Merge main into v2

greenbone · Jul 4, 2023 · 9a9334a · 9a9334a
2 parents 83eca86 + d9e1ef1
commit 9a9334a
Show file tree

Hide file tree

Showing 10 changed files with 594 additions and 14 deletions.
diff --git a/container-build-push-3rd-gen/README.md b/container-build-push-3rd-gen/README.md
@@ -0,0 +1,42 @@
+# Build and push container action for 3rd gen
+
+A action to build and push container image for 3rd gen.
+
+## Example
+
+```yml 
+name: Build Container Image
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Container build and push 3rd gen
+        uses: greenbone/actions/container-build-push-3rd-gen@v2
+        with:
+          image-url: my/app
+          image-labels: my-label
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
+```
+
+## Inputs
+
+| Name                | Description                                                    |          |
+|---------------------|----------------------------------------------------------------|----------|
+| build-context       | Path to image build context. Default is the current directory. | Optional |
+| build-docker-file   | Path to the docker file. Default is './Dockerfile'.            | Optional |
+| build-args          | Use these build-args for the docker build process.             | Optional |
+| cosign-key          | cosign key to sign the image.                                  | Optional |
+| cosign-key-password | cosign key password.                                           | Optional |
+| image-labels        | Image labels.                                                  | Required |
+| image-url           | Image url/name without registry.                               | Required |
+| image-platforms     | Image platforms to build for. Default is 'linux/amd64'.        | Optional |
+| registry-password   | Registry password.                                             | Required |
diff --git a/container-build-push-3rd-gen/action.yaml b/container-build-push-3rd-gen/action.yaml
@@ -0,0 +1,69 @@
+name: Container build and push 3rd gen
+description: Container build and push action for 3rd gen.
+
+inputs:
+  build-context: 
+    description: "Path to image build context. Default is the current directory."
+    type: string
+    default: .
+  build-docker-file:
+    description: "Path to the docker file. Default is './Dockerfile'."
+    type: string
+    default: ./Dockerfile
+  build-args:
+    description: "Use these build-args for the docker build process."
+    type: string
+    default: ''
+  cosign-key:
+    description: "cosign key to sign the image."
+    type: string
+    default: ''
+  cosign-key-password:
+    description: "cosign key password."
+    type: string
+    default: ''
+  image-labels:
+    description: "Image labels."
+    type: string
+    required: true
+  image-url:
+    description: "Image url/name without registry."
+    type: string
+    required: true
+  image-platforms: 
+    description: "Image platforms to build for. Default is 'linux/amd64'."
+    type: string
+    default: linux/amd64
+  registry-password:
+    description: "Registry password."
+    type: string
+    required: true
+
+branding:
+  icon: "package"
+  color: "green"
+
+runs:
+  using: "composite"
+  steps:
+  - name: Container build and push 3rd gen
+    uses: greenbone/actions/container-build-push-generic@v2
+    with:
+      build-context: ${{ inputs.build-context }}
+      build-docker-file: ${{ inputs.build-docker-file }}
+      build-args: ${{ inputs.build-args }}
+      cosign-key: ${{ inputs.cosign-key }}
+      cosign-key-password: ${{ inputs.cosign-key-password }}
+      image-url: ${{ inputs.image-url }}
+      image-labels: ${{ inputs.image-labels }}
+      image-tags: |
+        # create container tag for git tags
+        type=ref,event=tag,value=latest
+        type=match,pattern=v(.*),group=1
+        type=ref,event=pr
+        # use unstable for main branch
+        type=raw,value=unstable,enable={{is_default_branch}}
+      image-platforms: ${{ inputs.image-platforms }}
+      registry: "ghcr.io"
+      registry-username: ${{ github.actor }}
+      registry-password: ${{ inputs.registry-password }}
diff --git a/container-build-push-docker/README.md b/container-build-push-docker/README.md
@@ -0,0 +1,50 @@
+# Build and push container action for docker.io
+
+A action to build and push container into docker.io.
+
+## Example
+
+```yml 
+name: Build Container Image
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Container build and push docker.io
+        uses: greenbone/actions/container-build-push-docker@v2
+        with:
+          image-url: my/app
+          image-labels: my-labels
+          image-tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          registry-username: my-user
+          registry-password: my-passwort
+```
+
+## Inputs
+
+| Name                | Description                                         |          |
+|---------------------|-----------------------------------------------------|----------|
+| build-context       | Path to image build context. Default "."            | Optional |
+| build-docker-file   | Path to the docker file. Default "./Dockerfile"     | Optional |
+| build-args          | Use these build-args for the docker build process.  | Optional |
+| cosign-key          | cosign key to sign the image.                       | Optional |
+| cosign-key-password | cosign key password.                                | Optional |
+| image-labels        | Image labels.                                       | Required |
+| image-url           | Image url/name without registry.                    | Required |
+| image-platforms     | Image platforms to build for. Default "linux/amd64" | Optional |
+| image-tags          | Image tags.                                         | Required |
+| registry-username   | Login registry username.                            | Required |
+| registry-password   | Login registry password.                            | Required |
diff --git a/container-build-push-docker/action.yaml b/container-build-push-docker/action.yaml
@@ -0,0 +1,70 @@
+name: Container build and push docker.io
+
+inputs:
+  build-context: 
+    description: "Path to image build context."
+    type: string
+    default: .
+  build-docker-file:
+    description: "Path to the docker file."
+    type: string
+    default: ./Dockerfile
+  build-args:
+    description: "Use these build-args for the docker build process."
+    type: string
+    default: ''
+  cosign-key:
+    description: "cosign key to sign the image."
+    type: string
+    default: ''
+  cosign-key-password:
+    description: "cosign key password."
+    type: string
+    default: ''
+  image-labels:
+    description: "Image labels."
+    type: string
+    required: true
+  image-url:
+    description: "Image url/name without registry."
+    type: string
+    required: true
+  image-tags:
+    description: "Image tags."
+    type: string
+    required: true
+  image-platforms: 
+    description: "Image platforms to build for."
+    type: string
+    default: linux/amd64
+  registry-username:
+    description: "Registry username for login."
+    type: string
+    required: true
+  registry-password:
+    description: "Registry password."
+    type: string
+    required: true
+
+branding:
+  icon: "package"
+  color: "green"
+
+runs:
+  using: "composite"
+  steps:
+  - name: Container build and push docker.io
+    uses: greenbone/actions/container-build-push-generic@v2
+    with:
+      build-context: ${{ inputs.build-context }}
+      build-docker-file: ${{ inputs.build-docker-file }}
+      build-args: ${{ inputs.build-args }}
+      cosign-key: ${{ inputs.cosign-key }}
+      cosign-key-password: ${{ inputs.cosign-key-password }}
+      image-url: ${{ inputs.image-url }}
+      image-labels: ${{ inputs.image-labels }}
+      image-tags: ${{ inputs.image-tags }}
+      image-platforms: ${{ inputs.image-platforms }}
+      registry: "docker.io"
+      registry-username: ${{ inputs.registry-username }}
+      registry-password: ${{ inputs.registry-password }} 
diff --git a/container-build-push-generic/README.md b/container-build-push-generic/README.md
@@ -0,0 +1,52 @@
+# Build and push container generic action
+
+A action to build and push container image.
+
+## Example
+
+```yml 
+name: Build Container Image
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Container build and push docker.io
+        uses: greenbone/actions/container-build-push-generic@v2
+        with:
+          image-url: docker.io/my-image
+          image-labels: my-labels
+          image-tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          registry: "docker.io"
+          registry-username: my-user
+          registry-password: my-passwort
+```
+
+## Inputs
+
+| Name                | Description                                         |          |
+|---------------------|-----------------------------------------------------|----------|
+| build-context       | Path to image build context. Default "."            | Optional |
+| build-docker-file   | Path to the docker file. Default "./Dockerfile"     | Optional |
+| build-args          | Use these build-args for the docker build process.  | Optional |
+| cosign-key          | cosign key to sign the image.                       | Optional |
+| cosign-key-password | cosign key password.                                | Optional |
+| image-labels        | Image labels.                                       | Required |
+| image-url           | Image url/name without registry.                    | Required |
+| image-platforms     | Image platforms to build for. Default "linux/amd64" | Optional |
+| image-tags          | Image tags.                                         | Required |
+| registry            | Registry url.                                       | Required |
+| registry-username   | Login registry username.                            | Required |
+| registry-password   | Login registry password.                            | Required |
diff --git a/container-build-push-generic/action.yaml b/container-build-push-generic/action.yaml
@@ -0,0 +1,102 @@
+name: Container build and push
+description: Generic container build and push action.
+
+inputs:
+  build-context: 
+    description: "Path to image build context."
+    type: string
+    default: .
+  build-docker-file:
+    description: "Path to the docker file."
+    type: string
+    default: ./Dockerfile
+  build-args:
+    description: "Use these build-args for the docker build process."
+    type: string
+    default: ''
+  cosign-key:
+    description: "cosign key to sign the image."
+    type: string
+    default: ''
+  cosign-key-password:
+    description: "cosign key password."
+    type: string
+    default: ''
+  image-labels:
+    description: "Image labels."
+    type: string
+    required: true
+  image-url:
+    description: "Image url/name without registry."
+    type: string
+    required: true
+  image-tags:
+    description: "Image tags."
+    type: string
+    required: true
+  image-platforms: 
+    description: "Image platforms to build for."
+    type: string
+    default: linux/amd64
+  registry: 
+    description: "Registry url."
+    type: string
+    required: true
+  registry-username: 
+    description: "Login registry username."
+    type: string
+    required: true
+  registry-password: 
+    description: "Login registry password."
+    type: string
+    required: true
+
+branding:
+  icon: "package"
+  color: "green"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Setup container meta information
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ inputs.image-url }}
+        labels: ${{ inputs.image-labels }}
+        tags: ${{ inputs.image-tags }}
+
+    - name: Login to Docker Registry
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.registry-username }}
+        password: ${{ inputs.registry-password }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Build and push Container image
+      id: build-and-push
+      uses: docker/build-push-action@v4
+      with:
+        context: ${{ inputs.build-context }}
+        push: ${{ github.event_name != 'pull_request' }}
+        platforms: ${{ inputs.image-platforms }}
+        file: ${{ inputs.build-docker-file }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        build-args: ${{ inputs.build-args }}
+
+    - name: Container signing
+      if: ${{ github.event_name != 'pull_request' }}
+      uses: greenbone/actions/container-signing@v2
+      with:
+        image-tags: ${{ steps.meta.outputs.tags }}
+        image-digest: ${{ steps.build-and-push.outputs.digest }}
+        cosign-key: ${{ inputs.cosign-key }}
+        cosign-key-password: ${{ inputs.cosign-key-password }}