JS-985 Add A3S Docker image build and publish workflow

zglicz · claude · zglicz · commit c184c0b3b9e1 · 2025-12-22T14:45:53.000+01:00
Build the JavaScript gRPC bundle and publish to ECR for A3S deployment. Uses Dev5 GitHub Environment for AWS OIDC authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/.github/workflows/docker-a3s.yml b/.github/workflows/docker-a3s.yml
@@ -0,0 +1,92 @@
+name: Build A3S Docker Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build Docker image from'
+        required: true
+        type: string
+  push:
+    branches:
+      - mz/js-985-a3s-docker-workflow
+
+jobs:
+  get_build_number:
+    runs-on: github-ubuntu-latest-s
+    name: Get build number
+    permissions:
+      id-token: write
+      contents: read
+    outputs:
+      BUILD_NUMBER: ${{ steps.get-build-number.outputs.BUILD_NUMBER }}
+    steps:
+      - uses: SonarSource/ci-github-actions/get-build-number@master
+        id: get-build-number
+
+  build_and_publish:
+    name: Build and publish Docker image
+    runs-on: github-ubuntu-latest-m
+    needs: get_build_number
+    environment: Staging
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      BUILD_NUMBER: ${{ needs.get_build_number.outputs.BUILD_NUMBER }}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch || github.ref }}
+
+      - uses: jdx/mise-action@v3.5.1
+        with:
+          version: 2025.11.2
+          mise_toml: |
+            [tools]
+            node = "24.11.0"
+
+      - name: Access vault secrets
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
+
+      - name: Configure npm registry
+        run: |
+          npm config set //repox.jfrog.io/artifactory/api/npm/:_authToken=${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+          npm config set registry https://repox.jfrog.io/artifactory/api/npm/npm/
+
+      - name: Install NPM dependencies
+        run: npm ci
+
+      - name: Build bundle for Docker
+        run: npm run grpc:build
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::718197818630:role/${{ vars.CICD_ROLE }}
+          aws-region: eu-central-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: "982534363626" # SharedServices Dev Account
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/arm64
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/a3s/javascript:${{ env.BUILD_NUMBER }}
+            ${{ steps.login-ecr.outputs.registry }}/a3s/javascript:latest
