9797 if : ${{ inputs.prebuilt-image-artifact == '' }}
9898 env :
9999 GITHUB_TOKEN : ${{ secrets.GH_TOKEN }}
100+ # WARNING: This workflow accesses a non-default secret. Ensure this secret is
101+ # required and that it is stored securely in the repository or organization settings.
102+ NPM_AZURE_KEY : ${{ secrets.NPM_AZURE_KEY }}
100103 run : |
101104 if [ ! -f "Dockerfile" ]; then
102105 echo "❌ No Dockerfile found - this workflow requires a Dockerfile to scan Docker image"
@@ -106,8 +109,25 @@ jobs:
106109 echo "Building Docker image..."
107110 REPO_NAME=$(basename $(pwd))
108111
112+ # Strategy 0: platform-ui - build with NPM Azure Key via buildx secret
113+ if [ "${{ github.event.repository.name }}" = "platform-ui" ]; then
114+ echo "Detected platform-ui - building with NPM Azure Key secret"
115+ trap 'rm -f .npmrc.tmp' EXIT
116+ printf '%s' "$NPM_AZURE_KEY" > .npmrc.tmp
117+ docker buildx create --use
118+ docker buildx build \
119+ --secret id=npmrc,src=.npmrc.tmp \
120+ --load \
121+ --platform linux/amd64 \
122+ --build-arg GITHUB_TOKEN="$GITHUB_TOKEN" \
123+ --build-arg GIT_SHA="${{ github.sha }}" \
124+ --build-arg APP_VERSION="${{ github.ref_name }}" \
125+ --build-arg DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
126+ -t "${REPO_NAME}:latest" .
127+ IMAGES="${REPO_NAME}:latest"
128+
109129 # Strategy 1: Check for build-docker.sh script (e.g., dsm-erchef)
110- if [ -f "build-docker.sh" ]; then
130+ elif [ -f "build-docker.sh" ]; then
111131 echo "Found build-docker.sh script - using it to build images"
112132 chmod +x build-docker.sh
113133 GITHUB_TOKEN="${{ secrets.GH_TOKEN }}" ./build-docker.sh
0 commit comments