bahmni-msf · Srkrishna · Oct 1, 2024 · Sep 24, 2024
diff --git a/.github/workflows/build_publish_msf_release.yml b/.github/workflows/build_publish_msf_release.yml
@@ -0,0 +1,61 @@
+name: Build and Publish
+on:
+  push:
+    branches:
+      - msf-ocp-release
+  workflow_dispatch:
+
+jobs:
+  build-publish-docker:
+    name: Build & Publish Docker Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pull Github code
+        uses: actions/checkout@v4
+      - name: Use Node.js 10.16.3
+        uses: actions/setup-node@v1
+        with:
+          node-version: 10.16.3
+      - name: Use Ruby 2.5
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+      - run: npm install -g bower
+      - run: npm install -g grunt-cli
+      - run: gem install ffi -v 1.16.3
+      - run: gem install compass -v 1.0.3
+      - run: npm install --g yarn
+      - name: Package
+        run: cd ui && yarn cache clean && /bin/bash ./scripts/package.sh
+      - name: Build docker image
+        run: docker build -t bahmni-web:latest -f package/docker/Dockerfile .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'bahmni-web:latest'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'HIGH,CRITICAL'
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.BAHMNI_LITE_AWS_UAT_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.BAHMNI_LITE_AWS_UAT_SECRET_KEY }}
+          aws-region: ${{ secrets.BAHMNI_LITE_AWS_UAT_REGION }}
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Set Image tag varaible
+        run: echo "ARTIFACT_VERSION=$(cat package/.appversion)-$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
+      - name: Tag and Push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: bahmni-msf-lite/bahmni-web
+          IMAGE_TAG: ${{ env.ARTIFACT_VERSION }}
+        run: |
+          docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:latest
+          docker tag bahmni-web:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+          docker push $REGISTRY/$REPOSITORY:latest