2424 fetch-depth : 0
2525
2626 - name : Debug repository structure
27+ shell : bash
2728 run : |
2829 echo "Checking repository structure..."
2930 echo "Root directory:"
@@ -53,19 +54,19 @@ jobs:
5354 password : ${{ secrets.GITHUB_TOKEN }}
5455
5556 - name : Build External Base Image
57+ shell : bash
5658 run : |
57- # Debug what Docker files exist
58- echo "Looking for external Dockerfile..."
59- EXTERNAL_DOCKERFILE=$(find . -name "Dockerfile" -path "*/external/*" | head -n 1)
59+ # Simplify Dockerfile discovery with more robust approach
60+ echo "Looking for Dockerfiles..."
61+ echo "All Dockerfiles in repository:"
62+ find . -name "Dockerfile" -type f | tee all_dockerfiles.txt
63+
64+ # Pick the first Dockerfile for external dependencies
65+ EXTERNAL_DOCKERFILE=$(head -n 1 all_dockerfiles.txt)
6066
6167 if [ -z "$EXTERNAL_DOCKERFILE" ]; then
62- echo "No external Dockerfile found, looking for any Dockerfile..."
63- EXTERNAL_DOCKERFILE=$(find . -name "Dockerfile" | grep -v "context" | head -n 1)
64-
65- if [ -z "$EXTERNAL_DOCKERFILE" ]; then
66- echo "ERROR: No Dockerfile found for external dependencies"
67- exit 1
68- fi
68+ echo "ERROR: No Dockerfiles found in repository"
69+ exit 1
6970 fi
7071
7172 echo "Using Dockerfile at: $EXTERNAL_DOCKERFILE"
@@ -82,29 +83,26 @@ jobs:
8283 DATE_VERSION="$(date +%Y%m%d)-${SHORT_SHA:0:8}"
8384 docker tag ghcr.io/${{ github.repository_owner }}/biogears-hari-external:latest ghcr.io/${{ github.repository_owner }}/biogears-hari-external:${DATE_VERSION}
8485
85- # Get image digest
86- EXTERNAL_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ github.repository_owner }}/biogears-hari-external:latest 2>/dev/null || docker images --no-trunc --quiet ghcr.io/${{ github.repository_owner }}/biogears-hari-external:latest)
86+ # Get image digest and save to file
87+ EXTERNAL_DIGEST=$(docker images --no-trunc --quiet ghcr.io/${{ github.repository_owner }}/biogears-hari-external:latest)
8788 echo "EXTERNAL_DIGEST=$EXTERNAL_DIGEST" > image-digests.txt
8889 echo "EXTERNAL_VERSION=$DATE_VERSION" >> image-digests.txt
8990 echo "EXTERNAL_DOCKERFILE=$EXTERNAL_DOCKERFILE" >> image-digests.txt
9091 echo "External image digest: $EXTERNAL_DIGEST"
9192
9293 - name : Build BioGears with Docker
94+ shell : bash
9395 run : |
94- source image-digests.txt
96+ # Use . instead of source for POSIX shell compatibility
97+ . ./image-digests.txt || { echo "Failed to load image-digests.txt"; cat ./image-digests.txt; }
9598
96- # Debug what Docker files exist for builder
97- echo "Looking for builder/release Dockerfile..."
98- BUILDER_DOCKERFILE=$(find . -name "Dockerfile" -path "*/release/*" -o -name "Dockerfile" -path "*/builder/*" | head -n 1)
99+ # Simplify builder Dockerfile discovery
100+ echo "Looking for second Dockerfile for builder ..."
101+ BUILDER_DOCKERFILE=$(grep -v "^$EXTERNAL_DOCKERFILE$" all_dockerfiles.txt | head -n 1)
99102
100103 if [ -z "$BUILDER_DOCKERFILE" ]; then
101- echo "No builder Dockerfile found, looking for any other Dockerfile..."
102- BUILDER_DOCKERFILE=$(find . -name "Dockerfile" | grep -v "context" | grep -v "$EXTERNAL_DOCKERFILE" | head -n 1)
103-
104- if [ -z "$BUILDER_DOCKERFILE" ]; then
105- echo "ERROR: No Dockerfile found for BioGears builder"
106- exit 1
107- fi
104+ echo "No second Dockerfile found, using the same one as external"
105+ BUILDER_DOCKERFILE=$EXTERNAL_DOCKERFILE
108106 fi
109107
110108 echo "Using Dockerfile at: $BUILDER_DOCKERFILE"
@@ -115,22 +113,26 @@ jobs:
115113 docker build -t ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest \
116114 --build-arg EXTERNAL_IMAGE=ghcr.io/${{ github.repository_owner }}/biogears-hari-external:latest \
117115 --progress=plain \
118- -f "$BUILDER_DOCKERFILE" .
116+ -f "$BUILDER_DOCKERFILE" "$DOCKERFILE_DIR"
119117
120118 # Tag with date-based version
121119 SHORT_SHA="${{ github.sha }}"
122120 DATE_VERSION="$(date +%Y%m%d)-${SHORT_SHA:0:8}"
123121 docker tag ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:${DATE_VERSION}
124122
125- # Get image digest
126- BUILDER_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest 2>/dev/null || docker images --no-trunc --quiet ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest)
123+ # Get image digest and save to file
124+ BUILDER_DIGEST=$(docker images --no-trunc --quiet ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest)
127125 echo "BUILDER_DIGEST=$BUILDER_DIGEST" >> image-digests.txt
128126 echo "BUILDER_VERSION=$DATE_VERSION" >> image-digests.txt
129127 echo "BUILDER_DOCKERFILE=$BUILDER_DOCKERFILE" >> image-digests.txt
130128 echo "Builder image digest: $BUILDER_DIGEST"
131129
132130 - name : Extract built artifacts from Docker image
131+ shell : bash
133132 run : |
133+ # Use . instead of source for POSIX shell compatibility
134+ . ./image-digests.txt || { echo "Failed to load image-digests.txt"; cat ./image-digests.txt; }
135+
134136 # Create a temporary container to extract artifacts from
135137 CONTAINER_ID=$(docker create ghcr.io/${{ github.repository_owner }}/biogears-hari-builder:latest)
136138
@@ -151,8 +153,11 @@ jobs:
151153 ls -la build/bin/
152154
153155 - name : Create build metadata
156+ shell : bash
154157 run : |
155- source image-digests.txt
158+ # Use . instead of source for POSIX shell compatibility
159+ . ./image-digests.txt || { echo "Failed to load image-digests.txt"; cat ./image-digests.txt; }
160+
156161 cat > build-metadata.json << EOF
157162 {
158163 "builder_id": "github-actions-docker",
@@ -248,6 +253,7 @@ jobs:
248253
249254 - name : Get image digest
250255 id : image_digest
256+ shell : bash
251257 run : |
252258 # Get image digest for attestations
253259 DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ github.repository_owner }}/biogears-hari:${{ github.sha }} | cut -d'@' -f2 || echo "sha256:$(docker images --no-trunc --quiet ghcr.io/${{ github.repository_owner }}/biogears-hari:${{ github.sha }})")
@@ -291,8 +297,10 @@ jobs:
291297 sudo apt-get install -y trivy
292298
293299 - name : Generate SBOM and scan for vulnerabilities
300+ shell : bash
294301 run : |
295- source image-digest.txt
302+ # Use . instead of source for POSIX shell compatibility
303+ . ./image-digest.txt || { echo "Failed to load image-digest.txt"; cat ./image-digest.txt; }
296304
297305 # Generate SBOM and scan image (all in one command)
298306 trivy image --format cyclonedx --output sbom-with-vulns.cyclonedx.json ghcr.io/${{ github.repository_owner }}/biogears-hari:${{ github.sha }}
@@ -648,8 +656,10 @@ jobs:
648656 tar -xzf signed-policies.tar.gz -C extracted-policies
649657
650658 - name : Create image data file
659+ shell : bash
651660 run : |
652- source image-digest.txt
661+ # Use . instead of source for POSIX shell compatibility
662+ . ./image-digest.txt || { echo "Failed to load image-digest.txt"; cat ./image-digest.txt; }
653663
654664 # Create image metadata file for in-toto attestations
655665 cat > image-data.json << EOF
@@ -660,6 +670,7 @@ jobs:
660670 EOF
661671
662672 - name : Generate attestations
673+ shell : bash
663674 run : |
664675 # Generate Build Attestation
665676 opa eval -i build-output/build-metadata.json -d extracted-policies/policies/rego/build_attestation_policy.rego "data.build_attestation.attestation" -f json > build-attestation-raw.json
@@ -778,6 +789,7 @@ jobs:
778789
779790 - name : Set version information
780791 id : version
792+ shell : bash
781793 run : |
782794 SHORT_SHA="${{ github.sha }}"
783795 VERSION="$(date +%Y%m%d)-${SHORT_SHA:0:8}"
0 commit comments