gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
build-tools/.github/unused/v1-lint-and-build.yml
Sahil Ahuja f280a99559 Update
2025-02-05 19:38:45 +05:30

150 lines
4.5 KiB
YAML
Raw Blame History

name: Docker Image CI
# on: [push]
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
DOCKER_REGISTRY: ${{ vars.docker_repo2_registry }}
REPO: ${{ github.repository }}
jobs:
image-vulnerability-scan:
runs-on: ubuntu-22.04 #ubuntu-latest
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{github.sha}};
ID=${SHA:0:8};
echo "ID=$ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:temp-$ID" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "${{ steps.get-id.outputs.ID }}";
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to Docker Container Registry
# if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the Docker image
# Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
run: |
docker build \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Scan Docker Image for vulnerabilities with Grype
uses: anchore/scan-action@v6
with:
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true
npm-push:
runs-on: ubuntu-22.04 #ubuntu-latest
if: ${{ github.event_name == 'push' }}
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install NPM Dependencies
run: |
npm install -g pnpm
pnpm install
- name: Lint & Check
run: |
pnpm lint
pnpm check
- run: pnpm build
#If this is a merge of a pull request, GITHUB_BASE_REF will contain main.
#But if this is a direct commit on the main branch, then GITHUB_REF_NAME will contain main
- name: Increment package version and push
env:
GITHUB_TOKEN: ${{ github.token }}
# BRANCH_NAME: ${{ github.base_ref || github.ref_name }}
run: |
git config --global user.name 'bot-build'
git config --global user.email 'techbots+build@gmetri.com'
export N=`node -p require\(\'./package.json\'\).name` && echo $N
pnpm version patch --message "v%s: $N [CI SKIP]"
git push origin
git push --tags origin
docker-build-and-push:
runs-on: ubuntu-22.04 #ubuntu-latest
# if: ${{ github.event_name == 'push' }}
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{github.sha}};
ID=${SHA:0:8};
echo "ID=$ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_REGISTRY/$REPO:$ID" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "${{ steps.get-id.outputs.ID }}";
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to Docker Container Registry
# if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the Docker image
run: |
docker build \
--build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.ID }} \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "Image size $IMAGE_SIZE";
- name: Push the Docker image
if: ${{ github.event_name == 'push' }}
run: |
docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }};
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "Pushed $IMAGE_SIZE image ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
Reference in New Issue View Git Blame Copy Permalink