From b6c1df95f04c2bbbec3ef456af5ab641423f449b Mon Sep 17 00:00:00 2001 From: Anupam Date: Mon, 24 Nov 2025 16:44:25 +0530 Subject: [PATCH 1/2] ci: kzb-33 update build and pr-check workflow --- .github/workflows/build.yml | 41 ++++++++++++++++++++++++++++-- .github/workflows/pull-request.yml | 16 +++++++++--- 2 files changed, 52 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1d9e534..999d6a3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,8 +6,8 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - sonarqube: - name: SonarQube + build: + name: Build runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -18,3 +18,40 @@ jobs: uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to GitHub Docker Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Git commit SHA + id: get_sha + run: echo "GIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Build Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + tags: | + ghcr.io/${{ github.repository }}/eapp:${{ github.event.inputs.environment }}-${{ github.run_number }}-${{ env.GIT_SHA }} + outputs: type=docker,dest=/tmp/eapp.tar + + - name: Push Docker image + if: success() + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + push: true + tags: | + ghcr.io/${{ github.repository }}/eapp:${{ github.event.inputs.environment }}-${{ github.run_number }}-${{ env.GIT_SHA }} + + - name: Log out from Docker Registry + if: always() + run: docker logout ghcr.io diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 198764e..6ee7457 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -12,19 +12,29 @@ on: jobs: pull-request-check: runs-on: ubuntu-latest - steps: - # Checkout the repository code - name: Code checkout id: code_checkout uses: actions/checkout@v4 + # Check PR title prefix to ensure it follows the convention + - name: Check PR title prefix + run: | + echo "PR Title: '${{ github.event.pull_request.title }}'" + + if [[ ! "${{ github.event.pull_request.title }}" =~ ^(ci|feat|fix|chore|docs|refactor): ]]; then + echo "❌ PR title must start with one of: ci:, feat:, fix:, chore:, docs:, refactor:" + exit 1 + else + echo "✅ PR title is valid." + fi + # Scan the repo for any sensitive information like secrets etc - name: Secret Scanning uses: trufflesecurity/trufflehog@main with: path: ./ # Code repository path base: "" # Start scanning from here - head: ${{ github.head_ref || github.ref_name }} # Scan commits until here + head: ${{ github.head_ref || github.ref_name }} # Scan commits until here extra_args: --only-verified From 7649ffa3f709d2320fa6f8e58899b8948354b5d6 Mon Sep 17 00:00:00 2001 From: Anupam Date: Mon, 24 Nov 2025 16:56:31 +0530 Subject: [PATCH 2/2] ci: kzb-33 update build workflow --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 999d6a3..c421c94 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,7 @@ jobs: context: . file: ./Dockerfile tags: | - ghcr.io/${{ github.repository }}/eapp:${{ github.event.inputs.environment }}-${{ github.run_number }}-${{ env.GIT_SHA }} + ghcr.io/${{ github.repository }}/eapp:${{ github.run_number }}-${{ env.GIT_SHA }} outputs: type=docker,dest=/tmp/eapp.tar - name: Push Docker image @@ -50,7 +50,7 @@ jobs: file: ./Dockerfile push: true tags: | - ghcr.io/${{ github.repository }}/eapp:${{ github.event.inputs.environment }}-${{ github.run_number }}-${{ env.GIT_SHA }} + ghcr.io/${{ github.repository }}/eapp:${{ github.run_number }}-${{ env.GIT_SHA }} - name: Log out from Docker Registry if: always()