From 2435317a2daab223d5f118f71eacd4023c528cfa Mon Sep 17 00:00:00 2001
From: hvle <pomverte@users.noreply.github.com>
Date: Mon, 15 Jan 2024 12:56:23 +0100
Subject: [PATCH] feat(bats): construction de l'image via GitHub Actions (#1)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat(bats): construction de l'image via GitHub Actions

* feat: worklow on changes

* feat: push docker image

* fix: image tag

* fix: image tag

* feat: docker linter

* feat: scan de vulnérabilité

* fix: container registry authentification

* fix: security issues

* Update bats/README.md

Co-authored-by: hvle <pomverte@users.noreply.github.com>

* feat(pipeline): trigger workflow on main branch

* docs: MIT licence

---------

Co-authored-by: Hong Viet Le <hvle@octo.com>
Co-authored-by: Joseph Page <josephpage@users.noreply.github.com>
---
 .github/workflows/bats.yml | 78 ++++++++++++++++++++++++++++++++++++++
 LICENSE                    | 21 ++++++++++
 README.md                  |  2 +-
 bats/Dockerfile            |  4 ++
 bats/README.md             | 10 +++++
 5 files changed, 114 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/bats.yml
 create mode 100644 LICENSE
 create mode 100644 bats/Dockerfile
 create mode 100644 bats/README.md

diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml
new file mode 100644
index 0000000..a019df3
--- /dev/null
+++ b/.github/workflows/bats.yml
@@ -0,0 +1,78 @@
+---
+name: Build bats docker image
+run-name: ${{ github.actor }} is building bats
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+    - 'bats/**'
+  pull_request:
+    branches: [ "main" ]
+    paths:
+    - 'bats/**'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: bats
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
+
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    needs: build
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_USERNAME: ${{ github.actor }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.1
+      - uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Dockerfile linting
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: bats/Dockerfile
+          ignore: DL3018
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..d016034
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 OCTO Technology
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
index 660bea4..befd18d 100644
--- a/README.md
+++ b/README.md
@@ -1 +1 @@
-# Formation-DKADM
\ No newline at end of file
+# Docker images
diff --git a/bats/Dockerfile b/bats/Dockerfile
new file mode 100644
index 0000000..58880cc
--- /dev/null
+++ b/bats/Dockerfile
@@ -0,0 +1,4 @@
+FROM bats/bats:v1.10.0
+
+RUN apk update && apk upgrade --no-cache && \
+    apk add --no-cache curl
diff --git a/bats/README.md b/bats/README.md
new file mode 100644
index 0000000..bd2e755
--- /dev/null
+++ b/bats/README.md
@@ -0,0 +1,10 @@
+# BATS
+
+## Pourquoi
+
+L'image précédemment utilisée `dduportal/bats:0.4.0` n'est plus disponible sur Docker Hub.
+
+## Références
+
+Cette image est utilisée dans les formations suivantes :
+- 🦊 [GITLA](https://www.octo.academy/catalogue/formation/gitla-gitlab-ci-et-cd-gestion-des-sources-et-integration-continue-avec-gitlab/), repo : https://gitlab.com/octo-technology/octo-ops/gitlab-formation