Documentation for 5.1.1 release #422
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build" | |
on: | |
push: | |
branches: [main, development] | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+' | |
pull_request: | |
branches: [main, development] | |
env: | |
DEV_REGISTRY: ghcr.io/dtcenter/metexpress/development | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
app: | |
- met-airquality | |
- met-anomalycor | |
- met-cyclone | |
- met-ensemble | |
- met-precip | |
- met-object | |
- met-surface | |
- met-upperair | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' # This needs to match the version used by our Meteor release | |
- name: Install dependencies | |
working-directory: apps/${{ matrix.app }} | |
run: npm ci | |
- name: Lint | |
working-directory: apps/${{ matrix.app }} | |
run: npm run lint | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 120 | |
strategy: | |
# fail-fast: true # FIXME: Reactivate fail-fast once our image size is under control | |
matrix: | |
app: | |
- met-airquality | |
- met-anomalycor | |
- met-cyclone | |
- met-ensemble | |
- met-precip | |
- met-object | |
- met-surface | |
- met-upperair | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Set env variables | |
shell: bash | |
# Note - this doesn't support branch names with "/" in them | |
run: | | |
DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }}) | |
if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then | |
# PR build | |
echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV | |
echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV | |
elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then | |
# Handle differences between branches/tags | |
if [[ "${GITHUB_REF}" == *"heads"* ]]; then | |
# Branch build | |
echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV | |
elif [[ "${GITHUB_REF}" == *"tags"* ]]; then | |
# Tag build | |
echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
else | |
echo "ERROR: Unanticipated Git Ref" | |
exit 1 | |
fi | |
else | |
echo "ERROR: Unanticipated GitHub Event" | |
exit 1 | |
fi | |
- name: Create lowercase app names | |
# Docker tags must be lowercase | |
env: | |
APP: '${{ matrix.app }}' | |
run: | | |
echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV | |
- name: Build image | |
run: | | |
docker build \ | |
--build-arg APPNAME=${{ matrix.app }} \ | |
--build-arg BUILDVER="${{ env.VERSION }}" \ | |
--build-arg COMMITBRANCH=${{ env.BRANCH }} \ | |
--build-arg COMMITSHA=${{ github.sha }} \ | |
-t ${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }} \ | |
. | |
# FIXME: Reactivate image scanning once we've determined why the image size has blown up | |
# - name: Scan image with Trivy | |
# uses: aquasecurity/trivy-action@master | |
# with: | |
# image-ref: '${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }}' | |
# format: 'sarif' | |
# output: 'trivy-results-${{ env.APP_LOWERCASE }}.sarif' | |
# ignore-unfixed: true | |
# - name: Upload Trivy scan results to GitHub Security tab | |
# uses: github/codeql-action/upload-sarif@v2 | |
# with: | |
# sarif_file: 'trivy-results-${{ env.APP_LOWERCASE }}.sarif' | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push image to dev registry | |
run: | | |
docker push ${{ env.DEV_REGISTRY }}/${{ env.APP_LOWERCASE }}:${{ env.BRANCH }} |