From 587bd39d3f40c1ffa0cbbc45d54df4be5383b529 Mon Sep 17 00:00:00 2001
From: "RadhaKrishnan.S" <radhakrishnan.sekar@thoughtworks.com>
Date: Tue, 24 Sep 2024 18:36:23 +0530
Subject: [PATCH] Update workflow for the MSF Release (#91)

---
 .../workflows/build_publish_msf_release.yml   | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 .github/workflows/build_publish_msf_release.yml

diff --git a/.github/workflows/build_publish_msf_release.yml b/.github/workflows/build_publish_msf_release.yml
new file mode 100644
index 0000000000..915da5870b
--- /dev/null
+++ b/.github/workflows/build_publish_msf_release.yml
@@ -0,0 +1,61 @@
+name: Build and Publish
+on:
+  push:
+    branches:
+      - msf-ocp-release
+  workflow_dispatch:
+
+jobs:
+  build-publish-docker:
+    name: Build & Publish Docker Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pull Github code
+        uses: actions/checkout@v4
+      - name: Use Node.js 10.16.3
+        uses: actions/setup-node@v1
+        with:
+          node-version: 10.16.3
+      - name: Use Ruby 2.5
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+      - run: npm install -g bower
+      - run: npm install -g grunt-cli
+      - run: gem install ffi -v 1.16.3
+      - run: gem install compass -v 1.0.3
+      - run: npm install --g yarn
+      - name: Package
+        run: cd ui && yarn cache clean && /bin/bash ./scripts/package.sh
+      - name: Build docker image
+        run: docker build -t bahmni-web:latest -f package/docker/Dockerfile .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'bahmni-web:latest'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'HIGH,CRITICAL'
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.BAHMNI_LITE_AWS_UAT_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.BAHMNI_LITE_AWS_UAT_SECRET_KEY }}
+          aws-region: ${{ secrets.BAHMNI_LITE_AWS_UAT_REGION }}
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Set Image tag varaible
+        run: echo "ARTIFACT_VERSION=$(cat package/.appversion)-$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
+      - name: Tag and Push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: bahmni-msf-lite/bahmni-web
+          IMAGE_TAG: ${{ env.ARTIFACT_VERSION }}
+        run: |
+          docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:latest
+          docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+          docker push $REGISTRY/$REPOSITORY:latest