From b34a9f324e01ad90d2b2a7d2735dbf4386d44a1c Mon Sep 17 00:00:00 2001
From: Raj Kumar Panda <rajkumar@stepsecurity.io>
Date: Mon, 12 May 2025 11:08:34 +0530
Subject: [PATCH] chore: add publish docker image workflow and fixed readme
 versionings

image built for arm64

imge version updated

imge version updated
---
 .github/workflows/docker.yml | 55 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   |  1 +
 README.md                    | 12 ++++----
 action.yml                   |  2 +-
 4 files changed, 63 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/docker.yml

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 0000000..da1688b
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,55 @@
+name: Publish docker image
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: 'Tag to release'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        if: startsWith(github.event.inputs.release_tag, 'v')
+        steps:
+        - name: Harden the runner (Audit all outbound calls)
+          uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+          with:
+            egress-policy: audit
+
+        - name: Checkout
+          uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        - name: Validate tag format
+          run: |
+            TAG=${{ github.event.inputs.release_tag }}
+            if ! echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
+              echo "❌ Invalid tag format: $TAG"
+              exit 1
+            fi
+            echo "✅ Valid semver tag: $TAG"
+        - name: Log in to GitHub Container Registry
+          uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+          with:
+            registry: ghcr.io
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        - name: Set up QEMU for ARM builds
+          uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+        - name: Build and push Docker image
+          uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+          with:
+            context: .
+            push: true
+            platforms: linux/amd64,linux/arm64
+            tags: |
+              ghcr.io/${{ github.repository }}:${{ github.event.inputs.release_tag }}
diff --git a/Dockerfile b/Dockerfile
index fc9f0d8..2e11f2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
 FROM docker:stable@sha256:fd4d028713fd05a1fb896412805daed82c4a0cc84331d8dad00cb596d7ce3e3a
+RUN apk add --no-cache curl
 COPY start-mongodb.sh /start-mongodb.sh
 RUN chmod +x /start-mongodb.sh
 ENTRYPOINT ["/start-mongodb.sh"]
diff --git a/README.md b/README.md
index 48b7814..97eb1e0 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
 
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
 
@@ -73,7 +73,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
 
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-replica-set: test-rs
@@ -117,7 +117,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
 
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-replica-set: test-rs
@@ -161,7 +161,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
 
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-username: supercharge
@@ -205,7 +205,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
 
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-container-name: mongodb-${{ matrix.node-version }}-${{ matrix.mongodb-version }}
@@ -227,7 +227,7 @@ You can utilize an alternative MongoDB docker image using the `mongodb-image` in
 
 ```yaml
     - name: Start MongoDB
-      uses: step-security/mongodb-github-action@1.12.0
+      uses: step-security/mongodb-github-action@v1
       with:
         # Here we are using an image from Amazon's ECR rather than the default image from Docker Hub
         mongodb-image: 'public.ecr.aws/docker/library/mongo'
diff --git a/action.yml b/action.yml
index 2b237cb..4d3a68e 100644
--- a/action.yml
+++ b/action.yml
@@ -48,7 +48,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'Dockerfile'
+  image: 'docker://ghcr.io/step-security/mongodb-github-action@sha256:14889a419431efee64b706e9307b5c2b15fe157b123b8f9f2fca9f8817dad835'
   args:
     - ${{ inputs.mongodb-image }}
     - ${{ inputs.mongodb-version }}