Add. Update Trivy Ignore (#221) #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 🏗️ Build and Publish | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- "**.md" | |
workflow_run: | |
workflows: [Pull Translations from Transifex] | |
types: [completed] | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
trivy-scan: | |
name: 🕵️♂️ Trivy Scan | |
runs-on: ubuntu-latest | |
steps: | |
- name: 📥 Checkout code | |
uses: actions/checkout@v4 | |
- name: 🕵️♂️ Trivy Scan | |
run: | | |
wget -q https://raw.githubusercontent.com/Bahmni/bahmni-infra-utils/main/trivy_scan.sh && chmod +x trivy_scan.sh | |
./trivy_scan.sh | |
rm trivy_scan.sh | |
build-publish-docker: | |
name: 🏗️ Build & Publish Docker Image | |
runs-on: ubuntu-latest | |
needs: trivy-scan | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set env.ARTIFACT_VERSION | |
run: | | |
wget -q https://raw.githubusercontent.com/Bahmni/bahmni-infra-utils/main/setArtifactVersion.sh && chmod +x setArtifactVersion.sh | |
./setArtifactVersion.sh | |
rm setArtifactVersion.sh | |
- uses: actions/checkout@v4 | |
- name: 📥 Use Node.js 14.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 14.x | |
- name: 📥 Install dependencies | |
run: yarn install | |
- name: 🏗️ Build | |
run: yarn build | |
- name: 🔍 Test | |
run: yarn test:ci | |
- name: 🖥️ Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: 🖥️ Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: 🔐 Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: 🐳 Docker Build and Push | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
file: package/docker/Dockerfile | |
push: true | |
tags: | | |
bahmni/microfrontend-ipd:${{ env.ARTIFACT_VERSION }} | |
bahmni/microfrontend-ipd:latest | |
push-translations: | |
name: Push Translations to Transifex | |
runs-on: ubuntu-latest | |
steps: | |
- name: 📥 Checkout code | |
uses: actions/checkout@v4 | |
- name: Push Translations to Transifex | |
run: | | |
curl -o transifex.sh https://raw.githubusercontent.com/Bahmni/bahmni-infra-utils/main/transifex.sh | |
chmod +x transifex.sh | |
./transifex.sh push | |
rm transifex.sh | |
env: | |
TX_TOKEN: ${{ secrets.TX_TOKEN }} | |
trigger-workflow: | |
name: 🔁 Trigger workflow to deploy to Docker env | |
needs: | |
- trivy-scan | |
- build-publish-docker | |
- push-translations | |
runs-on: ubuntu-latest | |
env: | |
ORG_NAME: Bahmni | |
REPOSITORY_NAME: bahmni-docker | |
EVENT_TYPE: bahmni-ipd-microfrontend-event | |
steps: | |
- name: 🔧 Create repository_dispatch | |
run: | | |
trigger_result=$(curl -s -o trigger_response.txt -w "%{http_code}" -X POST -H "Accept: application/vnd.github.v3+json" -H 'authorization: Bearer ${{ secrets.BAHMNI_PAT }}' https://api.github.com/repos/${ORG_NAME}/${REPOSITORY_NAME}/dispatches -d '{"event_type":"'"${EVENT_TYPE}"'"}') | |
if [ $trigger_result == 204 ]; then | |
echo "✅ Trigger to $ORG_NAME/$REPOSITORY_NAME Success" | |
else | |
echo "❌ Trigger to $ORG_NAME/$REPOSITORY_NAME Failed" | |
cat trigger_response.txt | |
exit 1 | |
fi |