Build and Package the NWSC Proxy Service to Dev Registry

Merge pull request #16 from NOAA-GSL/bug/key-camelcase #83

Workflow file for this run

.github/workflows/build-package-mock-ims.yml at d374a2b

	name: Build and Package the NWSC Proxy Service to Dev Registry
	on:
	push:
	branches: [ main ]
	env:
	DEV_REGISTRY: ghcr.io/noaa-gsl/idss/service/ims-gateway
	jobs:
	job1:
	name: NWSC Proxy Service - Dev
	runs-on: ubuntu-latest
	strategy:
	fail-fast: true
	matrix:
	app:
	- proxy
	steps:

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}

	- name: pull
	run: \|
	docker pull ghcr.io/noaa-gsl/idss/commons/python/python-base:main

	- name: Checkout Code
	uses: actions/checkout@v2

	- name: Set ENV Variables
	shell: bash
	run: \|
	DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }})
	if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
	# PR build
	echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
	echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
	elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then
	# Handle differences between branches/tags
	if [[ "${GITHUB_REF}" == "heads" ]]; then
	# Branch build
	echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
	echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
	elif [[ "${GITHUB_REF}" == "tags" ]]; then
	# Tag build
	echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
	echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
	else
	echo "ERROR: Unanticipated Git Ref"
	exit 1
	fi
	else
	echo "ERROR: Unanticipated GitHub Event"
	exit 1
	fi

	- name: Create App Names
	env:
	APP: '${{matrix.app}}'
	run: \|
	echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV

	- name: Generate Date-Time Tag
	id: tag
	run: \|
	# Get the current date-time in YYYYMMDDHHMMSS format
	TIMESTAMP=$(date +"%Y%m%d%H%M%S")
	echo "Generated tag: $TIMESTAMP"
	# Store it as an output to use in later steps
	echo "GIT_TAG=$TIMESTAMP" >> $GITHUB_ENV

	- name: Update k8s wids-idsse-1 deployments with git tag
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	sed -i "s/proxy:[^ ]\+/proxy:${GIT_TAG}/g" ./deployments/wids-idsse-1/nwsc-proxy.yml

	- name: Pull before Push
	run: \|
	git pull origin main

	- name: Commit & push changes to k8s dev deployment yaml files
	if: ${{ github.ref == 'refs/heads/main' }}
	uses: actions-js/push@master
	with:
	message: Update k8s dev deployment yamls with git tag
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Build Image
	run: \|
	docker build \
	--build-arg APPNAME=${{matrix.app}} \
	--build-arg BUILDVER="${{env.VERSION}}" \
	--build-arg COMMITBRANCH=${{env.BRANCH}} \
	--build-arg COMMITSHA=${{github.sha}} \
	-t ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.GIT_TAG}} \
	-f ./docker/nwsc_proxy/dev/Dockerfile .

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.GIT_TAG}}'
	format: 'table'
	#exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	# this requires public repo / additional config
	#format: 'sarif'
	#output: 'trivy-results.sarif'

	# GSL isn't paying for this support with private repositories
	# - name: Upload Trivy scan results to GitHub Security tab
	# uses: github/codeql-action/upload-sarif@v2
	# with:
	# sarif_file: 'trivy-results.sarif'

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}

	- name: Push Image to Dev Registry
	run: \|
	docker push ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.GIT_TAG}}
	job2:
	name: NWSC Proxy Service - UAT
	needs: job1
	runs-on: ubuntu-latest
	strategy:
	fail-fast: true
	matrix:
	app:
	- proxy
	steps:

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}

	- name: pull
	run: \|
	docker pull ghcr.io/noaa-gsl/idss/commons/python/python-base:main

	- name: Checkout Code
	uses: actions/checkout@v2

	- name: Set ENV Variables
	shell: bash
	run: \|
	DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }})
	if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
	# PR build
	echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
	echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
	elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then
	# Handle differences between branches/tags
	if [[ "${GITHUB_REF}" == "heads" ]]; then
	# Branch build
	echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
	echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
	elif [[ "${GITHUB_REF}" == "tags" ]]; then
	# Tag build
	echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
	echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
	else
	echo "ERROR: Unanticipated Git Ref"
	exit 1
	fi
	else
	echo "ERROR: Unanticipated GitHub Event"
	exit 1
	fi

	- name: Create App Names
	env:
	APP: '${{matrix.app}}'
	run: \|
	echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV

	- name: Build Image
	run: \|
	docker build \
	--build-arg APPNAME=${{matrix.app}} \
	--build-arg BUILDVER="${{env.VERSION}}" \
	--build-arg COMMITBRANCH=${{env.BRANCH}} \
	--build-arg COMMITSHA=${{github.sha}} \
	-t ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:uat \
	-f ./docker/nwsc_proxy/uat/Dockerfile .

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{github.actor}}
	password: ${{secrets.GITHUB_TOKEN}}

	- name: Push Image to Dev Registry
	run: \|
	docker push ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:uat

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #16 from NOAA-GSL/bug/key-camelcase #83

Workflow file

Merge pull request #16 from NOAA-GSL/bug/key-camelcase #83

Uh oh!

Jobs

Run details

Workflow file for this run