feat: setup action

.github/codeowners

@@ -0,0 +1,7 @@
+# Matched against repo root (asterisk)
+*       @mishraomp @paulushcgcj @DerekRoberts
+
+# Matched against directories
+# /.github/workflows/       @mishraomp @paulushcgcj @DerekRoberts
+
+# See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

.github/workflows/pr-open.yml

@@ -0,0 +1,60 @@
+name: PR
+
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # QuickStart apps build from the same dirs as their Dockerfiles
+  build:
+    permissions:
+      packages: write
+    name: Build
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./
+        with:
+          package: backend
+          keep_versions: 10
+          repository: bcgov/quickstart-openshift
+          tag: ${{ github.event.number }}
+
+  # Anything can be retagged if a fallback image exists (e.g. test)
+  retag:
+    needs: [build]
+    permissions:
+      packages: write
+    name: Retag
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./
+        with:
+          package: backend
+          keep_versions: 10
+          repository: bcgov/quickstart-openshift
+          tag: ${{ github.event.number }}-retag
+          tag_fallback: test
+          triggers: ('backend/')
+
+
+  # FOM apps build from repo root, above their Dockerfiles (extra params)
+  advanced:
+    permissions:
+      packages: write
+    name: Advanced
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./
+        with:
+          package: api
+          build_context: .
+          build_file: api/Dockerfile
+          keep_versions: 10
+          repository: bcgov/nr-fom
+          tag: ${{ github.event.number }}

.gitignore

@@ -5,7 +5,6 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
-.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -42,8 +41,8 @@ build/Release
 node_modules/
 jspm_packages/
 
-# Snowpack dependency directory (https://snowpack.dev/)
-web_modules/
+# TypeScript v1 declaration files
+typings/
 
 # TypeScript cache
 *.tsbuildinfo
@@ -54,9 +53,6 @@ web_modules/
 # Optional eslint cache
 .eslintcache
 
-# Optional stylelint cache
-.stylelintcache
-
 # Microbundle cache
 .rpt2_cache/
 .rts2_cache_cjs/
@@ -72,41 +68,29 @@ web_modules/
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variable files
+# dotenv environment variables file
 .env
-.env.development.local
-.env.test.local
-.env.production.local
-.env.local
+.env.test
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache
-.parcel-cache
 
 # Next.js build output
 .next
-out
 
 # Nuxt.js build / generate output
 .nuxt
 dist
 
 # Gatsby files
 .cache/
-# Comment in the public line in if your project uses Gatsby and not Next.js
+# Comment in the public line in if your project uses Gatsby and *not* Next.js
 # https://nextjs.org/blog/next-9-1#public-directory-support
 # public
 
 # vuepress build output
 .vuepress/dist
 
-# vuepress v2.x temp and cache directory
-.temp
-.cache
-
-# Docusaurus cache and generated files
-.docusaurus
-
 # Serverless directories
 .serverless/
 
@@ -118,13 +102,3 @@ dist
 
 # TernJS port file
 .tern-port
-
-# Stores VSCode versions used for testing VSCode extensions
-.vscode-test
-
-# yarn v2
-.yarn/cache
-.yarn/unplugged
-.yarn/build-state.yml
-.yarn/install-state.gz
-.pnp.*

action.yml

@@ -0,0 +1,191 @@
+name: Conditional Container Builder with Fallback
+description: Build if trigger conditions are met, else use fallback image
+branding:
+  icon: package
+  color: blue
+
+inputs:
+  ### Required
+  package:
+    description: Package name; e.g. backend, frontend
+    required: true
+  tag:
+    description: Default tag; e.g. pr#, test, prod
+    required: true
+
+  ### Typical / recommended
+  tag_fallback:
+    description: Where to pull default images from; e.g. prod, test
+  triggers:
+    description: Paths used to trigger a build; e.g. ('./backend/' './frontend/)
+  build_context:
+    description: Build context, not required for self-contained package/default directory
+  build_file:
+    description: Dockerfile with path, not required for self-contained package/default directory
+  keep_versions:
+    description: Number of versions to keep; omit to skip
+
+  ### Usually a bad idea / not recommended
+  build_args:
+    description: A list of build-time variables, generally not adviseable
+    value: "BUILDKIT_INLINE_CACHE=1"
+  diff_branch:
+    description: Branch to diff against
+    default: ${{ github.event.repository.default_branch }}
+  keep_regex:
+    description: Regex for tags to skip when keep_versions is provided; defaults to test and prod
+    default: "^(prod|test|latest)$"
+  repository:
+    description: Non-default repo to clone
+    default: ${{ github.repository }}
+  token:
+    description: Specify token (GH or PAT), instead of inheriting one from the calling workflow
+    default: ${{ github.token }}
+
+outputs:
+  digest:
+    description: 'Digest of the built image. for ex: sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef'
+    value: ${{ steps.get_digest.outputs.digest }}
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/checkout@v4
+      with:
+        # Check out build repo
+        repository: ${{ inputs.repository }}
+
+    # Process variables and inputs
+    - id: vars
+      shell: bash
+      run: |
+        # Inputs and variables
+
+        # Use package folder as build_context unless an override has been provided
+        if [ -z ${{ inputs.build_context }} ]; then
+          BUILD_CONTEXT=${{ inputs.package }}
+        else
+          BUILD_CONTEXT=${{ inputs.build_context }}
+        fi
+        echo "build_context=${BUILD_CONTEXT}" >> $GITHUB_OUTPUT
+
+        # Use BUILD_CONTEXT/Dockerfile as build_file unless an override has been provided
+        if [ -z ${{ inputs.build_file }} ]; then
+          BUILD_FILE=${BUILD_CONTEXT}/Dockerfile
+        else
+          BUILD_FILE=${{ inputs.build_file }}
+        fi
+        echo "build_file=${BUILD_FILE}" >> $GITHUB_OUTPUT
+
+        # Bug - Docker build hates images with capital letters
+        TAGS=$( echo "ghcr.io/${{ github.repository }}/${{ inputs.package }}:${{ inputs.tag }}" | tr '[:upper:]' '[:lower:]' )
+        echo "tags=${TAGS//[$'\r\n ']}" >> $GITHUB_OUTPUT
+
+    # Check if a build is required (steps.build.outputs.triggered=true|false)
+    - name: Check for builds
+      shell: bash
+      id: build
+      run: |
+        # Check for builds
+
+        # Build if an override repository was provided
+        if [ "${{ inputs.repository }}" != "${{ github.repository }}" ]; then
+          echo "Build triggered on override repository"
+          echo "triggered=true" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+
+        # Build if no tag_fallback or no triggers
+        if [ -z "${{ inputs.tag_fallback }}" ]||[ -z "${{ inputs.triggers }}" ]; then
+          echo "Build triggered with possible reasons:"
+          echo "  a) tag_fallback provided"
+          echo "  b) triggers not provided"
+          echo "triggered=true" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+
+        # Build if tag_fallback is no good (requires a valid container)
+        FALLBACK=ghcr.io/${{ inputs.repository }}/${{ inputs.package }}:${{ inputs.tag_fallback }}
+        if [ "$(docker buildx imagetools inspect ${FALLBACK} || true | grep -qi '^Name:')" = "" ]; then
+          # Output triggered=true for next steps
+          echo "Build triggered.  Fallback tag (tag_fallback) not usable."
+          echo "Manifest checked for: ghcr.io/${FALLBACK}"
+          echo "triggered=true" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+
+        # Build if changed files (git diff) match triggers
+        TRIGGERS=${{ inputs.triggers }}
+        git fetch origin ${{ inputs.diff_branch }}
+        while read -r check; do
+          for t in "${TRIGGERS[@]}"; do
+            if [[ "${check}" =~ "${t}" ]]; then
+                # Output triggered=true for next steps
+                echo "Build triggered based on git diff"
+                echo -e "${t}\n --> ${check}"
+                echo "triggered=true" >> $GITHUB_OUTPUT
+                exit 0
+            fi
+          done
+        done < <(git diff origin/${{ inputs.diff_branch }} --name-only)
+
+        # If at this point, no build is required
+        echo "Container build not required"
+        echo "triggered=false" >> $GITHUB_OUTPUT
+
+    # If a build is not required, reuse a previous image
+    - name: Recycle/retag Previous Images
+      uses: shrink/actions-docker-registry-tag@v3
+      if: steps.build.outputs.triggered != 'true'
+      with:
+        registry: ghcr.io
+        repository: ${{ inputs.repository }}/${{ inputs.package }}
+        target: ${{ inputs.tag_fallback }}
+        tags: ${{ inputs.tag }}
+
+    # If a build is required, then login, build and push!
+    - name: Set up Docker Buildx
+      if: steps.build.outputs.triggered == 'true'
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to the Container registry
+      if: steps.build.outputs.triggered == 'true'
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.token }}
+
+    - name: Build and push ${{ inputs.package }} Docker image
+      if: steps.build.outputs.triggered == 'true'
+      uses: docker/build-push-action@v5
+      with:
+        context: ${{ steps.vars.outputs.build_context }}
+        file: ${{ steps.vars.outputs.build_file }}
+        push: true
+        tags: ${{ steps.vars.outputs.tags }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        build-args: ${{ inputs.build_args }}
+
+    # Cleanup if inputs.keep_versions provided
+    - name: GHCR Cleanup
+      if: ${{ inputs.keep_versions }}
+      uses: actions/delete-package-versions@v4
+      with:
+        package-name: "${{ github.event.repository.name }}/${{ inputs.package }}"
+        package-type: "container"
+        min-versions-to-keep: ${{ inputs.keep_versions }}
+        ignore-versions: "${{ inputs.keep_regex }}"
+
+    # Action repo needs to be present for cleanup/tests
+    - name: Checkout local repo to make sure action.yml is present
+      if: ${{ github.repository }} != ${{ inputs.repository }}
+      uses: actions/checkout@v4
+
+    - name: Return digest of the built image
+      id: get_digest
+      shell: bash
+      run: |
+        DIGEST=$(docker manifest inspect ${{ steps.vars.outputs.tags }} | jq '.manifests[0].digest')
+        echo "digest=${DIGEST}" >> $GITHUB_OUTPUT