Public service #77
Public service #77
Conversation
merged master branch into public-service branch :wq
…blic-service added cmaster branch chnages
…blic-service added chnages from master
commit 4f747bc Author: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com> Date: Tue Apr 22 10:18:22 2025 +0530 Update README.md commit 494b479 Author: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com> Date: Tue Apr 22 10:18:07 2025 +0530 Update the folder structure commit 9de94ef Author: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com> Date: Tue Apr 22 10:06:48 2025 +0530 fix commit ceb0e0c Author: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com> Date: Tue Apr 22 10:03:23 2025 +0530 Updated dependencies commit 38efe90 Author: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com> Date: Tue Apr 22 09:59:08 2025 +0530 Build fixes commit 188a8e7 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 08:36:21 2025 +0530 Added cache clean command in docker file commit 9db5841 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 08:25:43 2025 +0530 Reverted docker file changes commit afc9e07 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 08:20:12 2025 +0530 Added log in docker file to check build issue commit c292dc1 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 08:14:35 2025 +0530 Updated the TL apply page added address and ownership details and enforced styled component resolution commit 88f811f Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 06:58:14 2025 +0530 upgraded the version of ui-components amd added resloution dependency for styled component commit b0f1d1c Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Tue Apr 22 06:39:25 2025 +0530 upgraded the version of ui-components amd removed ui-components from workspace commit c51d0d7 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 17:12:36 2025 +0530 upgraded the version of ui-components commit 2f96c1d Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 16:33:07 2025 +0530 upgrading the version of node commit 835a39a Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 16:25:51 2025 +0530 upgrading the version of node commit 757b754 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 16:16:01 2025 +0530 Removed styled-components from dependency commit cc823e4 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 16:09:47 2025 +0530 added build config in ongoing feature branch commit e3333e5 Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 16:01:07 2025 +0530 reverting the digit-ui-components version to original one commit 9adf4ae Author: Tulika-eGov <tulika.kundu@egovernments.org> Date: Mon Apr 21 15:35:59 2025 +0530 UI : initialized the project structure for UI and added draft apply flow, updated components in fromcomposer Co-Authored-By: Tulika-eGov <74046137+Tulika-eGov@users.noreply.github.com>
#31) * updated the style sheet version and made it similar as micro-ui-internals css versions * Update index.html --------- Co-authored-by: Jagankumar <53823168+jagankumar-egov@users.noreply.github.com>
…er (#32) * refractored the code, corrected the url and removed unncessary debugger * updated the schema code for financial year and accessories
…rvice config data replacement in sms and email field
…licant new details update
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/build.yaml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/build.yaml
22-22: default value "audit-service" of "service" input is not included in its options ""public-service", "studio-pdf-helper-service", "studio-pdf""
(events)
42-42: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
75-75: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
78-78: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
86-86: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 YAMLlint (1.37.1)
.github/workflows/build.yaml
[warning] 38-38: too many spaces after colon
(colons)
🔇 Additional comments (9)
.github/workflows/build.yaml (9)
18-22: Default must be one of the allowed options
audit-servicestill isn’t in theserviceinput choices, so the workflow-dispatch form will error before users can even trigger the pipeline. Please either change the default to one of the listed options or addaudit-serviceto the list.options: - public-service - studio-pdf-helper-service - studio-pdf - default: "audit-service" + default: "public-service"
24-26: Introduce a single Docker org variable and use it everywhereWe’re logging in as
${{ env.DOCKER_USERNAME }}but tagging and querying Docker Hub with the hard-codedegovio/.... This mismatch will break pushes whenever the username differs fromegovio(e.g., personal forks). Please add anORGenv var sourced from repository vars and replace all hard-codedegovio/$DOCKER_USERNAMEusages with$ORGso login, tagging, and Hub API calls stay aligned.env: DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }} + ORG: ${{ vars.DOCKER_ORG }}Then update every tag/URL from
egovio/...or$DOCKER_USERNAME/...to$ORG/....
40-44: Upgrade to Node20-compatible checkout action
actions/checkout@v3is now blocked on GitHub-hosted runners because it still targets Node12, so this workflow will fail before it starts. Please bump to the Node20 release.- - name: Checkout Code - uses: actions/checkout@v3 + - name: Checkout Code + uses: actions/checkout@v4
74-83: Update Buildx setup for Node20 and multi-arch
docker/setup-buildx-action@v2is Node12-based and now rejected, and we’re still missing the QEMU registration required for multi-arch builds. Please add the QEMU step and bump Buildx to@v3.- - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3
77-84: Cache action must be moved to v4
actions/cache@v3is also Node12-only and will be rejected by the runner. Please bump to@v4.- - name: Cache Docker Layers - uses: actions/cache@v3 + - name: Cache Docker Layers + uses: actions/cache@v4
85-89: Update docker/login-action to v3
docker/login-action@v2is now deprecated on Node12 and will fail outright. Please bump to the Node20-ready@v3.- - name: Log in to Docker Hub - uses: docker/login-action@v2 + - name: Log in to Docker Hub + uses: docker/login-action@v3
96-122: Sanitize branch names and keep the raw ref
"${GITHUB_REF##*/}"drops everything before the last slash, sofeature/foo/barcollapses tobar, and the slash characters remain when you re-use the string elsewhere. This breaks the tag derivation logic and makes it impossible to correlate built images back to the original branch. Please captureGITHUB_REF_NAMEseparately and introduce a sanitized variant with/replaced (e.g.,BRANCH_SAFE="${GITHUB_REF_NAME//\//-}") before composing the tag.- BRANCH="${GITHUB_REF##*/}" + FULL_BRANCH="${GITHUB_REF_NAME}" + BRANCH="${FULL_BRANCH//\//-}"Update the rest of the step (and any downstream usage) to use
FULL_BRANCHwhen you need the raw name andBRANCHwhen you build tags.
110-119: Docker Hub queries must use the same org you push toThese Hub API calls still use
$DOCKER_USERNAME, so they won’t find the repo/tags when you eventually push to$ORG/.... Please flip the URLs to$ORGso detection and tagging stay aligned.- REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ - -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/") + REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ + -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/") ... - EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \ + EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/tags?page_size=100" \
135-179: DB paths ignore the selected service folderBoth the existence check and the DB build step hard-code
studio-services/..., so choosing theutilitiesfolder (or any future folder) will never find migrations or build the DB image. Please derive the folder from theservice_folderinput everywhere in this block, and swap the hard-codedegoviofor$ORGwhen tagging/saving the images.- FOLDER_PATH="studio-services/${{ matrix.service }}/scripts/migration" + FOLDER_PATH="${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration"- context: studio-services/${{ matrix.service }}/scripts/migration - file: studio-services/${{ matrix.service }}/scripts/migration/Dockerfile + context: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration + file: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration/Dockerfile push: true tags: | - egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }} + ${{ env.ORG }}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}- IMG="egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }}" + IMG="${{ env.ORG }}/${{ matrix.service }}:${{ steps.tag.outputs.tag }}"- IMG="egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}" + IMG="${{ env.ORG }}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}"
| EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ | ||
| "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \ | ||
| | jq -r '.results[].name') | ||
| LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1) | ||
| NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}" | ||
| fi |
There was a problem hiding this comment.
Fix tag selection pipeline (sorting never runs today)
Because of operator precedence, grep ... || true | sort -V | tail -n 1 only executes the sort|tail branch when grep fails, so successful matches skip sorting and can even hand back multiple lines/newlines as the tag. Please restructure the pipeline so the sort/tail always run on the grep output and only fall back to the default when there are no matches.
- EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \
- "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \
- | jq -r '.results[].name')
- LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1)
+ EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \
+ "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/tags?page_size=100" \
+ | jq -r '.results[].name')
+ LATEST_TAG=$(printf '%s\n' "$EXISTING_TAGS" \
+ | grep "^${BRANCH}-${COMMIT_HASH}" \
+ | sort -V \
+ | tail -n 1 || true)
NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ | |
| "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \ | |
| | jq -r '.results[].name') | |
| LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1) | |
| NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}" | |
| fi | |
| EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ | |
| "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/tags?page_size=100" \ | |
| | jq -r '.results[].name') | |
| LATEST_TAG=$(printf '%s\n' "$EXISTING_TAGS" \ | |
| | grep "^${BRANCH}-${COMMIT_HASH}" \ | |
| | sort -V \ | |
| | tail -n 1 || true) | |
| NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}" |
🤖 Prompt for AI Agents
In .github/workflows/build.yaml around lines 117-122, the pipeline uses `grep
... || true | sort -V | tail -n 1` so the `sort|tail` only runs when `grep`
fails; restructure so the output of `grep` always flows into `sort -V | tail -n
1` and only fall back to the default tag when that final result is empty.
Concretely: capture the grep output (or run the grep in a subshell) and pipe
that output into `sort -V | tail -n1`, then set NEXT_TAG to that result or
`${BRANCH}-${COMMIT_HASH}` if the result is empty.
…tch-3 Public-application service
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (2)
.github/workflows/build.yaml (2)
37-40: Minor YAML: normalize spacing in outputs key.
Extra spaces after colon trigger YAMLlint warning.- db_image: ${{ steps.save_db_image.outputs.db_image }} + db_image: ${{ steps.save_db_image.outputs.db_image }}
166-185: Save outputs using $ORG for consistency (summary too).- IMG="egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }}" + IMG="${{ env.ORG }}/${{ matrix.service }}:${{ steps.tag.outputs.tag }}" @@ - IMG="egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}" + IMG="${{ env.ORG }}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}"
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/build.yaml(1 hunks)build/build-config.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/build.yaml
23-23: default value "audit-service" of "service" input is not included in its options ""public-service", "public-application", "studio-pdf-helper-service", "studio-pdf""
(events)
43-43: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
76-76: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
79-79: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
87-87: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 YAMLlint (1.37.1)
.github/workflows/build.yaml
[warning] 39-39: too many spaces after colon
(colons)
build/build-config.yml
[error] 28-28: syntax error: expected , but found ''
(syntax)
🔇 Additional comments (8)
.github/workflows/build.yaml (7)
43-43: Bump to Node20‑compatible checkout action.- uses: actions/checkout@v3 + uses: actions/checkout@v4
75-91: Upgrade actions and add QEMU for multi‑arch.
Update deprecated versions and register QEMU.- - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Cache Docker Layers - uses: actions/cache@v3 + - name: Cache Docker Layers + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.service }}-${{ github.ref_name }} restore-keys: | ${{ runner.os }}-buildx- - - name: Log in to Docker Hub - uses: docker/login-action@v2 + - name: Log in to Docker Hub + uses: docker/login-action@v3 with: username: ${{ env.DOCKER_USERNAME }} password: ${{ env.DOCKER_PASSWORD }}
97-99: Sanitize branch name for tags (handle slashes).- BRANCH="${GITHUB_REF##*/}" + BRANCH="${GITHUB_REF_NAME//\//-}"
23-23: Fix input default/options mismatch (dispatch UI error).
Default "audit-service" isn’t in options; pick a valid default.- default: "audit-service" + default: "public-service"
25-27: Introduce ORG and use consistently (align push vs Hub API).
Define a single org and reference it everywhere.env: DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }} + ORG: egovio
111-123: Use ORG for Docker Hub queries + fix tag selection pipeline.
Queries currently hit $DOCKER_USERNAME and the grep/sort pipeline runs only on failure; fix both.- REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ - -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/") + REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ + -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/") if [ "$REPO_CHECK" -ne 200 ]; then NEXT_TAG="${BRANCH}-${COMMIT_HASH}" else - EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \ - | jq -r '.results[].name') - LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1) + EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/tags?page_size=100" \ + | jq -r '.results[].name') + LATEST_TAG=$(printf '%s\n' "$EXISTING_TAGS" \ + | grep "^${BRANCH}-${COMMIT_HASH}" \ + | sort -V \ + | tail -n 1 || true) NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}" fi
151-161: Align DB build context/file with service_folder and org; remove trailing space.uses: docker/build-push-action@v5 with: platforms: linux/amd64,linux/arm64 - context: studio-services/${{ matrix.service }}/scripts/migration - file: studio-services/${{ matrix.service }}/scripts/migration/Dockerfile + context: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration + file: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration/Dockerfile push: true tags: | - egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }} + ${{ env.ORG }}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}build/build-config.yml (1)
38-39: Dockerfile path confirmed. The filefrontend/web/docker/Dockerfileexists underfrontend/, so the build-config reference is valid.
| tags: | | ||
| egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }} | ||
| build-args: | | ||
| WORK_DIR=${{ github.event.inputs.service_folder }}/${{ matrix.service }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Tag images under $ORG, not a hardcoded org.
tags: |
- egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }}
+ ${{ env.ORG }}/${{ matrix.service }}:${{ steps.tag.outputs.tag }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| tags: | | |
| egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| WORK_DIR=${{ github.event.inputs.service_folder }}/${{ matrix.service }} | |
| tags: | | |
| ${{ env.ORG }}/${{ matrix.service }}:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| WORK_DIR=${{ github.event.inputs.service_folder }}/${{ matrix.service }} |
🤖 Prompt for AI Agents
.github/workflows/build.yaml around lines 136 to 139: the image tag is hardcoded
to use "egovio/${{ matrix.service }}:..." which pins images to a single org;
change it to use a configurable org variable (for example ${{ env.ORG }} or ${{
github.repository_owner }} or a workflow input like ${{ github.event.inputs.org
}}) so tags become ${ORG}/${{ matrix.service }}:${{ steps.tag.outputs.tag }}; if
using a new env or input, add it to the workflow-level env or inputs and default
it appropriately.
| - name: Check if DB folder exists | ||
| id: check-db-folder | ||
| run: | | ||
| FOLDER_PATH="studio-services/${{ matrix.service }}/scripts/migration" | ||
| if [ -d "$FOLDER_PATH" ]; then | ||
| echo "folder_exists=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "folder_exists=false" >> "$GITHUB_OUTPUT" | ||
| fi |
There was a problem hiding this comment.
Make DB folder detection honor service_folder input.
Currently hardcoded to studio-services/.
- FOLDER_PATH="studio-services/${{ matrix.service }}/scripts/migration"
+ FOLDER_PATH="${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Check if DB folder exists | |
| id: check-db-folder | |
| run: | | |
| FOLDER_PATH="studio-services/${{ matrix.service }}/scripts/migration" | |
| if [ -d "$FOLDER_PATH" ]; then | |
| echo "folder_exists=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "folder_exists=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Check if DB folder exists | |
| id: check-db-folder | |
| run: | | |
| FOLDER_PATH="${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration" | |
| if [ -d "$FOLDER_PATH" ]; then | |
| echo "folder_exists=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "folder_exists=false" >> "$GITHUB_OUTPUT" | |
| fi |
🤖 Prompt for AI Agents
.github/workflows/build.yaml around lines 141 to 149: the DB folder detection
uses a hardcoded "studio-services/" path; change it to reference the workflow
input for service_folder (e.g. use the inputs or an environment variable
provided to the job) so the FOLDER_PATH is built from that input instead of the
literal "studio-services/"; ensure you handle missing input by falling back to a
sensible default and keep the same logic for writing folder_exists to
GITHUB_OUTPUT.
build/build-config.yml
Outdated
| - name: "builds/DIGIT-Studio/studio-services/public-application" | ||
| build: | ||
| - work-dir: "studio-services/public-application" | ||
| image-name: "public-application" | ||
| dockerfile: "build/maven/Dockerfile" | ||
| - work-dir: "studio-services/public-application/scripts/migration" | ||
| image-name: "public-application-db" |
There was a problem hiding this comment.
Fix YAML indentation + trim trailing spaces (syntax error).
YAMLlint flags “expected , but found ''” at Line 28. Align indentation with prior items and remove trailing blanks on Line 34.
- - name: "builds/DIGIT-Studio/studio-services/public-application"
- build:
- - work-dir: "studio-services/public-application"
- image-name: "public-application"
- dockerfile: "build/maven/Dockerfile"
- - work-dir: "studio-services/public-application/scripts/migration"
- image-name: "public-application-db"
+ - name: "builds/DIGIT-Studio/studio-services/public-application"
+ build:
+ - work-dir: "studio-services/public-application"
+ image-name: "public-application"
+ dockerfile: "build/maven/Dockerfile"
+ - work-dir: "studio-services/public-application/scripts/migration"
+ image-name: "public-application-db"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: "builds/DIGIT-Studio/studio-services/public-application" | |
| build: | |
| - work-dir: "studio-services/public-application" | |
| image-name: "public-application" | |
| dockerfile: "build/maven/Dockerfile" | |
| - work-dir: "studio-services/public-application/scripts/migration" | |
| image-name: "public-application-db" | |
| - name: "builds/DIGIT-Studio/studio-services/public-application" | |
| build: | |
| - work-dir: "studio-services/public-application" | |
| image-name: "public-application" | |
| dockerfile: "build/maven/Dockerfile" | |
| - work-dir: "studio-services/public-application/scripts/migration" | |
| image-name: "public-application-db" |
🧰 Tools
🪛 YAMLlint (1.37.1)
[error] 28-28: syntax error: expected , but found ''
(syntax)
🤖 Prompt for AI Agents
In build/build-config.yml around lines 28 to 34, the YAML has incorrect
indentation and trailing spaces causing a sequence/start block error; fix by
aligning the dash entries under the "build:" key to the same indentation level
as other list items (indent the two "- work-dir:" lines one level further so
they are children of "build:"), ensure "image-name" and "dockerfile" are
consistently indented under each list item, and remove any trailing spaces on
line 34 (and other lines) so the file is valid YAML.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
.github/workflows/build.yaml (2)
45-51: Harden yq install (pin checksum).Curling a binary without integrity verification is a supply‑chain risk; verify SHA256.
- name: Install yq run: | VERSION="4.30.8" URL="https://github.com/mikefarah/yq/releases/download/v${VERSION}/yq_linux_amd64" - sudo curl -sSL "$URL" -o /usr/local/bin/yq + curl -sSL "$URL" -o /tmp/yq + curl -sSL "$URL.sha256" -o /tmp/yq.sha256 + sha256sum -c /tmp/yq.sha256 + sudo mv /tmp/yq /usr/local/bin/yq sudo chmod +x /usr/local/bin/yq
29-36: Add least-privilege permissions and concurrency.Reduce token scope and avoid parallel duplicate builds per service/branch.
jobs: build: runs-on: ubuntu-latest + permissions: + contents: read + concurrency: + group: build-${{ matrix.service }}-${{ github.ref_name }} + cancel-in-progress: true
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
.DS_Storeis excluded by!**/.DS_Store
📒 Files selected for processing (2)
.github/workflows/build.yaml(1 hunks)build/build-config.yml(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- build/build-config.yml
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/build.yaml
23-23: default value "audit-service" of "service" input is not included in its options ""public-service", "public-service-init", "studio-pdf-helper-service", "studio-pdf""
(events)
43-43: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
76-76: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
79-79: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
87-87: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 YAMLlint (1.37.1)
.github/workflows/build.yaml
[warning] 39-39: too many spaces after colon
(colons)
🔇 Additional comments (12)
.github/workflows/build.yaml (12)
92-101: Prefer GITHUB_REF_NAME and sanitize for tags.Slash in branch names breaks tags; use sanitized BRANCH and keep FULL_BRANCH if needed.
- BRANCH="${GITHUB_REF##*/}" + BRANCH="${GITHUB_REF_NAME//\//-}" COMMIT_HASH=$(git rev-parse --short HEAD) SERVICE_NAME="${{ matrix.service }}"
128-139: Tag images under $ORG and enable native buildx cache.- name: Build and Push Application Docker Image id: build_push_docker uses: docker/build-push-action@v5 with: platforms: linux/amd64,linux/arm64 context: . file: ${{ env.DOCKERFILE_PATH }} push: true tags: | - egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }} + ${{ env.ORG }}/${{ matrix.service }}:${{ steps.tag.outputs.tag }} build-args: | WORK_DIR=${{ github.event.inputs.service_folder }}/${{ matrix.service }} + cache-from: type=gha + cache-to: type=gha,mode=max
163-173: Save image strings using $ORG for consistency.- name: Save Application Docker Image id: save_docker_image run: | - IMG="egovio/${{ matrix.service }}:${{ steps.tag.outputs.tag }}" + IMG="${ORG}/${{ matrix.service }}:${{ steps.tag.outputs.tag }}" echo "$IMG" echo "docker_image=$IMG" >> "$GITHUB_OUTPUT"
174-185: Save DB image with $ORG.- name: Save Database Docker Image id: save_db_image if: ${{ steps.check-db-folder.outputs.folder_exists == 'true' }} run: | - IMG="egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}" + IMG="${ORG}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}" echo "$IMG" echo "db_image=$IMG" >> "$GITHUB_OUTPUT"
15-23: Fix input default/options mismatch (dispatch will error).Default "audit-service" isn’t in options; set a valid default.
service: description: 'Name of the service to build and deploy' required: true type: choice options: - public-service - public-service-init - studio-pdf-helper-service - studio-pdf - default: "audit-service" + default: "public-service"
25-28: Introduce ORG and use it consistently for tags and Hub API.Define a single org and stop mixing $DOCKER_USERNAME with hardcoded orgs.
env: DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }} + ORG: egovio
41-44: Bump checkout to Node20-compatible version.- - name: Checkout Code - uses: actions/checkout@v3 + - name: Checkout Code + uses: actions/checkout@v4
75-85: Upgrade buildx/cache actions and register QEMU for multi‑arch.- - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3Also bump cache:
- - name: Cache Docker Layers - uses: actions/cache@v3 + - name: Cache Docker Layers + uses: actions/cache@v4
86-91: Upgrade docker/login-action to v3.- - name: Log in to Docker Hub - uses: docker/login-action@v2 + - name: Log in to Docker Hub + uses: docker/login-action@v3
111-123: Align Docker Hub org and fix tag selection pipeline (sorting currently skipped).- REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ - -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/") + REPO_CHECK=$(curl -s -o /dev/null -w '%{http_code}' \ + -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/") if [ "$REPO_CHECK" -ne 200 ]; then NEXT_TAG="${BRANCH}-${COMMIT_HASH}" else - EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ - "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$SERVICE_NAME/tags?page_size=100" \ - | jq -r '.results[].name') - LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1) + EXISTING_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \ + "https://hub.docker.com/v2/repositories/$ORG/$SERVICE_NAME/tags?page_size=100" \ + | jq -r '.results[].name') + LATEST_TAG=$(printf '%s\n' "$EXISTING_TAGS" \ + | grep "^${BRANCH}-${COMMIT_HASH}" \ + | sort -V \ + | tail -n 1 || true) NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}" fi
141-149: Honor service_folder input when checking DB folder.- FOLDER_PATH="studio-services/${{ matrix.service }}/scripts/migration" + FOLDER_PATH="${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration"
151-162: DB build: fix context/file path, remove trailing space, and tag under $ORG.- name: Build and Push Database Docker Image if: ${{ steps.check-db-folder.outputs.folder_exists == 'true' }} id: build_push_db_docker uses: docker/build-push-action@v5 with: platforms: linux/amd64,linux/arm64 - context: studio-services/${{ matrix.service }}/scripts/migration - file: studio-services/${{ matrix.service }}/scripts/migration/Dockerfile + context: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration + file: ${{ github.event.inputs.service_folder }}/${{ matrix.service }}/scripts/migration/Dockerfile push: true tags: | - egovio/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }} + ${{ env.ORG }}/${{ matrix.service }}-db:${{ steps.tag.outputs.tag }}
| outputs: | ||
| docker_image: ${{ steps.save_docker_image.outputs.docker_image }} | ||
| db_image: ${{ steps.save_db_image.outputs.db_image }} | ||
|
|
There was a problem hiding this comment.
YAML style: normalize spacing in outputs.
Too many spaces after colon on db_image; fix for yamllint.
outputs:
docker_image: ${{ steps.save_docker_image.outputs.docker_image }}
- db_image: ${{ steps.save_db_image.outputs.db_image }}
+ db_image: ${{ steps.save_db_image.outputs.db_image }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| outputs: | |
| docker_image: ${{ steps.save_docker_image.outputs.docker_image }} | |
| db_image: ${{ steps.save_db_image.outputs.db_image }} | |
| outputs: | |
| docker_image: ${{ steps.save_docker_image.outputs.docker_image }} | |
| db_image: ${{ steps.save_db_image.outputs.db_image }} |
🧰 Tools
🪛 YAMLlint (1.37.1)
[warning] 39-39: too many spaces after colon
(colons)
🤖 Prompt for AI Agents
.github/workflows/build.yaml around lines 37 to 40: the outputs mapping has
inconsistent spacing after the colon for the db_image key which triggers
yamllint; change the spacing so each key uses a single space after the colon
(e.g., "db_image: ${{ steps.save_db_image.outputs.db_image }}") to normalize
YAML style and keep alignment consistent with the docker_image line.
Summary by CodeRabbit