CHEF-33431: delegate platform-ui docker build to build-docker.sh#59
Open
vaibhavGadre wants to merge 6 commits into
Open
CHEF-33431: delegate platform-ui docker build to build-docker.sh#59vaibhavGadre wants to merge 6 commits into
vaibhavGadre wants to merge 6 commits into
Conversation
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
…kflow reference Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
Replace inline Strategy 0 docker build block with a call to the repo's own build-docker.sh script. The script is now fully self-contained: - Submodule checkout using GITHUB_TOKEN - NPM_AZURE_KEY written to .npmrc.tmp as a BuildKit secret - docker buildx build --load, tagged platform-ui:local Removes the need to duplicate npm secret / submodule logic in the common workflow. Only GITHUB_TOKEN, NPM_AZURE_KEY, BRANCH_NAME, GIT_SHA, APP_VERSION and LOCALES are passed as env vars to the script. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vaibhavGadre
requested review from
brianLoomis and
sean-sype-simmons
as code owners
Add Strategy 0 identical to grype.yml and build-docker-image.yml so platform-ui docker build delegates to build-docker.sh for Wiz scans. Handles submodule checkout, NPM_AZURE_KEY secret, and docker buildx build. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GitHub-hosted runners are ephemeral — no shared Docker daemon between jobs, so platform-ui:local tag is sufficient and unique per run. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vkarve-chef
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the Grype Docker image scan for
platform-uiin the common CI workflow.Problem
The common workflow's
grype.ymlandbuild-docker-image.ymlrandocker buildwithout the BuildKit secret required by theplatform-uiDockerfile (NPM_AZURE_KEYfor Azure Artifacts npm packages), causing the build to fail.Solution
Replace the inline Strategy 0 docker build block in both workflow files with a simple call to the repo's own
build-docker.shscript (updated in platform-ui PR #1424).The script is now fully self-contained and handles:
GITHUB_TOKEN(with per-submodule branch fallback tomain)NPM_AZURE_KEYwritten to.npmrc.tmpas a BuildKit secret mountdocker buildx build --load, image taggedplatform-ui:localfor Grype scan detectionChanges
grype.yml: Strategy 0 block replaced with./build-docker.shcall + env varsbuild-docker-image.yml: Same replacementNPM_AZURE_KEYremoved from step-levelenv:block (passed inline to script only)Env vars passed to script
GITHUB_TOKENsecrets.GH_TOKEN— git submodule auth + docker build argNPM_AZURE_KEYsecrets.NPM_AZURE_KEY— Azure Artifacts npm tokenBRANCH_NAMEgithub.head_ref || github.ref_nameGIT_SHAgithub.shaAPP_VERSIONgithub.ref_nameLOCALES"en"Testing
platform-ui
ci-main-pull-request-checks.ymlalready points at this feature branch via PR #1424.