Skip to content
Build and Publish

BN-41 | Add. i18n Support #45

Sign in to view logs

BN-41 | Add. i18n Support

BN-41 | Add. i18n Support #45

Workflow file for this run

.github/workflows/build-and-publish.yml at faead6c
name: Build and Publish
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
env:
IMAGE_NAME: ghcr.io/bahnew/clinical-frontend
NODE_VERSION: '22'
jobs:
lint-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Lint
run: yarn lint
- name: Run tests
run: yarn test
- name: Scan for package vulnerabilities
uses: aquasecurity/trivy-action@0.30.0
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'
build-and-publish:
needs: lint-and-test
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Extract version
id: package-version
run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
- name: Build
run: yarn build
- name: Cache build artifacts
uses: actions/cache@v3
with:
path: dist
key: ${{ runner.os }}-build-${{ github.sha }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build and push to a temporary tag for scanning
- name: Build and push multi-arch image (temp)
uses: docker/build-push-action@v5
with:
context: .
file: package/docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.IMAGE_NAME }}:scan-${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Scan the pushed image
- name: Scan Docker image for vulnerabilities
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: '${{ env.IMAGE_NAME }}:scan-${{ github.sha }}'
format: 'table'
exit-code: '1'
severity: 'CRITICAL'
# If scan passes, tag the image with final tags
- name: Tag image with final tags
if: success()
run: |
# Tag the scanned image with final tags
docker buildx imagetools create \
--tag ${{ env.IMAGE_NAME }}:latest \
--tag ${{ env.IMAGE_NAME }}:v${{ steps.package-version.outputs.version }}-${{github.run_number}} \
${{ env.IMAGE_NAME }}:scan-${{ github.sha }}
# This step dispatches an event to the utils repo to trigger downstream deployments
- name: Repository Dispatch
if: success()
run: |
# Using GitHub's built-in REST API for repository dispatch
curl -X POST \
-H "Authorization: token ${{ secrets.INFRA_GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/bahnew/utils/dispatches \
-d '{"event_type":"clinical-frontend-publish","client_payload":{"version":"v${{ steps.package-version.outputs.version }}","sha":"${{ github.sha }}"}}'
# Cleanup the older Docker images from GitHub Container Registry
- name: Cleanup temporary Docker tags
if: always() # This ensures the step runs even if previous steps fail
uses: actions/delete-package-versions@v5
with:
owner: 'bahnew'
package-name: 'clinical-frontend'
package-type: 'container'
min-versions-to-keep: 6
token: ${{ secrets.GITHUB_TOKEN }}