Fix Docker build contexts and validation workflows for service dependencies (#417)

* Enhance GitHub workflows and PR template

- Updated pull request template to improve clarity and structure.
- Modified Docker validation workflows to include shared paths and improve context handling.
- Adjusted publish workflows for consistency in path handling and Docker context.
- Refined validation workflows for orchestration engine, policy decision point, and portal backend to ensure shared paths are included.
- Standardized quotes in YAML files for consistency.
- Improved security workflow to streamline branch specifications.

* Fix Dockerfile paths for audit, consent, orchestration, policy, and portal services

* Refactor enum loading and default handling in audit service configuration

* Fix Dockerfile paths to correctly reference shared packages in consent engine, policy decision point, orchestration engine, and portal backend

* Address PR comments

* Add script to test Docker builds for all services

Author: sthanikan2000

.github/pull_request_template.md

@@ -1,7 +1,9 @@
 ## Summary
+
 Provide a brief description of what this PR accomplishes and why these changes are needed.
 
 ## Type of Change
+
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
@@ -11,17 +13,20 @@ Provide a brief description of what this PR accomplishes and why these changes a
 - [ ] Other (please describe):
 
 ## Changes Made
+
 - List the main changes made in this PR
 - Be specific about what was modified, added, or removed
 - Include any architectural changes
 
 ## Testing
+
 - [ ] I have tested this change locally
 - [ ] I have added unit tests for new functionality
 - [ ] I have tested edge cases
 - [ ] All existing tests pass
 
 ## Checklist
+
 - [ ] My code follows the project's style guidelines
 - [ ] I have performed a self-review of my code
 - [ ] I have commented my code, particularly in hard-to-understand areas
@@ -30,15 +35,19 @@ Provide a brief description of what this PR accomplishes and why these changes a
 - [ ] I have checked that there are no merge conflicts
 
 ## Related Issues
+
 Closes #123 <!-- Replace 123 with the relevant issue number -->
 Fixes #123 <!-- Replace 123 with the relevant issue number -->
 Related to #123 <!-- Replace 123 with the relevant issue number -->
 
 ## Screenshots/Demo
+
 (If applicable, add screenshots or GIFs to help explain your changes)
 
 ## Additional Notes
+
 Any additional context, concerns, or notes for reviewers.
 
 ## Deployment Notes
-(If applicable, include any special deployment instructions or environment considerations)
+
+(If applicable, include any special deployment instructions or environment considerations)

.github/workflows/audit-service-docker-validate.yml

@@ -3,21 +3,22 @@ name: Validate Audit Service Docker
 on:
   pull_request:
     paths:
-      - 'audit-service/Dockerfile'
-      - '.github/workflows/audit-service-docker-validate.yml'
+      - "audit-service/**"
+      - "shared/**"
+      - ".github/workflows/audit-service-docker-validate.yml"
   workflow_dispatch:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'audit-service'
+  SERVICE_PATH: "audit-service"
   # ================================
   REGISTRY: ghcr.io
 
 jobs:
   docker-validate:
     runs-on: ubuntu-latest
     permissions:
-      contents: read         # To check out the code
+      contents: read # To check out the code
       security-events: write # To upload Trivy SARIF results
 
     steps:
@@ -34,9 +35,10 @@ jobs:
       - name: Build Docker image (validation only)
         uses: docker/build-push-action@v5
         with:
-          context: ${{ env.SERVICE_PATH }}
-          push: false  # Don't push, just validate build
-          load: true   # Load image locally for security scanning
+          context: .
+          file: ${{ env.SERVICE_PATH }}/Dockerfile
+          push: false # Don't push, just validate build
+          load: true # Load image locally for security scanning
           tags: ${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/audit-service:pr-${{ github.event.pull_request.number || 'manual' }}
           build-args: |
             SERVICE_PATH=${{ env.SERVICE_PATH }}
@@ -50,11 +52,11 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/audit-service:pr-${{ github.event.pull_request.number || 'manual' }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          format: "sarif"
+          output: "trivy-results.sarif"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

.github/workflows/audit-service-publish.yml

@@ -5,16 +5,17 @@ on:
     branches:
       - main
     paths:
-      - 'audit-service/**'
-      - '.github/workflows/audit-service-publish.yml'
+      - "audit-service/**"
+      - "shared/**"
+      - ".github/workflows/audit-service-publish.yml"
     tags:
-      - 'audit-service-v*'
-      - 'v*'
+      - "audit-service-v*"
+      - "v*"
   workflow_dispatch:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'audit-service'
+  SERVICE_PATH: "audit-service"
   IMAGE_NAME: ${{ github.repository }}/audit-service
   # ================================
   REGISTRY: ghcr.io
@@ -23,8 +24,8 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     permissions:
-      contents: read       # To check out the code
-      packages: write      # To push images to GHCR
+      contents: read # To check out the code
+      packages: write # To push images to GHCR
 
     steps:
       - name: Checkout repository
@@ -61,7 +62,8 @@ jobs:
         id: build-push
         uses: docker/build-push-action@v5
         with:
-          context: ${{ env.SERVICE_PATH }}
+          context: .
+          file: ${{ env.SERVICE_PATH }}/Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -71,4 +73,4 @@ jobs:
             BUILD_TIME=${{ github.event.head_commit.timestamp || github.event.repository.pushed_at || '2025-01-01T00:00:00Z' }}
             GIT_COMMIT=${{ github.sha }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max

.github/workflows/audit-service-validate.yml

@@ -3,8 +3,9 @@ name: Validate Audit Service
 on:
   pull_request:
     paths:
-      - 'audit-service/**'
-      - '.github/workflows/audit-service-validate.yml'
+      - "audit-service/**"
+      - "shared/**"
+      - ".github/workflows/audit-service-validate.yml"
   workflow_dispatch:
 
 concurrency:
@@ -13,19 +14,19 @@ concurrency:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'audit-service'
+  SERVICE_PATH: "audit-service"
   TEST_DB_NAME: audit_service_test
   # ================================
   REGISTRY: ghcr.io
-  GO_VERSION: '1.24'
+  GO_VERSION: "1.24"
   TEST_DB_USER: postgres
   TEST_DB_PASS: password
 
 jobs:
   validate:
     runs-on: ubuntu-latest
     permissions:
-      contents: read       # To check out the code
+      contents: read # To check out the code
 
     services:
       postgres:
@@ -85,5 +86,3 @@ jobs:
           TEST_DB_DATABASE: ${{ env.TEST_DB_NAME }}
           TEST_DB_SSLMODE: disable
         run: cd ${{ env.SERVICE_PATH }} && go test ./... -count=1
-
-

.github/workflows/consent-engine-docker-validate.yml

@@ -3,21 +3,22 @@ name: Validate Consent Engine Docker
 on:
   pull_request:
     paths:
-      - 'exchange/consent-engine/Dockerfile'
-      - '.github/workflows/consent-engine-docker-validate.yml'
+      - "exchange/consent-engine/**"
+      - "exchange/shared/**"
+      - ".github/workflows/consent-engine-docker-validate.yml"
   workflow_dispatch:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'exchange/consent-engine'
+  SERVICE_PATH: "exchange/consent-engine"
   # ================================
   REGISTRY: ghcr.io
 
 jobs:
   docker-validate:
     runs-on: ubuntu-latest
     permissions:
-      contents: read         # To check out the code
+      contents: read # To check out the code
       security-events: write # To upload Trivy SARIF results
 
     steps:
@@ -34,10 +35,10 @@ jobs:
       - name: Build Docker image (validation only)
         uses: docker/build-push-action@v5
         with:
-          context: exchange
+          context: .
           file: ${{ env.SERVICE_PATH }}/Dockerfile
-          push: false  # Don't push, just validate build
-          load: true   # Load image locally for security scanning
+          push: false # Don't push, just validate build
+          load: true # Load image locally for security scanning
           tags: ${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/consent-engine:pr-${{ github.event.pull_request.number || 'manual' }}
           build-args: |
             SERVICE_PATH=${{ env.SERVICE_PATH }}
@@ -51,11 +52,11 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/consent-engine:pr-${{ github.event.pull_request.number || 'manual' }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          format: "sarif"
+          output: "trivy-results.sarif"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

.github/workflows/consent-engine-publish.yml

@@ -5,17 +5,18 @@ on:
     branches:
       - main
     paths:
-      - 'exchange/consent-engine/**'
-      - 'exchange/shared/**'
-      - '.github/workflows/consent-engine-publish.yml'
+      - "exchange/consent-engine/**"
+      - "exchange/shared/**"
+      - "shared/**"
+      - ".github/workflows/consent-engine-publish.yml"
     tags:
-      - 'consent-engine-v*'
-      - 'v*'
+      - "consent-engine-v*"
+      - "v*"
   workflow_dispatch:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'exchange/consent-engine'
+  SERVICE_PATH: "exchange/consent-engine"
   IMAGE_NAME: ${{ github.repository }}/consent-engine
   # ================================
   REGISTRY: ghcr.io
@@ -24,8 +25,8 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     permissions:
-      contents: read       # To check out the code
-      packages: write      # To push images to GHCR
+      contents: read # To check out the code
+      packages: write # To push images to GHCR
 
     steps:
       - name: Checkout repository
@@ -62,7 +63,7 @@ jobs:
         id: build-push
         uses: docker/build-push-action@v5
         with:
-          context: exchange
+          context: .
           file: ${{ env.SERVICE_PATH }}/Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
@@ -73,4 +74,4 @@ jobs:
             BUILD_TIME=${{ github.event.head_commit.timestamp || github.event.repository.pushed_at || '2025-01-01T00:00:00Z' }}
             GIT_COMMIT=${{ github.sha }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max

.github/workflows/consent-engine-validate.yml

@@ -3,9 +3,10 @@ name: Validate Consent Engine
 on:
   pull_request:
     paths:
-      - 'exchange/consent-engine/**'
-      - 'exchange/shared/**'
-      - '.github/workflows/consent-engine-validate.yml'
+      - "exchange/consent-engine/**"
+      - "exchange/shared/**"
+      - "shared/**"
+      - ".github/workflows/consent-engine-validate.yml"
   workflow_dispatch:
 
 concurrency:
@@ -14,19 +15,19 @@ concurrency:
 
 env:
   # === Service-specific variables ===
-  SERVICE_PATH: 'exchange/consent-engine'
+  SERVICE_PATH: "exchange/consent-engine"
   TEST_DB_NAME: consent_engine_test
   # ================================
   REGISTRY: ghcr.io
-  GO_VERSION: '1.24'
+  GO_VERSION: "1.24"
   TEST_DB_USER: postgres
   TEST_DB_PASS: password
 
 jobs:
   validate:
     runs-on: ubuntu-latest
     permissions:
-      contents: read       # To check out the code
+      contents: read # To check out the code
 
     services:
       postgres:
@@ -86,5 +87,3 @@ jobs:
           TEST_DB_DATABASE: ${{ env.TEST_DB_NAME }}
           TEST_DB_SSLMODE: disable
         run: cd ${{ env.SERVICE_PATH }} && go test ./... -count=1
-
-

.github/workflows/frontends-docker-validate.yml

@@ -3,10 +3,10 @@ name: Validate Frontends Docker
 on:
   pull_request:
     paths:
-      - 'portals/**/Dockerfile'
-      - 'portals/**/nginx.conf'
-      - 'portals/**/entrypoint.sh'
-      - '.github/workflows/frontends-docker-validate.yml'
+      - "portals/**/Dockerfile"
+      - "portals/**/nginx.conf"
+      - "portals/**/entrypoint.sh"
+      - ".github/workflows/frontends-docker-validate.yml"
   workflow_dispatch:
 
 env:
@@ -47,12 +47,12 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.REGISTRY }}/${{ steps.repo.outputs.name }}/${{ matrix.portal }}:pr-${{ github.event.pull_request.number || 'manual' }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          format: "sarif"
+          output: "trivy-results.sarif"
 
       - name: Upload Trivy scan results
         uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"
           category: ${{ matrix.portal }}

.github/workflows/frontends-publish.yml

@@ -5,10 +5,10 @@ on:
     branches:
       - main
     paths:
-      - 'portals/**'
-      - '.github/workflows/frontends-publish.yml'
+      - "portals/**"
+      - ".github/workflows/frontends-publish.yml"
     tags:
-      - 'v*'
+      - "v*"
   workflow_dispatch:
 
 env: