From 039bee57f044250ccff0358711a74aab3629e95a Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Mon, 17 Nov 2025 14:27:17 +0100 Subject: [PATCH 1/7] chore: rename container script Signed-off-by: Ruben Romero Montes --- docker-image/Dockerfiles/Dockerfile | 8 ++++---- docker-image/scripts/{rhda.sh => trustify-da.sh} | 0 2 files changed, 4 insertions(+), 4 deletions(-) rename docker-image/scripts/{rhda.sh => trustify-da.sh} (100%) diff --git a/docker-image/Dockerfiles/Dockerfile b/docker-image/Dockerfiles/Dockerfile index 5837821..6e1432d 100644 --- a/docker-image/Dockerfiles/Dockerfile +++ b/docker-image/Dockerfiles/Dockerfile @@ -20,7 +20,7 @@ RUN curl -kL https://go.dev/dl/go1.21.5.linux-amd64.tar.gz -o /tmp/golang-packag RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux64 -o /usr/bin/jq # Copy RHDA script (before changing WORKDIR) -COPY docker-image/scripts/rhda.sh /rhda.sh +COPY docker-image/scripts/trustify-da.sh /trustify-da.sh # Copy project files and install Exhort javascript API locally WORKDIR /app @@ -38,7 +38,7 @@ RUN chmod +x /usr/jdk-21.0.1/bin/java \ && chmod +x /usr/bin/jq \ && chmod +x /app/dist/src/cli.js \ && chmod +x /app/node_modules/.bin/trustify-da-javascript-client \ - && chmod +x /rhda.sh + && chmod +x /trustify-da.sh # use default user USER default @@ -91,5 +91,5 @@ COPY --from=builder /usr/bin/jq /usr/bin/jq # Copy trustify-da-javascript-client from the builder stage COPY --from=builder /app /app -# Copy RHDA executable script from the builder stage -COPY --from=builder /rhda.sh /rhda.sh +# Copy trustify-da-javascript-client executable script from the builder stage +COPY --from=builder /trustify-da.sh /trustify-da.sh diff --git a/docker-image/scripts/rhda.sh b/docker-image/scripts/trustify-da.sh similarity index 100% rename from docker-image/scripts/rhda.sh rename to docker-image/scripts/trustify-da.sh From 360099646fe8e7e3c8792002e0222ed7ab330f7d Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Mon, 17 Nov 2025 14:40:27 +0100 Subject: [PATCH 2/7] chore: suffix -dev for non release images Signed-off-by: Ruben Romero Montes --- .github/workflows/push-to-registry.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml index a3585d6..00e3c04 100644 --- a/.github/workflows/push-to-registry.yml +++ b/.github/workflows/push-to-registry.yml @@ -41,13 +41,19 @@ jobs: - name: Get package version id: package-version run: | - # Use git tag if available (for tag-triggered builds), otherwise use package.json + # Use git tag if available (for tag-triggered builds), otherwise use base version with -dev suffix if [ -n "${{ github.ref_type }}" ] && [ "${{ github.ref_type }}" = "tag" ]; then # Remove 'v' prefix if present (e.g., v1.0.0 -> 1.0.0) VERSION="${{ github.ref_name }}" VERSION="${VERSION#v}" else - VERSION=$(node -p "require('./package.json').version") + # For branch pushes (like main), use base version with -dev suffix + BASE_VERSION=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') + if [ "${{ github.ref }}" = "refs/heads/main" ]; then + VERSION="${BASE_VERSION}-dev" + else + VERSION="$BASE_VERSION" + fi fi echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Package version: $VERSION" From 9b3537b506ad6ad3c4499a15ea8a3595f5727faf Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Mon, 17 Nov 2025 17:24:42 +0100 Subject: [PATCH 3/7] chore: use commit sha for image tagging Signed-off-by: Ruben Romero Montes --- .github/workflows/push-to-registry.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml index 00e3c04..3559e1d 100644 --- a/.github/workflows/push-to-registry.yml +++ b/.github/workflows/push-to-registry.yml @@ -47,10 +47,11 @@ jobs: VERSION="${{ github.ref_name }}" VERSION="${VERSION#v}" else - # For branch pushes (like main), use base version with -dev suffix + # For branch pushes (like main), use base version with -dev suffix and commit SHA BASE_VERSION=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') if [ "${{ github.ref }}" = "refs/heads/main" ]; then - VERSION="${BASE_VERSION}-dev" + SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) + VERSION="${BASE_VERSION}-ea-${SHORT_SHA}" else VERSION="$BASE_VERSION" fi From d245de501aec2df2ca27b2d68532ab2471e7be4f Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Mon, 17 Nov 2025 17:54:14 +0100 Subject: [PATCH 4/7] chore: use commit sha for image tagging Signed-off-by: Ruben Romero Montes --- .github/workflows/push-to-registry.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml index 3559e1d..2476301 100644 --- a/.github/workflows/push-to-registry.yml +++ b/.github/workflows/push-to-registry.yml @@ -3,12 +3,16 @@ name: Push to registry on: - push: + workflow_run: + workflows: ["Integration Tests"] + types: + - completed branches: - main - - 'release/*' + push: tags: - - '*' + - 'v*.*.*' + - '*.*.*' workflow_dispatch: env: @@ -17,6 +21,10 @@ env: jobs: build-and-push: + if: | + github.event_name == 'workflow_run' && + github.event.workflow_run.head_branch == 'main' && + github.event.workflow_run.event == 'push' runs-on: ubuntu-latest permissions: contents: read @@ -50,8 +58,8 @@ jobs: # For branch pushes (like main), use base version with -dev suffix and commit SHA BASE_VERSION=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') if [ "${{ github.ref }}" = "refs/heads/main" ]; then - SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) - VERSION="${BASE_VERSION}-ea-${SHORT_SHA}" + SHORT_SHA=$(git rev-parse --short "${{ github.sha }}") + VERSION="${BASE_VERSION}-ea.${SHORT_SHA}" else VERSION="$BASE_VERSION" fi From 1659572d2d2a35ca5eeff242b6fae96e51b78450 Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Tue, 18 Nov 2025 09:43:23 +0100 Subject: [PATCH 5/7] chore: use -ea.COMMIT_SHA suffix Signed-off-by: Ruben Romero Montes --- .github/workflows/push-to-registry.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml index 2476301..cf1b8ff 100644 --- a/.github/workflows/push-to-registry.yml +++ b/.github/workflows/push-to-registry.yml @@ -49,13 +49,13 @@ jobs: - name: Get package version id: package-version run: | - # Use git tag if available (for tag-triggered builds), otherwise use base version with -dev suffix + # Use git tag if available (for tag-triggered builds), otherwise use base version with -ea.COMMIT_SHA suffix if [ -n "${{ github.ref_type }}" ] && [ "${{ github.ref_type }}" = "tag" ]; then # Remove 'v' prefix if present (e.g., v1.0.0 -> 1.0.0) VERSION="${{ github.ref_name }}" VERSION="${VERSION#v}" else - # For branch pushes (like main), use base version with -dev suffix and commit SHA + # For branch pushes (like main), use base version with -ea.COMMIT_SHA suffix BASE_VERSION=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') if [ "${{ github.ref }}" = "refs/heads/main" ]; then SHORT_SHA=$(git rev-parse --short "${{ github.sha }}") From e4f62c27af5d78b2d99bc30f7b9ad3a1d9174eeb Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Tue, 18 Nov 2025 09:50:49 +0100 Subject: [PATCH 6/7] chore: no need to restore the version Signed-off-by: Ruben Romero Montes --- .github/workflows/publish.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 081f992..b3d65e4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -70,11 +70,8 @@ jobs: run: | SHORT_SHA=$(git rev-parse --short "${{ github.event.workflow_run.head_sha }}") EA_VERSION="${{ steps.current-version.outputs.base-version }}-ea.${SHORT_SHA}" - # Temporarily update version for publish npm version "$EA_VERSION" --no-git-tag-version npm publish --verbose --tag ea --access public --provenance - # Restore original version - npm version "${{ steps.current-version.outputs.base-version }}" --no-git-tag-version publish-release: if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') From 09be744629ff5534dce703bbde9822081165bc08 Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Tue, 18 Nov 2025 12:19:19 +0100 Subject: [PATCH 7/7] chore: remove unused trigger and make conditions safer Signed-off-by: Ruben Romero Montes --- .github/workflows/publish.yml | 7 +--- .github/workflows/push-to-registry.yml | 56 ++++++++++++++------------ 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b3d65e4..598a585 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,12 +7,9 @@ on: workflows: ["Integration Tests"] types: - completed - branches: - - main push: tags: - 'v*.*.*' - - '*.*.*' permissions: contents: write @@ -22,8 +19,8 @@ jobs: publish-ea: if: | github.event_name == 'workflow_run' && - github.event.workflow_run.head_branch == 'main' && - github.event.workflow_run.event == 'push' + github.event.workflow_run.event == 'push' && + github.event.workflow_run.head_branch == 'main' runs-on: ubuntu-latest name: Publish EA release to NPM steps: diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml index cf1b8ff..1bf89b2 100644 --- a/.github/workflows/push-to-registry.yml +++ b/.github/workflows/push-to-registry.yml @@ -7,12 +7,9 @@ on: workflows: ["Integration Tests"] types: - completed - branches: - - main push: tags: - 'v*.*.*' - - '*.*.*' workflow_dispatch: env: @@ -22,9 +19,18 @@ env: jobs: build-and-push: if: | - github.event_name == 'workflow_run' && - github.event.workflow_run.head_branch == 'main' && - github.event.workflow_run.event == 'push' + ( + github.event_name == 'workflow_run' && + github.event.workflow_run.event == 'push' && + github.event.workflow_run.head_branch == 'main' + ) + || + ( + github.event_name == 'push' && + startsWith(github.ref, 'refs/tags/') + ) + || + github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest permissions: contents: read @@ -46,26 +52,26 @@ jobs: - name: Compile project run: npm run compile - - name: Get package version - id: package-version + - name: Determine package version + id: version run: | - # Use git tag if available (for tag-triggered builds), otherwise use base version with -ea.COMMIT_SHA suffix - if [ -n "${{ github.ref_type }}" ] && [ "${{ github.ref_type }}" = "tag" ]; then - # Remove 'v' prefix if present (e.g., v1.0.0 -> 1.0.0) - VERSION="${{ github.ref_name }}" - VERSION="${VERSION#v}" + if [ "${GITHUB_EVENT_NAME}" = "push" ] && [[ "${GITHUB_REF}" =~ refs/tags/ ]]; then + # Release tag + VERSION="${GITHUB_REF#refs/tags/v}" + EA_BUILD=false + elif [ "${GITHUB_REF}" = "refs/heads/main" ]; then + # EA build for main + BASE=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') + SHORT_SHA=$(git rev-parse --short "${GITHUB_SHA}") + VERSION="${BASE}-ea.${SHORT_SHA}" + EA_BUILD=true else - # For branch pushes (like main), use base version with -ea.COMMIT_SHA suffix - BASE_VERSION=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//') - if [ "${{ github.ref }}" = "refs/heads/main" ]; then - SHORT_SHA=$(git rev-parse --short "${{ github.sha }}") - VERSION="${BASE_VERSION}-ea.${SHORT_SHA}" - else - VERSION="$BASE_VERSION" - fi + echo "Not building image for this branch" + exit 0 fi + echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "Package version: $VERSION" + echo "ea_build=$EA_BUILD" >> $GITHUB_OUTPUT - name: Get image metadata id: image-meta @@ -83,14 +89,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=${{ steps.package-version.outputs.version }} + type=raw,value=latest,enable=${{ steps.version.outputs.ea_build == 'true' }} + type=raw,value=${{ steps.version.outputs.version }} - name: Build and push Docker image uses: docker/build-push-action@v5