Various METexpress updates #528
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build METexpress" | |
on: | |
push: | |
branches: [main, development] | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+' | |
pull_request: | |
branches: [main, development] | |
env: | |
DEV_REGISTRY: ghcr.io/dtcenter/metexpress/development | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
app: | |
- met-anomalycor | |
- met-cyclone | |
- met-ensemble | |
- met-precip | |
- met-object | |
- met-surface | |
- met-upperair | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '14' # This needs to match the version used by our Meteor release | |
- name: Install dependencies | |
working-directory: apps/${{ matrix.app }} | |
run: npm ci | |
- name: Lint | |
working-directory: apps/${{ matrix.app }} | |
run: npm run lint | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
permissions: | |
packages: write | |
security-events: write | |
strategy: | |
fail-fast: true | |
matrix: | |
app: | |
- met-anomalycor | |
- met-cyclone | |
- met-ensemble | |
- met-precip | |
- met-object | |
- met-surface | |
- met-upperair | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set env variables | |
shell: bash | |
# Note - this doesn't support branch names with "/" in them | |
run: | | |
DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }}) | |
if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then | |
# PR build | |
echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV | |
echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV | |
elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then | |
# Handle differences between branches/tags | |
if [[ "${GITHUB_REF}" == *"heads"* ]]; then | |
# Branch build | |
echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV | |
elif [[ "${GITHUB_REF}" == *"tags"* ]]; then | |
# Tag build | |
echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
else | |
echo "ERROR: Unanticipated Git Ref" | |
exit 1 | |
fi | |
else | |
echo "ERROR: Unanticipated GitHub Event" | |
exit 1 | |
fi | |
- name: Create lowercase app names | |
# Docker tags must be lowercase | |
env: | |
APP: '${{ matrix.app }}' | |
run: | | |
echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV | |
- name: Build image | |
run: | | |
docker build \ | |
--build-arg APPNAME=${{ matrix.app }} \ | |
--build-arg BUILDVER="${{ env.VERSION }}" \ | |
--build-arg COMMITBRANCH=${{ env.BRANCH }} \ | |
--build-arg COMMITSHA=${{ github.sha }} \ | |
-t ${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }} \ | |
. | |
- name: Scan image with Trivy | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }}' | |
format: 'sarif' | |
output: 'trivy-results-${{ env.APP_LOWERCASE }}.sarif' | |
ignore-unfixed: true | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results-${{ env.APP_LOWERCASE }}.sarif' | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push image to dev registry | |
run: | | |
docker push ${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }} |