Skip to content

Commit 41c8f32

Browse files
bedattybedatty
authored
feat(build): add build_context_from_working_dir for independent modules (#165)
* feat(build): add build_context_from_working_dir input for independent modules Adds a new boolean input to build.yml and pr-security-scan.yml that uses the component working_dir as Docker build context instead of the repo root. This enables building tools/services with their own go.mod without conflicting with the main project dependencies. * fix(gitops): change enable_docker_login default to false GitOps updates only modify YAML files in the gitops repo and do not pull or push Docker images. Docker login is unnecessary by default and can be explicitly enabled when needed. * fix(gitops): remove trailing spaces and add cd guard for shellcheck Fix pre-existing lint issues: - Remove trailing whitespace from 17 lines - Add || exit 1 to cd commands (SC2164)
1 parent 19abf79 commit 41c8f32

File tree

3 files changed

+37
-29
lines changed

3 files changed

+37
-29
lines changed

.github/workflows/build.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,10 @@ on:
122122
description: 'Force multi-platform build (amd64+arm64) even for beta/rc tags'
123123
type: boolean
124124
default: false
125+
build_context_from_working_dir:
126+
description: 'Use the component working_dir as Docker build context instead of build_context. Useful for independent modules (e.g., tools with their own go.mod).'
127+
type: boolean
128+
default: false
125129

126130
permissions:
127131
contents: read
@@ -281,7 +285,7 @@ jobs:
281285
- name: Build and push Docker image
282286
uses: docker/build-push-action@v7
283287
with:
284-
context: ${{ inputs.build_context }}
288+
context: ${{ inputs.build_context_from_working_dir == true && matrix.app.working_dir || inputs.build_context }}
285289
file: ${{ matrix.app.working_dir }}/${{ inputs.dockerfile_name }}
286290
platforms: ${{ needs.prepare.outputs.platforms }}
287291
push: true

.github/workflows/gitops-update.yml

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -52,9 +52,9 @@ on:
5252
type: string
5353
default: 'v4.44.3'
5454
enable_docker_login:
55-
description: 'Enable Docker Hub login to avoid rate limits'
55+
description: 'Enable Docker Hub login to avoid rate limits. Disabled by default since GitOps updates do not require Docker registry access.'
5656
type: boolean
57-
default: true
57+
default: false
5858
configmap_updates:
5959
description: 'JSON object mapping artifact names to configmap keys (e.g., {"pix.tag": ".pix.configmap.VERSION"})'
6060
type: string
@@ -104,7 +104,7 @@ jobs:
104104
# Determine which servers to deploy to
105105
DEPLOY_FIRMINO="${{ inputs.deploy_in_firmino }}"
106106
DEPLOY_CLOTILDE="${{ inputs.deploy_in_clotilde }}"
107-
107+
108108
echo "deploy_firmino=$DEPLOY_FIRMINO" >> "$GITHUB_OUTPUT"
109109
echo "deploy_clotilde=$DEPLOY_CLOTILDE" >> "$GITHUB_OUTPUT"
110110
echo "Deploy to Firmino: $DEPLOY_FIRMINO"
@@ -144,7 +144,7 @@ jobs:
144144
shell: bash
145145
run: |
146146
set -e
147-
cd gitops
147+
cd gitops || exit 1
148148
git pull origin main
149149
150150
- name: Cleanup old artifacts (self-hosted runner safety)
@@ -179,25 +179,25 @@ jobs:
179179
shell: bash
180180
run: |
181181
echo "Checking for downloaded artifacts..."
182-
182+
183183
# Check if directory exists and has files
184184
if [[ ! -d ".gitops-tags" ]]; then
185185
echo "::error::No artifacts directory found. Build job may have been skipped or failed to produce artifacts."
186186
echo "artifacts_valid=false" >> "$GITHUB_OUTPUT"
187187
exit 1
188188
fi
189-
189+
190190
# Count actual artifact files (not directories)
191191
ARTIFACT_COUNT=$(find .gitops-tags -type f -name "*.tag" 2>/dev/null | wc -l || echo "0")
192-
192+
193193
if [[ "$ARTIFACT_COUNT" -eq 0 ]]; then
194194
echo "::error::No artifact files found in .gitops-tags/. Build job may have been skipped or failed."
195195
echo "Directory contents:"
196196
ls -laR .gitops-tags/ 2>/dev/null || echo "Directory is empty or doesn't exist"
197197
echo "artifacts_valid=false" >> "$GITHUB_OUTPUT"
198198
exit 1
199199
fi
200-
200+
201201
echo "Found $ARTIFACT_COUNT artifact file(s):"
202202
ls -la .gitops-tags/
203203
echo "artifacts_valid=true" >> "$GITHUB_OUTPUT"
@@ -210,7 +210,7 @@ jobs:
210210
211211
# Get app name
212212
APP_NAME="${{ steps.setup.outputs.app_name }}"
213-
213+
214214
# Determine environments to update based on tag type
215215
if [[ "${{ env.IS_BETA }}" == "true" ]]; then
216216
ENVIRONMENTS="dev"
@@ -244,7 +244,7 @@ jobs:
244244
SERVERS="clotilde"
245245
fi
246246
fi
247-
247+
248248
if [[ -z "$SERVERS" ]]; then
249249
echo "No servers selected for deployment. Enable deploy_in_firmino or deploy_in_clotilde."
250250
exit 1
@@ -262,7 +262,7 @@ jobs:
262262
AVAILABLE_ARTIFACTS="${AVAILABLE_ARTIFACTS}${artifact_name} "
263263
fi
264264
done
265-
265+
266266
if [[ -z "$AVAILABLE_ARTIFACTS" ]]; then
267267
echo "No artifacts found in .gitops-tags/"
268268
echo "sync_matrix=[]" >> "$GITHUB_OUTPUT"
@@ -280,10 +280,10 @@ jobs:
280280
local file="$1"
281281
local yaml_path="$2"
282282
local new_tag="$3"
283-
283+
284284
# Extract the key name from yaml path (e.g., ".image.tag" -> "tag")
285285
local key_name="${yaml_path##*.}"
286-
286+
287287
# Use sed to replace only the tag value, preserving all formatting
288288
# This handles patterns like "tag: v1.0.0" or "tag: 'v1.0.0'" or 'tag: "v1.0.0"'
289289
if grep -q "^[[:space:]]*${key_name}:" "$file"; then
@@ -298,21 +298,21 @@ jobs:
298298
for SERVER in $SERVERS; do
299299
for ENV in $ENVIRONMENTS; do
300300
VALUES_FILE="gitops/environments/${SERVER}/helmfile/applications/${ENV}/${APP_NAME}/values.yaml"
301-
301+
302302
echo ""
303303
echo "Processing: $SERVER/$ENV"
304304
echo " Path: $VALUES_FILE"
305-
305+
306306
# Check if file exists
307307
if [[ ! -f "$VALUES_FILE" ]]; then
308308
echo " WARNING: Values file not found for ${SERVER}/${ENV}: ${VALUES_FILE}"
309309
MISSING_FILES="${MISSING_FILES}${SERVER}/${ENV}:${VALUES_FILE}\n"
310310
continue
311311
fi
312-
312+
313313
# Track if any changes were made to this file
314314
FILE_CHANGED=false
315-
315+
316316
# Apply mappings from inputs - only if artifact exists
317317
MAPPINGS='${{ inputs.yaml_key_mappings }}'
318318
while IFS='|' read -r artifact_key yaml_key; do
@@ -334,7 +334,7 @@ jobs:
334334
fi
335335
fi
336336
done < <(echo "$MAPPINGS" | jq -r 'to_entries[] | "\(.key)|\(.value)"')
337-
337+
338338
# Apply configmap updates if configured - only if artifact exists
339339
if [[ -n "${{ inputs.configmap_updates }}" ]]; then
340340
CONFIGMAP_MAPPINGS='${{ inputs.configmap_updates }}'
@@ -356,7 +356,7 @@ jobs:
356356
fi
357357
done < <(echo "$CONFIGMAP_MAPPINGS" | jq -r 'to_entries[] | "\(.key)|\(.value)"')
358358
fi
359-
359+
360360
# Only track as updated if changes were actually made
361361
if [[ "$FILE_CHANGED" == "true" ]]; then
362362
UPDATED_FILES="${UPDATED_FILES}${VALUES_FILE}\n"
@@ -378,7 +378,7 @@ jobs:
378378
else
379379
echo "No files were updated"
380380
fi
381-
381+
382382
if [[ -n "$MISSING_FILES" ]]; then
383383
echo ""
384384
echo "Missing files (skipped):"
@@ -388,7 +388,7 @@ jobs:
388388
# Save updated servers/envs for ArgoCD sync - only include files that actually changed
389389
if [[ -n "$UPDATED_SERVERS_ENVS" ]]; then
390390
echo -e "$UPDATED_SERVERS_ENVS" | grep -v '^$' > /tmp/updated_servers_envs.txt
391-
391+
392392
# Output sync targets as JSON array for matrix job
393393
SYNC_MATRIX=$(echo -e "$UPDATED_SERVERS_ENVS" | grep -v '^$' | while IFS=: read -r s e; do
394394
[[ -n "$s" && -n "$e" ]] && echo "{\"server\":\"$s\",\"env\":\"$e\"}"
@@ -400,7 +400,7 @@ jobs:
400400
echo "sync_matrix=[]" >> "$GITHUB_OUTPUT"
401401
echo "has_sync_targets=false" >> "$GITHUB_OUTPUT"
402402
fi
403-
403+
404404
COUNT=0
405405
if [[ -n "$UPDATED_FILES" ]]; then
406406
COUNT=$(echo -e "$UPDATED_FILES" | grep -c -v '^$' || true)
@@ -410,7 +410,7 @@ jobs:
410410
- name: Show git diff
411411
shell: bash
412412
run: |
413-
cd gitops
413+
cd gitops || exit 1
414414
echo "Changes to be committed:"
415415
git diff --stat
416416
echo ""
@@ -432,17 +432,17 @@ jobs:
432432
- name: Commit & push (GitOps)
433433
run: |
434434
set -e
435-
cd gitops
436-
435+
cd gitops || exit 1
436+
437437
# Get env label from apply_tags step
438438
ENV_LABEL="${{ steps.apply_tags.outputs.env_label }}"
439-
439+
440440
# Check if there are changes to commit
441441
if git diff --quiet; then
442442
echo "No changes to commit"
443443
exit 0
444444
fi
445-
445+
446446
git commit -am "ci(${{ steps.setup.outputs.commit_prefix }}): update image tags ($ENV_LABEL)" || echo "No changes to commit"
447447
git push origin main
448448

.github/workflows/pr-security-scan.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,10 @@ on:
6767
description: 'Enable Docker Hub Health Score compliance checks (non-root user, CVEs, licenses)'
6868
type: boolean
6969
default: true
70+
build_context_from_working_dir:
71+
description: 'Use the component working_dir as Docker build context instead of repo root. Useful for independent modules (e.g., tools with their own go.mod).'
72+
type: boolean
73+
default: false
7074

7175
permissions:
7276
id-token: write # Required for OIDC authentication
@@ -151,7 +155,7 @@ jobs:
151155
if: always() && inputs.enable_docker_scan
152156
uses: docker/build-push-action@v7
153157
with:
154-
context: ${{ inputs.monorepo_type == 'type2' && matrix.working_dir == inputs.frontend_folder && inputs.frontend_folder || '.' }}
158+
context: ${{ inputs.build_context_from_working_dir == true && matrix.working_dir || (inputs.monorepo_type == 'type2' && matrix.working_dir == inputs.frontend_folder && inputs.frontend_folder || '.') }}
155159
file: ${{ env.DOCKERFILE_PATH }}
156160
platforms: linux/amd64
157161
load: true

0 commit comments

Comments
 (0)