From 419e15c8ac2612d9be31cc9a16da682b4d7f3665 Mon Sep 17 00:00:00 2001
From: Ukang'a Dickson <ukanga@users.noreply.github.com>
Date: Mon, 24 Jun 2024 19:57:39 +0300
Subject: [PATCH] Cleanup github action yaml file

---
 .../ecr-image-build-w-arm-runner.yml          | 60 +++++++++++++------
 1 file changed, 43 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/ecr-image-build-w-arm-runner.yml b/.github/workflows/ecr-image-build-w-arm-runner.yml
index 60a6101210..228a46555d 100644
--- a/.github/workflows/ecr-image-build-w-arm-runner.yml
+++ b/.github/workflows/ecr-image-build-w-arm-runner.yml
@@ -1,13 +1,15 @@
 ---
 name: AWS ECR Build Image with ARM Runner
 
-on:
+on:  # yamllint disable-line rule:truthy
   release:
-      types:
-          - "released"
+    types:
+      - "released"
   push:
+    branches:
       - "main"
       - "*-rc"
+      - "fix-arm-build"
     tags:
       - "v*"
 
@@ -68,7 +70,9 @@ jobs:
 
       - name: Get the branch name
         id: get-branch-name
-        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+        if: >
+          github.event_name == 'push'
+          || github.event_name == 'workflow_dispatch'
         run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
 
       - name: (Ubuntu) Build and push
@@ -87,15 +91,19 @@ jobs:
           push: true
           labels: ${{ steps.meta.outputs.labels }}
           provenance: false
-          outputs: type=image,name=${{ steps.login-ecr.outputs.registry }}/onaio/onadata,push-by-digest=true,name-canonical=true,push=true
-      -
-        name: Export digest
+          outputs: |
+             type=image,
+             name=${{ steps.login-ecr.outputs.registry }}/onaio/onadata,
+             push-by-digest=true,
+             name-canonical=true,
+             push=true
+
+      - name: Export digest
         run: |
           mkdir -p /tmp/digests
           digest="${{ steps.docker-build-ubuntu.outputs.digest }}"
           touch "/tmp/digests/${digest#sha256:}"
-      -
-        name: Upload digest
+      - name: Upload digest
         uses: actions/upload-artifact@v4
         with:
           name: digests-${{ env.PLATFORM_PAIR }}
@@ -141,17 +149,24 @@ jobs:
       - name: Create manifest list and push
         working-directory: /tmp/digests
         run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ steps.login-ecr.outputs.registry }}/onaio/onadata@sha256:%s ' *)
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' \
+            <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ steps.login-ecr.outputs.registry }}\
+            /onaio/onadata@sha256:%s ' *)
 
       - name: Inspect image
         run: |
-          docker buildx imagetools inspect ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect \
+            ${{ steps.login-ecr.outputs.registry }}/onaio/onadata\
+            :${{ steps.meta.outputs.version }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ steps.meta.outputs.version }}
+          image-ref: |
+            ${{ steps.login-ecr.outputs.registry }}\
+              /onaio/onadata:${{ steps.meta.outputs.version }}
           format: 'sarif'
           output: 'trivy-results.sarif'
 
@@ -164,13 +179,19 @@ jobs:
       - name: Run Trivy vulnerability scanner for Slack
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ steps.meta.outputs.version }}
+          image-ref: |
+            ${{ steps.login-ecr.outputs.registry }}\
+              /onaio/onadata:${{ steps.meta.outputs.version }}
           format: json
           output: 'trivy-results.json'
 
       - name: Create summary of trivy issues
         run: |
-          summary=$(jq -r '.Results[] | select(.Vulnerabilities) | .Vulnerabilities | group_by(.Severity) | map({Severity: .[0].Severity, Count: length}) | .[] | [.Severity, .Count] | join(": ")' trivy-results.json | awk 'NR > 1 { printf(" | ") } {printf "%s",$0}')
+          summary=$(jq -r '.Results[] | select(.Vulnerabilities) \
+            | .Vulnerabilities | group_by(.Severity) \
+            | map({Severity: .[0].Severity, Count: length}) \
+            | .[] | [.Severity, .Count] | join(": ")' trivy-results.json \
+            | awk 'NR > 1 { printf(" | ") } {printf "%s",$0}')
           if [ -z $summary ]
           then
             summary="0 Issues"
@@ -182,7 +203,8 @@ jobs:
         with:
           payload: |
             {
-              "text": "Trivy scan results for ${{ steps.meta.outputs.version }}",
+              "text":
+                "Trivy scan results for ${{ steps.meta.outputs.version }}",
               "blocks": [
                 {
                   "type": "section",
@@ -195,7 +217,11 @@ jobs:
                   "type": "section",
                   "text": {
                     "type": "mrkdwn",
-                    "text": "View scan results: https://github.com/${{ github.repository }}/security/code-scanning?query=branch:${{ env.version || github.ref_name }}+is:open++"
+                    "text": "View scan results: \
+                      https://github.com/${{ github.repository }}\
+                      /security/code-scanning\
+                      ?query=branch:${{ env.version || github.ref_name }}\
+                      +is:open++"
                   }
                 }
               ]