From 0c5cce2adc0a4bfe2fe1feb8f876a4014fc4ebaa Mon Sep 17 00:00:00 2001 From: Test User Date: Mon, 20 Apr 2026 16:07:43 +0000 Subject: [PATCH] =?UTF-8?q?fix(ci):=20remove=20auth=20image=20build=20?= =?UTF-8?q?=E2=80=94=20now=20handled=20by=20cartsnitch/auth=20repo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Paperclip --- .github/workflows/ci.yml | 132 ++------------------------------------- 1 file changed, 4 insertions(+), 128 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15993d2..5dc66a7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,6 @@ permissions: env: REGISTRY: ghcr.io IMAGE_NAME: cartsnitch/cartsnitch - AUTH_IMAGE_NAME: cartsnitch/auth RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness API_IMAGE_NAME: cartsnitch/api @@ -198,99 +197,6 @@ jobs: git tag "v${{ steps.calver.outputs.version }}" git push origin "v${{ steps.calver.outputs.version }}" - build-and-push-auth: - runs-on: runners-cartsnitch - if: github.event_name == 'push' - needs: [lint, test, e2e] - outputs: - calver_tag: ${{ steps.calver.outputs.version }} - sha_tag: sha-${{ github.sha }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Generate CalVer tag - id: calver - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - run: | - DATE_TAG=$(date -u +%Y.%m.%d) - EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1) - if [ -z "$EXISTING" ]; then - VERSION="$DATE_TAG" - elif [ "$EXISTING" = "v${DATE_TAG}" ]; then - VERSION="${DATE_TAG}.2" - else - BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//") - VERSION="${DATE_TAG}.$((BUILD_NUM + 1))" - fi - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - - - name: Log in to Docker Hub - if: github.event_name == 'push' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Log in to GHCR - if: github.event_name == 'push' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (auth) - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }} - tags: | - type=sha,prefix=sha-,format=long - type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} - - - name: Build Docker image - uses: docker/build-push-action@v6 - with: - context: ./auth - file: ./auth/Dockerfile - load: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Scan auth image for vulnerabilities - uses: anchore/scan-action@v5 - id: scan - env: - GRYPE_CONFIG: .grype.yaml - with: - image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}" - fail-build: true - severity-cutoff: high - only-fixed: "true" - output-format: sarif - - - name: Upload auth scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: ${{ steps.scan.outputs.sarif }} - - - name: Push Docker image - if: github.event_name == 'push' - uses: docker/build-push-action@v6 - with: - context: ./auth - file: ./auth/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - build-and-push-receiptwitness: runs-on: runners-cartsnitch if: github.event_name == 'push' @@ -477,7 +383,7 @@ jobs: deploy-dev: runs-on: runners-cartsnitch - needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api] + needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api] if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') steps: - name: Generate GitHub App token @@ -518,21 +424,6 @@ jobs: cd infra/apps/overlays/dev kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }} - - name: Determine image tag for auth - id: auth_tag - run: | - if [ "${{ github.ref }}" == "refs/heads/main" ]; then - echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT" - else - echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT" - fi - - - name: Update auth image tag - if: needs.build-and-push-auth.result == 'success' - run: | - cd infra/apps/overlays/dev - kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }} - - name: Determine image tag for receiptwitness id: receiptwitness_tag run: | @@ -570,13 +461,13 @@ jobs: git config user.email "cartsnitch-ci[bot]@users.noreply.github.com" git add apps/overlays/dev/kustomization.yaml git diff --cached --quiet && echo "No image changes to deploy" && exit 0 - git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images" + git commit -m "ci(dev): update cartsnitch, receiptwitness, and api images" git pull --rebase origin main git push origin main deploy-uat: runs-on: runners-cartsnitch - needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api] + needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api] if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main') steps: - name: Generate GitHub App token @@ -617,21 +508,6 @@ jobs: cd infra/apps/overlays/uat kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }} - - name: Determine image tag for auth - id: auth_tag - run: | - if [ "${{ github.ref }}" == "refs/heads/main" ]; then - echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT" - else - echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT" - fi - - - name: Update auth image tag - if: needs.build-and-push-auth.result == 'success' - run: | - cd infra/apps/overlays/uat - kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }} - - name: Determine image tag for receiptwitness id: receiptwitness_tag run: | @@ -669,6 +545,6 @@ jobs: git config user.email "cartsnitch-ci[bot]@users.noreply.github.com" git add apps/overlays/uat/kustomization.yaml git diff --cached --quiet && echo "No image changes to deploy" && exit 0 - git commit -m "ci(uat): update cartsnitch, auth, receiptwitness, and api images" + git commit -m "ci(uat): update cartsnitch, receiptwitness, and api images" git pull --rebase origin main git push origin main