From 99a27fbdb82da9960ecdb73d46fb64a2eef39c3e Mon Sep 17 00:00:00 2001
From: Hitesh Jain <jainhitesh9998@gmail.com>
Date: Wed, 5 Feb 2025 10:13:33 +0530
Subject: [PATCH] INJICERT-661 Updated github actions

Signed-off-by: Hitesh Jain <jainhitesh9998@gmail.com>
---
 .github/workflows/push-trigger.yml | 118 ++++++++++++++++-------------
 1 file changed, 64 insertions(+), 54 deletions(-)

diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index 125ac8b3..04e91cc8 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -35,39 +35,8 @@ jobs:
       GPG_SECRET: ${{ secrets.GPG_SECRET }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
-  build-maven-inji-certify-with-plugins:
-    needs: build-maven-inji-certify
-    runs-on: ubuntu-latest
-    env:
-      NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
-      SERVICE_LOCATION: ./certify-service-with-plugins
-      BUILD_ARTIFACT: inji-certify-with-plugins
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: 21
-          server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
-          settings-path: ${{ github.workspace }} # location for the settings.xml file
-      - name: Setup the settings file for ossrh server
-        run: echo "<settings> <servers>  <server>  <id>ossrh</id>    <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile>     <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation>  <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id>       <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository>        <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository>  <repository>         <id>releases-repo</id>  <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>         <releases><enabled>true</enabled></releases>         <snapshots><enabled>false</enabled></snapshots> </repository> </repositories>  </profile> <profile> <id>sonar</id> <properties>  <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url>  </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml
-      - name: Build Certify with plugin with Maven
-        run: |
-          cd ${{ env.SERVICE_LOCATION}}
-          mvn clean package -s $GITHUB_WORKSPACE/settings.xml
-      - name: Ready the plugin jars
-        if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
-        run: |
-          ## FIND JARS & COPY ONLY EXECUTABLE JARs STORED UNDER TARGET DIRECTORY 
-          find ${{ env.SERVICE_LOCATION }} -path '**/target/**/*.jar' -exec zip ${{ env.BUILD_ARTIFACT }}.zip {} +
-      - name: Upload the plugin jars
-        if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ env.BUILD_ARTIFACT }}
-          path: ${{ env.BUILD_ARTIFACT }}.zip
+
+
 
 
   publish_to_nexus:
@@ -106,27 +75,68 @@ jobs:
       RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
-  build-dockers-inji-certify-with-plugins:
-    needs: [build-dockers, build-maven-inji-certify-with-plugins]
-    strategy:
-      matrix:
-        include:
-          - SERVICE_LOCATION: 'certify-service-with-plugins'
-            SERVICE_NAME: 'inji-certify-with-plugins'
-            BUILD_ARTIFACT: 'inji-certify-with-plugins'
-      fail-fast: false
-    name: ${{ matrix.SERVICE_NAME }}
-    uses: mosip/kattu/.github/workflows/docker-build.yml@master-java21
-    with:
-      SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}
-      SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
-      BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }}
-      ONLY_DOCKER: true
-    secrets:
-      DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
-      ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
-      RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}x`
+  build-inji-certify-with-plugins:
+    needs: [ build-dockers ]
+    runs-on: ubuntu-latest
+    env:
+      NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
+      SERVICE_LOCATION: ./certify-service-with-plugins
+      BUILD_ARTIFACT: inji-certify-with-plugins
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: 21
+          server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+          settings-path: ${{ github.workspace }} # location for the settings.xml file
+      - name: Setup the settings file for ossrh server
+        run: echo "<settings> <servers>  <server>  <id>ossrh</id>    <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile>     <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation>  <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id>       <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository>        <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository>  <repository>         <id>releases-repo</id>  <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>         <releases><enabled>true</enabled></releases>         <snapshots><enabled>false</enabled></snapshots> </repository> </repositories>  </profile> <profile> <id>sonar</id> <properties>  <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url>  </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml
+      - name: Build Certify with plugin with Maven
+        run: |
+          cd ${{ env.SERVICE_LOCATION}}
+          mvn clean package -s $GITHUB_WORKSPACE/settings.xml
+      - name: Build check for Docker label
+        run: |
+          cd ${{ inputs.SERVICE_LOCATION }}
+          for layer in  ARG\\s+SOURCE ARG\\s+COMMIT_HASH ARG\\s+COMMIT_ID ARG\\s+BUILD_TIME LABEL\\s+source=\\$\\{SOURCE\\} LABEL\\s+commit_hash=\\$\\{COMMIT_HASH\\} LABEL\\s+commit_id=\\$\\{COMMIT_ID\\} LABEL\\s+build_time=\\$\\{BUILD_TIME\\}; do
+            layer_count=$( grep -Ev '^$' Dockerfile | grep -Ec "$layer" || true);
+
+            if [[ $layer_count -ne 1 ]]; then
+              dlayer=$( echo $layer | sed -E 's/\\s\+/ /g' | sed -E 's/\\//g' )
+              echo "Docker layer : \"$dlayer\" not found; EXITING";
+              exit 1;
+            fi
+          done
+
+      - name: Build image
+        run: |
+          cd ${{ inputs.SERVICE_LOCATION }}
+          docker build . --build-arg SOURCE=mosip --build-arg COMMIT_HASH=$(git rev-parse HEAD) --build-arg COMMIT_ID=$(git rev-parse --short HEAD) --build-arg BUILD_TIME=$BUILD_TIME --file Dockerfile --tag ${{ env.SERVICE_NAME }}
+
+      - name: Log into registry
+        if: "${{ github.event_name != 'pull_request' }}"
+        run: echo "${{secrets.RELEASE_DOCKER_HUB}}" | docker login -u ${{secrets.ACTOR_DOCKER_HUB}} --password-stdin
+
+      - name: Push image
+        if: "${{ github.event_name != 'pull_request' }}"
+        run: |
+          IMAGE_ID=$NAMESPACE/$SERVICE_NAME
+
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+          echo "push version ${{steps.getPomVersion.outputs.info}}"
+          if [[ $BRANCH_NAME == master ]]; then
+          VERSION=latest
+          else
+          VERSION=$BRANCH_NAME
+          fi
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+          docker tag $SERVICE_NAME $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION
+
 
   sonar_analysis:
     needs: build-maven-inji-certify