrets.docker_repo2_password }}
 
     - name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
-      # Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=$BUILD_ID \
       run: |
         docker build \
+          --build-arg BUILD_STEP=container \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
           .;

.github/workflows/push-container.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
 
-  container-build-and-push:
+  push-container:
     runs-on: ubuntu-22.04
     steps:
     - id: get-id
@@ -37,6 +37,7 @@ jobs:
     - name: Build the container image
       run: |
         docker build \
+          --build-arg BUILD_STEP=container \
           --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
@@ -48,4 +49,4 @@ jobs:
         echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
 
     - name: Push the container image
-      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
+      run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}

.github/workflows/push-npm-from-container.yml

@@ -0,0 +1,84 @@
+name: Reusable container push workflow
+
+on:
+  workflow_call:
+
+env:
+  REPO: ${{ github.repository }}
+
+jobs:
+
+  push-npm:
+    runs-on: ubuntu-22.04
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 22
+        registry-url: ${{ vars.NPM_REGISTRY }}
+        token: ${{ secrets.NPM_TOKEN }}
+
+    - run: npm install -g pnpm
+
+    - uses: actions/checkout@v4
+
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - name: Login to docker container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.docker_repo2_registry }}
+        username: ${{ secrets.docker_repo2_username }}
+        password: ${{ secrets.docker_repo2_password }}
+  
+    - name: Build the container image for npm build, with dependencies
+      run: |
+        docker build \
+          --build-arg BUILD_STEP=bundle \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+
+    - name: Extract lib files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/src/lib
+        destination_path=lib
+
+        container_id=$(docker create "$image" "pnpm build_npm")
+        docker container start -a $container_id
+
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+    - name: Increment package version and push
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: |
+        git config --global user.name 'bot-build'
+        git config --global user.email 'techbots+build@gmetri.com'
+
+        export N=`node -p require\(\'./package.json\'\).name` && echo $N
+        pnpm version patch --message "v%s: $N [CI SKIP]"
+
+        npm publish
+        
+        git push origin
+        git push --tags origin

.github/workflows/push-npm.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
 
-  npm-push:
+  push-npm:
     runs-on: ubuntu-22.04
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the
@@ -16,20 +16,20 @@ jobs:
       contents: write
 
     steps:
-    - uses: actions/checkout@v4
-      
     - uses: actions/setup-node@v4
       with:
         node-version: 22
         registry-url: ${{ vars.NPM_REGISTRY }}
         token: ${{ secrets.NPM_TOKEN }}
 
-    - name: Install npm dependencies
-      run: |
-        npm install -g pnpm
-        pnpm install
+    - run: npm install -g pnpm
 
-    - run: pnpm build
+    - uses: actions/checkout@v4
+
+    - name: Install npm dependencies and build
+      run: |
+        pnpm install
+        pnpm build_npm
 
     - name: Increment package version and push
       env:

.github/workflows/push-s3-gcp.yml

@@ -0,0 +1,86 @@
+name: Docker Image CI
+
+on:
+  workflow_call:
+
+# Org Secrets are available on push event. Not pull_request event.
+
+env:
+  REPO: ${{ github.repository }}
+  REPO_SHORT_NAME: ${{ github.event.repository.name }}
+
+jobs:
+
+  push-s3:
+    runs-on: ubuntu-22.04
+    steps:
+    - id: get-id
+      name: Get a unique tag for this build
+      run: |
+        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
+        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
+        DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
+        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
+        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
+
+    - name: Print build id and image name
+      run: |
+        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
+        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
+
+    - uses: actions/checkout@v4
+
+    # ✅ 1) Auth to GCP (this is where your SA key is used)
+    - name: Auth to GCP
+      uses: google-github-actions/auth@v2
+      with:
+        # using your existing secret that contains the SA JSON
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      # ✅ 2) Install gcloud (no creds here)
+    - name: Set up gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ vars.GCP_PROJECT_ID }}
+        export_default_credentials: true
+
+    - name: Configure Docker for GAR
+      run: |
+        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
+
+
+    - name: Build the container image for bundle step
+      run: |
+        docker build \
+          --build-arg BUILD_STEP=bundle \
+          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
+          --file fab/d/actions-build.Dockerfile \
+          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
+          .;
+    
+    - name: Extract cloud files
+      run: |
+        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
+        source_path=/cloud
+        destination_path=cloud
+
+        container_id=$(docker create "$image")
+        docker cp "$container_id:$source_path" "$destination_path"
+        docker rm "$container_id"
+
+        echo "Running: ls $destination_path"
+        ls $destination_path
+
+    - name: Upload cloud files
+      uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_access_key }}
+        AWS_DEFAULT_REGION: ${{ vars.aws_default_region }}
+      with:
+        args: >
+          s3 cp \
+          --recursive \
+          --cache-control max-age=31536000\
+          --storage-class 'STANDARD_IA' \
+          cloud/ s3://${{ vars.aws_upload_bucket }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}

.github/workflows/push-s3.yml

@@ -11,7 +11,7 @@ env:
 
 jobs:
 
-  s3-push:
+  push-s3:
     runs-on: ubuntu-22.04
     steps:
     - id: get-id
@@ -37,9 +37,10 @@ jobs:
         username: ${{ secrets.docker_repo2_username }}
         password: ${{ secrets.docker_repo2_password }}
 
-    - name: Build the container image
+    - name: Build the container image for bundle step
       run: |
         docker build \
+          --build-arg BUILD_STEP=bundle \
           --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
           --file fab/d/actions-build.Dockerfile \
           --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \

.gitignore

@@ -129,4 +129,4 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
-
+.idea/

README-actions.md

@@ -51,22 +51,6 @@ https://github.com/orgs/community/discussions/26625#discussioncomment-3252582
 
 https://anchorecommunity.discourse.group/t/how-to-act-on-go-module-vulnerabilities/186/2
 
-Within the image:
-```bash
-curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b ./bin
-
-#To check vulnerabilities
-grypd .
-#To save detailed output
-grype $MY_IMAGE -o json > vuln.json
-#OR
-grype . -o json > vuln.json
-
-#To explain the issue:
-cat vuln.json | grype explain --id CVE-2023-24537
-cat vuln2.json | grype explain --id CVE-2023-45853
-```
-
 ## Getting the word "main" (branch name) during builds
 
 If the build (was triggered by) is a merge of a pull request, GITHUB_BASE_REF will contain main. 

README-build-notes.md

@@ -0,0 +1,12 @@
+> https://git.gmetri.io/gmetribin/build-tools/src/branch/main/.github/README-build-notes.md
+
+1) npm build -> push to npm                `pnpm build_npm`
+2) webpack build -> push assets to s3      Builds the docker. (Inside the docker `pnpm build`)
+3) push docker with code that executes on. Docker image decides the start CMD. (Generally `pnpm start`)
+4) image scan (dependent on docker build)
+5) pushes the docker version to the cs-* repo
+
+### 3 Push Docker
+* Docker will be built with the Dockerfile `./fab/d/actions-build.Dockerfile`
+* Context will be `.`
+* env var `PUBLIC_BUILD_VERSION` will be passed as an env var Docker builds.

README.md

@@ -1,4 +1,4 @@
-# deploy-tools
+# build-tools
 
 Github Action Workflows that can be reused, built by GMetri
 

basetag.sh

@@ -1,9 +1,20 @@
 #!/bin/bash
 
-# https://gist.github.com/CSTDev/08c127680e3b5fae38c051da3e489351
+# #For a fresh repo / Creating new releases
+# git add -A;
+# git commit -m "<commit msg>"
+# #Setting a tag
+# git tag -a -m "<tag msg>" v1.0.0
+# git push --follow-tags
+# #Moving a tag (eg: for major version retagging)
+# git tag -fa v1
+# git push --tags -f
+
+# Based on https://gist.github.com/CSTDev/08c127680e3b5fae38c051da3e489351
+# Commit with a log containing #minor or #major to increment the respective version number
 
 #get highest tag number containing at least 2 dots
-VERSION=`git describe --abbrev=0 --tags --match="v[0-9]*\.*\.*"`
+VERSION=`git describe --abbrev=0 --tags --match="v[0-9]*\.[0-9]*\.[0-9]*"`
 
 #replace . with space so can split into an array
 VERSION_BITS=(${VERSION//./ })