From 9e449ef7ed33a45067ce05247b117c4f41a4b93d Mon Sep 17 00:00:00 2001
From: dwertent <david.wertenteil@kaleido.io>
Date: Fri, 6 Sep 2024 11:13:04 -0400
Subject: [PATCH] fix: get latest tag

Signed-off-by: dwertent <david.wertenteil@kaleido.io>
---
 .github/workflows/docker_release.yml | 35 ++++++++++------------------
 .github/workflows/docs.yml           | 22 ++++++-----------
 Dockerfile                           | 24 ++++++++++++-------
 3 files changed, 35 insertions(+), 46 deletions(-)

diff --git a/.github/workflows/docker_release.yml b/.github/workflows/docker_release.yml
index d8b2313ce..11a5c311a 100644
--- a/.github/workflows/docker_release.yml
+++ b/.github/workflows/docker_release.yml
@@ -5,36 +5,25 @@ on:
     types: [released, prereleased]
 
 jobs:
-  fetch-latest-tag:
-    runs-on: ubuntu-latest
-    outputs:
-      latest_tag: ${{ steps.get_latest_tag.outputs.latest_tag }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Fetch all tags
-        run: git fetch --tags
-
-      - name: Get the latest tag
-        id: get_latest_tag
-        run: |
-          latest_tag=$(git tag -l | sort -V | tail -n 1)
-          echo "::set-output name=latest_tag::${latest_tag}"
-
+   
   docker:
     runs-on: ubuntu-latest
-    needs: fetch-latest-tag
     permissions:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Get the latest tag
+        id: get_latest_tag
+        run: |
+          git fetch --tags
+          latest_tag=$(git tag -l | sort -V | tail -n 1)
+          echo "latest tag: $latest_tag"
+          echo "LATEST_TAG=$latest_tag" >> $GITHUB_ENV
+      
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
 
@@ -48,9 +37,9 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
+      
       - name: Set latest tag
-        if: github.event.action == 'released' && github.ref_name == needs.fetch-latest-tag.outputs.latest_tag
+        if: github.event.action == 'released' && github.ref_name == env.LATEST_TAG
         run: |
           echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},ghcr.io/${{ github.repository }}:latest" >> $GITHUB_ENV
 
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index d49c5dc7e..7922048bc 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -23,32 +23,24 @@ jobs:
           git config --global user.name "GitHub Actions"
           git config --global user.email "noreply@github.com"
 
-      - name: Check if this is the latest release
+      - name: Get the latest tag
         run: |
-          LATEST_TAG=$(
-            curl -L \
-              -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ github.token }}" \
-              -H "X-GitHub-Api-Version: 2022-11-28" \
-              https://api.github.com/repos/${{ github.repository }}/releases/latest \
-              | jq -r '.tag_name'
-          )
-          IS_LATEST=${{ $LATEST_TAG == github.event.release.tag_name }}
-          echo This release is: "${{ github.event.release.tag_name }}"
-          echo The latest release is: "$LATEST_TAG"
-          echo "IS_LATEST_RELEASE=$IS_LATEST" >> "$GITHUB_ENV"
+          git fetch --tags
+          latest_tag=$(git tag -l | sort -V | tail -n 1)
+          echo "latest tag: $latest_tag"
+          echo "LATEST_TAG=$latest_tag" >> $GITHUB_ENV
 
       - name: Install docs dependencies
         working-directory: doc-site
         run: pip install -r requirements.txt
 
       - name: Update doc site for release
-        if: ${{ github.event_name == 'release' && env.IS_LATEST_RELEASE != 'true' }}
+        if: github.event.action == 'released' && github.ref_name != env.LATEST_TAG
         working-directory: doc-site
         run: mike deploy ${{ github.event.release.tag_name }} --push
 
       - name: Update doc site for latest release
-        if: ${{ github.event_name == 'release' && env.IS_LATEST_RELEASE == 'true' }}
+        if: github.event.action == 'released' && github.ref_name == env.LATEST_TAG
         working-directory: doc-site
         run: mike deploy ${{ github.event.release.tag_name }} latest -u --push
 
diff --git a/Dockerfile b/Dockerfile
index 871f44821..7dd2570a9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,23 @@
+# ARG Definitions
+# Consider adding default values for the ARGs based on this warning: 
+# https://github.com/hyperledger/firefly/actions/runs/10795366695/job/29941873807#step:4:171
 ARG FIREFLY_BUILDER_TAG
 ARG FABRIC_BUILDER_TAG
 ARG FABRIC_BUILDER_PLATFORM
 ARG SOLIDITY_BUILDER_TAG
 ARG BASE_TAG
+
 ARG BUILD_VERSION
 ARG GIT_REF
 
+# Firefly Builder
 FROM $FIREFLY_BUILDER_TAG AS firefly-builder
 ARG BUILD_VERSION
 ARG GIT_REF
 RUN apk add make=4.4.1-r2 \
     gcc=13.2.1_git20231014-r0 \
     build-base=0.5-r3 \
-    curl=8.9.0-r0 \
+    curl=8.9.1-r0 \
     git=2.43.4-r0
 WORKDIR /firefly
 RUN chgrp -R 0 /firefly \
@@ -26,6 +31,7 @@ RUN go mod download
 ADD --chown=1001:0 . .
 RUN make build
 
+# Fabric Builder
 FROM --platform=$FABRIC_BUILDER_PLATFORM $FABRIC_BUILDER_TAG AS fabric-builder
 WORKDIR /firefly/smart_contracts/fabric/firefly-go
 RUN chgrp -R 0 /firefly \
@@ -39,13 +45,13 @@ RUN GO111MODULE=on go mod vendor
 WORKDIR /tmp/fabric
 RUN curl https://github.com/hyperledger/fabric/releases/download/v2.3.2/hyperledger-fabric-linux-amd64-2.3.2.tar.gz -L --output hyperledger-fabric-linux-amd64-2.3.2.tar.gz
 RUN tar -zxf hyperledger-fabric-linux-amd64-2.3.2.tar.gz
-ENV FABRIC_CFG_PATH /tmp/fabric/config/
+ENV FABRIC_CFG_PATH=/tmp/fabric/config/
 RUN ./bin/peer lifecycle chaincode package /firefly/smart_contracts/fabric/firefly-go/firefly_fabric.tar.gz --path /firefly/smart_contracts/fabric/firefly-go --lang golang --label firefly_1.0
 
+# Solidity Builder
 FROM $SOLIDITY_BUILDER_TAG AS solidity-builder
 WORKDIR /firefly/solidity_firefly
-RUN chgrp -R 0 /firefly \ 
-    && chmod -R g+rwX /firefly
+RUN chgrp -R 0 /firefly && chmod -R g+rwX /firefly
 ADD --chown=1001:0 smart_contracts/ethereum/solidity_firefly/ .
 USER 1001
 RUN mkdir -p build/contracts \
@@ -54,7 +60,8 @@ RUN mkdir -p build/contracts \
     && cd ../build/contracts \
     && mv combined.json Firefly.json
 
-FROM alpine:3.19 AS SBOM
+# SBOM
+FROM alpine:3.19 AS sbom
 WORKDIR /
 ADD . /SBOM
 RUN apk add --no-cache curl 
@@ -62,13 +69,14 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/
 RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
 RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
 
+# Final executable build
 FROM $BASE_TAG
 ARG UI_TAG
 ARG UI_RELEASE
 RUN apk add --update --no-cache \
     sqlite=3.44.2-r0 \
     postgresql16-client=16.3-r0 \
-    curl=8.9.0-r0 \
+    curl=8.9.1-r0 \
     jq=1.7.1-r0
 WORKDIR /firefly
 RUN chgrp -R 0 /firefly \
@@ -83,10 +91,10 @@ COPY --from=firefly-builder --chown=1001:0 /firefly/firefly ./firefly
 COPY --from=firefly-builder --chown=1001:0 /firefly/db ./db
 COPY --from=solidity-builder --chown=1001:0 /firefly/solidity_firefly/build/contracts ./contracts
 COPY --from=fabric-builder --chown=1001:0 /firefly/smart_contracts/fabric/firefly-go/firefly_fabric.tar.gz ./contracts/firefly_fabric.tar.gz
-ENV UI_RELEASE https://github.com/hyperledger/firefly-ui/releases/download/$UI_TAG/$UI_RELEASE.tgz
+ENV UI_RELEASE=https://github.com/hyperledger/firefly-ui/releases/download/$UI_TAG/$UI_RELEASE.tgz
 RUN mkdir /firefly/frontend \
     && curl -sLo - $UI_RELEASE | tar -C /firefly/frontend -zxvf -
-COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json
+COPY --from=sbom /sbom.spdx.json /sbom.spdx.json
 RUN ln -s /firefly/firefly /usr/bin/firefly
 USER 1001
 ENTRYPOINT [ "firefly" ]