From e3c2ac2d8ddd2f4d2f7d59cbeb17389569d1da8d Mon Sep 17 00:00:00 2001
From: alvarof2 <fernandez.f.alvaro@gmail.com>
Date: Mon, 20 May 2024 14:47:17 +0200
Subject: [PATCH] envsubst for op-ufm

---
 .../workflows/docker-op-ufm-build-push.yaml   | 40 +++++++++++++++++++
 op-ufm/Dockerfile                             |  2 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/docker-op-ufm-build-push.yaml

diff --git a/.github/workflows/docker-op-ufm-build-push.yaml b/.github/workflows/docker-op-ufm-build-push.yaml
new file mode 100644
index 000000000000..d040ed5dab23
--- /dev/null
+++ b/.github/workflows/docker-op-ufm-build-push.yaml
@@ -0,0 +1,40 @@
+---
+name: Build container and push to cLabs registry
+on:
+    push:
+      branches:
+        - main
+      paths:
+        # Run if any of the following files are changed
+        - 'op-ufm/**'
+
+jobs:
+    build:
+      runs-on: ['self-hosted', 'org', '8-cpu']
+      permissions: # Required for workload identity auth and push the trivy results to GitHub
+        contents: read
+        id-token: write
+        security-events: write
+      steps:
+
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Authenticate to Google Cloud
+          uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@main
+          with:
+            workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-optimism/providers/github-by-repos
+            service-account: celo-optimism-gh@devopsre.iam.gserviceaccount.com
+            access-token-lifetime: "60m"
+            docker-gcp-registries: us-west1-docker.pkg.dev
+
+        - name: Build, push and scan the container
+          uses: celo-org/reusable-workflows/.github/actions/build-container@main
+          with:
+            platforms: linux/amd64
+            registry: us-west1-docker.pkg.dev/devopsre/dev-images/optimism
+            tags: op-ufm-${{ github.sha }}
+            context: .
+            dockerfile: op-ufm/Dockerfile
+            push: true
+            trivy: false
diff --git a/op-ufm/Dockerfile b/op-ufm/Dockerfile
index 0a2644ec3bba..df47c6be2f49 100644
--- a/op-ufm/Dockerfile
+++ b/op-ufm/Dockerfile
@@ -20,7 +20,7 @@ COPY --from=builder /app/bin/ufm /bin/ufm
 RUN apk update && \
     chmod +x /bin/entrypoint.sh
 
-RUN apk add ca-certificates jq curl bind-tools
+RUN apk add ca-certificates jq curl bind-tools gettext
 
 VOLUME /etc/ufm