"Sreelekha | MOBN-2437 | Update build_publish.yml" #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish | |
| on: | |
| push: | |
| branches: | |
| - MOBN-2437 | |
| workflow_dispatch: | |
| jobs: | |
| build-publish-docker: | |
| name: Build & Publish Docker Image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Pull Github code | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js 10.16.3 | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: 14.x | |
| - name: Use Ruby 2.5 | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 2.5 | |
| - run: npm install -g bower | |
| - run: npm install -g grunt-cli | |
| - run: gem install ffi -v 1.16.3 | |
| - run: gem install compass -v 1.0.3 | |
| - run: npm install --g yarn | |
| - name: micro-frontends | install dependencies | |
| working-directory: micro-frontends | |
| run: yarn install --frozen-lock-file | |
| - name: micro-frontends | test | |
| working-directory: micro-frontends | |
| run: yarn test:ci | |
| - name: micro-frontends | build | |
| working-directory: micro-frontends | |
| run: yarn build | |
| - name: Package | |
| run: cd ui && yarn cache clean && /bin/bash ./scripts/package.sh --force | |
| - name: Build docker image | |
| run: docker build -t bahmni-web:latest -f package/docker/Dockerfile . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'bahmni-web:latest' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'HIGH,CRITICAL' | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.BAHMNI_LITE_AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.BAHMNI_LITE_AWS_SECRET_KEY }} | |
| aws-region: ${{ secrets.BAHMNI_LITE_AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Set Image tag varaible | |
| run: echo "ARTIFACT_VERSION=$(cat package/.appversion)-$GITHUB_RUN_NUMBER" >> $GITHUB_ENV | |
| - name: Tag and Push docker image to Amazon ECR | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: bahmni-msf-lite/bahmni-web | |
| IMAGE_TAG: ${{ env.ARTIFACT_VERSION }} | |
| run: | | |
| docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:latest | |
| docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| docker push $REGISTRY/$REPOSITORY:latest |