Skip to content

Cleanup (Server) #1 - Tasks: A-2, 6, 7, 8 #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MukuFlash03 wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Cleanup (Server) #1 - Tasks: A-2, 6, 7, 8 #983

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
33bd8d5
Task A-6: Switching to step outputs instead of GITHUB_ENV
Sep 21, 2024
96a8213
Task A-2: Storing latest tag in .env file + Task A-8: Prefix branch name
Sep 21, 2024
c1917c4
Task A-7: Removed certificates from external Dockerfile; added intern…
Sep 21, 2024
f2f344c
Task A-2: Added .env file initialized with the current latest tag
Sep 21, 2024
3a01028
Task A-2: Removed artifact upload ; internal script updated
Sep 23, 2024
14b3247
Merge branch 'master' into cicd-cleanup
shankari Apr 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
SERVER_IMAGE_TAG=2024-09-20--06-45
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The committed .env value (SERVER_IMAGE_TAG=2024-09-20--06-45) doesn’t match the new <branch>_<timestamp> format that the workflow writes. Consider updating the checked-in baseline to the same format to avoid confusion and to ensure source .env produces a realistic tag value.

Copilot uses AI. Check for mistakes.
38 changes: 23 additions & 15 deletions .github/workflows/image_build_push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,21 @@ jobs:

steps:
- uses: actions/checkout@v2

- name: Set docker image tags
id: set-tags
run: |
set -a; source .env; set +a
echo "SERVER_IMAGE_TAG=${SERVER_IMAGE_TAG}" >> "$GITHUB_OUTPUT"
echo "Current server image tag (push): ${SERVER_IMAGE_TAG}"

Comment on lines +22 to +28
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Set docker image tags step writes SERVER_IMAGE_TAG to $GITHUB_OUTPUT, but that output is not referenced by any later step/job (the image tag is recomputed from GITHUB_REF and steps.date.outputs.date). Consider removing this step or wiring it into the tag computation to avoid dead/duplicated logic.

Suggested change
- name: Set docker image tags
id: set-tags
run: |
set -a; source .env; set +a
echo "SERVER_IMAGE_TAG=${SERVER_IMAGE_TAG}" >> "$GITHUB_OUTPUT"
echo "Current server image tag (push): ${SERVER_IMAGE_TAG}"

Copilot uses AI. Check for mistakes.
- name: docker login
run: | # log into docker hub account
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD

- name: Get current date # get the date of the build
id: date
run: echo "::set-output name=date::$(date +'%Y-%m-%d--%M-%S')"
run: echo "date=$(date +'%Y-%m-%d--%M-%S')" >> "$GITHUB_OUTPUT"
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The generated tag timestamp format uses %Y-%m-%d--%M-%S (minute/second) but omits the hour, which can cause tag collisions across different hours on the same day (e.g., 01:05:30 vs 02:05:30). Include the hour in the format (e.g., %H-%M-%S) to guarantee uniqueness as intended.

Suggested change
run: echo "date=$(date +'%Y-%m-%d--%M-%S')" >> "$GITHUB_OUTPUT"
run: echo "date=$(date +'%Y-%m-%d--%H-%M-%S')" >> "$GITHUB_OUTPUT"

Copilot uses AI. Check for mistakes.

#Runs a single command using the runners shell
- name: Run a one-line script
Expand All @@ -40,25 +48,26 @@ jobs:
run: |
docker push $DOCKER_USER/${GITHUB_REPOSITORY#*/}:${GITHUB_REF##*/}_${{ steps.date.outputs.date }}

- name: Create a text file
- name: Update .env file
run: |
echo ${{ steps.date.outputs.date }} > tag_file.txt
echo "Created tag text file"
echo "SERVER_IMAGE_TAG=${GITHUB_REF##*/}_${{ steps.date.outputs.date }}" > .env

- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: docker-image-tag
path: tag_file.txt
overwrite: true
- name: Add, Commit, Push changes to .env file
run: |
git config --local user.email "action@github.com"
git config --local user.name "Github Actions bot to update .env with latest tags"
if git diff --quiet; then
echo "Latest timestamp already present in .env file, no changes to commit"
else
git add .env
git commit -m "Updated docker image tags in .env file to the latest timestamp"
git push origin
fi
Comment on lines +51 to +65
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow is triggered on push and then makes a commit and git push back to the same branch. That will re-trigger the workflow and can create an infinite loop of builds/commits. Add a guard (e.g., on.push.paths-ignore for .env, or an if: condition to skip when github.actor is the actions bot / commit message contains a skip marker) so the bot update doesn’t retrigger the pipeline.

Copilot uses AI. Check for mistakes.
Comment on lines +55 to +65
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow pushes a commit with the default GITHUB_TOKEN, but the workflow does not declare permissions: contents: write. On repos with restricted default permissions this git push will fail. Explicitly set the needed workflow/job permissions and push the correct ref (e.g., HEAD:${GITHUB_REF_NAME}) to avoid failures due to detached HEAD or branch ambiguity.

Copilot uses AI. Check for mistakes.

dispatch:
needs: build
runs-on: ubuntu-latest

env:
DOCKER_IMAGE_TAG: ${{ needs.build.outputs.date }}

strategy:
matrix:
include:
Expand All @@ -71,12 +80,11 @@ jobs:
- uses: actions/checkout@v4

- name: Trigger workflow in admin-dash, public-dash
# TODO: Create Fine-grained token with "Actions: write" permissions
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GH_FG_PAT_TAGS }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ matrix.repo }}/actions/workflows/image_build_push.yml/dispatches \
-d '{"ref":"${{ matrix.branch }}", "inputs": {"docker_image_tag" : "${{ env.DOCKER_IMAGE_TAG }}"}}'
-d '{"ref":"${{ matrix.branch }}"}'
2 changes: 2 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# python 3
FROM ubuntu:jammy-20240227

MAINTAINER K. Shankari (k.shankari@nlr.gov)
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MAINTAINER Dockerfile instruction is deprecated and ignored by some tooling. Prefer a LABEL (e.g., OCI labels like org.opencontainers.image.authors or a maintainer label) so metadata is preserved consistently.

Suggested change
MAINTAINER K. Shankari (k.shankari@nlr.gov)
LABEL org.opencontainers.image.authors="K. Shankari (k.shankari@nlr.gov)"

Copilot uses AI. Check for mistakes.

WORKDIR /usr/src/app

RUN apt-get -y -qq update
Expand Down
Loading