Skip to content

CHEF-33431: delegate platform-ui docker build to build-docker.sh#59

Merged
sandhi18 merged 10 commits into
mainfrom
vaibhav/CHEF-33431-platform-ui-docker-build-fix
May 28, 2026
Merged

CHEF-33431: delegate platform-ui docker build to build-docker.sh#59
sandhi18 merged 10 commits into
mainfrom
vaibhav/CHEF-33431-platform-ui-docker-build-fix

Conversation

@vaibhavGadre
Copy link
Copy Markdown
Collaborator

@vaibhavGadre vaibhavGadre commented May 25, 2026

Summary

Fixes the Grype Docker image scan for platform-ui in the common CI workflow.

Problem

The common workflow's grype.yml and build-docker-image.yml ran docker build without the BuildKit secret required by the platform-ui Dockerfile (NPM_AZURE_KEY for Azure Artifacts npm packages), causing the build to fail.

Solution

Replace the inline Strategy 0 docker build block in both workflow files with a simple call to the repo's own build-docker.sh script (updated in platform-ui PR #1424).

The script is now fully self-contained and handles:

  • Submodule checkout using GITHUB_TOKEN (with per-submodule branch fallback to main)
  • NPM_AZURE_KEY written to .npmrc.tmp as a BuildKit secret mount
  • docker buildx build --load, image tagged platform-ui:local for Grype scan detection

Changes

  • grype.yml: Strategy 0 block replaced with ./build-docker.sh call + env vars
  • build-docker-image.yml: Same replacement
  • NPM_AZURE_KEY removed from step-level env: block (passed inline to script only)

Env vars passed to script

Var Source
GITHUB_TOKEN secrets.GH_TOKEN — git submodule auth + docker build arg
NPM_AZURE_KEY secrets.NPM_AZURE_KEY — Azure Artifacts npm token
BRANCH_NAME github.head_ref || github.ref_name
GIT_SHA github.sha
APP_VERSION github.ref_name
LOCALES "en"

Testing

platform-ui ci-main-pull-request-checks.yml already points at this feature branch via PR #1424.

vaibhavGadre and others added 4 commits May 15, 2026 14:02
@vaibhavGadre
Add support for NPM Azure Key in Docker build for platform-ui
1f5ca58 
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@vaibhavGadre
update common workflow for testing
df77bd9 
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@vaibhavGadre
Add NPM Azure Key support for platform-ui Docker build and update wor…
0748f20 
…kflow reference

Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@vaibhavGadre
CHEF-33431: delegate platform-ui docker build to build-docker.sh
5589931 
Replace inline Strategy 0 docker build block with a call to the repo's
own build-docker.sh script. The script is now fully self-contained:
- Submodule checkout using GITHUB_TOKEN
- NPM_AZURE_KEY written to .npmrc.tmp as a BuildKit secret
- docker buildx build --load, tagged platform-ui:local

Removes the need to duplicate npm secret / submodule logic in the
common workflow. Only GITHUB_TOKEN, NPM_AZURE_KEY, BRANCH_NAME,
GIT_SHA, APP_VERSION and LOCALES are passed as env vars to the script.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@vaibhavGadre vaibhavGadre added the ai-assisted Changes made with AI assistance label May 25, 2026
@vaibhavGadre vaibhavGadre requested a review from a team as a code owner May 25, 2026 09:39
@vaibhavGadre
CHEF-33431: add platform-ui Strategy 0 to wiz.yml
126bd08 
Add Strategy 0 identical to grype.yml and build-docker-image.yml so
platform-ui docker build delegates to build-docker.sh for Wiz scans.
Handles submodule checkout, NPM_AZURE_KEY secret, and docker buildx build.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@vaibhavGadre
CHEF-33431: remove RUN_ID from build-docker-image.yml Strategy 0
f90199a 
GitHub-hosted runners are ephemeral — no shared Docker daemon between
jobs, so platform-ui:local tag is sufficient and unique per run.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vaibhavGadre and others added 4 commits May 28, 2026 11:05
@vaibhavGadre
reverting testing changes
76c4506 
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@vaibhavGadre
CHEF-33431: detect platform-ui image dynamically after build-docker.sh
13a714b 
Replace hardcoded IMAGES="platform-ui:local" with the same dynamic
grep used by Strategy 1 — detects whatever tag build-docker.sh actually
produced. This decouples the workflow from the script's tag name and
works correctly regardless of branch, PR, push to main, or release.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@vaibhavGadre
testing changes
a06d1e1 
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@vaibhavGadre
reverting testing changes
66d31fc 
Signed-off-by: Vaibhav Gadre <vgadre@progress.com>
@sandhi18 sandhi18 merged commit 2ae5bef into main May 28, 2026
5 checks passed
@sandhi18 sandhi18 deleted the vaibhav/CHEF-33431-platform-ui-docker-build-fix branch May 28, 2026 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandhi18 sandhi18 sandhi18 approved these changes

@shanmugapriya-tr shanmugapriya-tr shanmugapriya-tr approved these changes

@brianLoomis brianLoomis Awaiting requested review from brianLoomis brianLoomis is a code owner

@sean-sype-simmons sean-sype-simmons Awaiting requested review from sean-sype-simmons sean-sype-simmons is a code owner

+1 more reviewer

@vkarve-chef vkarve-chef vkarve-chef approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ai-assisted Changes made with AI assistance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vaibhavGadre @sandhi18 @vkarve-chef @shanmugapriya-tr