Container registry.

Contrast-Security-OSS · Jul 30, 2024 · 91e9b4f · 91e9b4f
1 parent 38af10d
commit 91e9b4f
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 3 deletions.
diff --git a/.github/actions/build-image/action.yaml b/.github/actions/build-image/action.yaml
@@ -0,0 +1,65 @@
+name: build-and-deploy-image
+
+inputs:
+  registry:
+    description: The registry to deploy to
+    required: true
+  image_name:
+    description: The name of the docker image
+    required: true
+  username:
+    description: The username to login to the container registry
+    required: true
+  password:
+    description: The password to login to the container registry
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/checkout@v4
+    - name: Log in to the Container registry
+      uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+      with:
+        images: ${{ inputs.registry }}/${{ inputs.image_name }}
+        tags: type=sha,format=long
+
+    - name: Build and push Docker image
+      id: push
+      uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+    - name: install yq
+      shell: bash
+      run: |
+        sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
+        sudo add-apt-repository ppa:rmescandon/yq -y
+        sudo apt update -y
+        sudo apt install yq -y
+
+    - name: Commit changes
+      shell: bash
+      env:
+        IMAGE_TAG: ${{ steps.meta.outputs.tags[0] }}
+      run: |
+        yq e ".runs.image = env(IMAGE_TAG)" -i action.yml
+        git add action.yml
+        git diff-index --quiet HEAD || (git commit -m "[Auto] Image tag updated to ${{ steps.meta.outputs.tags[0] }}" && git push)
+   
+
+
+
+
+
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -6,15 +6,21 @@ on:
     - '*'
     - '!main'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 permissions:
   contents: read
+  packages: write
   checks: write
+  id-token: write
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install modules
         run: npm ci
       - name: eslint
@@ -24,7 +30,15 @@ jobs:
     needs: [ lint ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build-image
+        name: Build and publish docker image
+        with:
+          registry: ${{ env.REGISTRY }}
+          image_name: ${{ env.IMAGE_NAME }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build local scanner action image
         run: |
           docker build .
@@ -33,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ build-action-docker-image ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses : ./
         name: Run action against repoository
         with: