frontend/.github/workflows/_meta-build.yaml at 88076bab1035ea1b42f63f95fd0f7d6cbb687e36 · DependencyTrack/frontend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
permissions: {}

on:
  workflow_call:
    inputs:
      app-version:
        type: string
        required: false
        default: 'snapshot'
        description: 'Set the version that should be set/used as tag for the container image'
      publish-container:
        type: boolean
        required: false
        default: false
        description: 'Set if the container image gets publish and scan once its build'
      ref-name:
        type: string
        required: true
        description: 'Short ref name of the branch or tag that triggered the workflow run'
    secrets:
      registry-0-usr:
        required: true
      registry-0-psw:
        required: true

jobs:
  build-node:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2
        with:
          persist-credentials: false

      - name: Set up NodeJs
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # tag=v6.3.0
        with:
          node-version: '20'
          cache: 'npm'

      - name: Run Npm Build
        env:
          CI: true
        run: |-
          npm ci
          npm run build --if-present

      - name: Upload Artifacts
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # tag=v7.0.0
        with:
          name: assembled-frontend
          path: |-
            dist/
            bom.*

  build-container:
    runs-on: ubuntu-latest
    needs:
      - build-node

    steps:
      - name: Checkout Repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2
        with:
          persist-credentials: false

      - name: Download Artifacts
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # tag=v8.0.1
        with:
          name: assembled-frontend

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # tag=v4.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # tag=v4.0.0
        id: buildx
        with:
          install: true

      - name: Login to Docker.io
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # tag=v4.1.0
        if: ${{ inputs.publish-container }}
        with:
          registry: docker.io
          username: ${{ secrets.registry-0-usr }}
          password: ${{ secrets.registry-0-psw }}

      - name: Set Container Tags
        id: tags
        env:
          REF_NAME: ${{ inputs.ref-name }}
          APP_VERSION: ${{ inputs.app-version }}
        run: |-
          IMAGE_NAME="docker.io/dependencytrack/frontend"
          TAGS=""

          if [[ $REF_NAME == feature-* ]]; then
            TAGS="${IMAGE_NAME}:${REF_NAME,,}"
          else
            TAGS="${IMAGE_NAME}:${APP_VERSION}"
            if [[ "${APP_VERSION}" != "snapshot" ]]; then
              TAGS="${TAGS},${IMAGE_NAME}:latest"
            fi
          fi
          echo "tags=${TAGS}" >> $GITHUB_OUTPUT

      - name: Build multi-arch Container Image
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # tag=v7.0.0
        with:
          tags: ${{ steps.tags.outputs.tags }}
          build-args: |-
            APP_VERSION=${{ inputs.app-version }}
            COMMIT_SHA=${{ github.sha }}
          platforms: linux/amd64,linux/arm64
          push: ${{ inputs.publish-container }}
          context: .
          file: docker/Dockerfile.alpine