init google compute scanner

.github/workflows/apps-docs.yaml

@@ -1,4 +1,4 @@
-name: CD / Docs
+name: Apps / Docs
 
 on:
   pull_request:

.github/workflows/apps-job-policy-checker.yaml

@@ -1,4 +1,4 @@
-name: CD / Job Policy Checker
+name: Apps / Job Policy Checker
 
 on:
   pull_request:

.github/workflows/apps-webservice.yaml

@@ -1,4 +1,4 @@
-name: CD / Webservice
+name: Apps / Webservice
 
 on:
   pull_request:

.github/workflows/providers-google-compute-scanner.yaml

@@ -0,0 +1,60 @@
+name: Providers / Google Compute Scanner
+
+on:
+  pull_request:
+    branches: ["*"]
+    paths:
+      - providers/google-compute-scanner/**
+      - .github/workflows/providers-google-compute-scanner.yaml
+      - pnpm-lock.yaml
+  push:
+    branches: ["main"]
+    paths:
+      - providers/google-compute-scanner/**
+      - .github/workflows/providers-google-compute-scanner.yaml
+      - pnpm-lock.yaml
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ctrlplane/google-compute-scanner
+          tags: |
+            type=sha,format=short,prefix=
+
+      - name: Build
+        uses: docker/build-push-action@v6
+        if: github.ref != 'refs/heads/main'
+        with:
+          push: false
+          file: providers/google-compute-scanner/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v6
+        if: github.ref == 'refs/heads/main'
+        with:
+          push: true
+          file: providers/google-compute-scanner/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}

pnpm-workspace.yaml

@@ -3,7 +3,7 @@ packages:
   - packages/*
   - tooling/*
   - agents/*
-  - providers/**
+  - providers/*
 
 catalog:
   eslint: ^9.9.0

providers/google-compute-scanner/Dockerfile

@@ -0,0 +1,34 @@
+ARG NODE_VERSION=22
+FROM node:${NODE_VERSION}-alpine
+
+WORKDIR /app
+
+RUN apk add --no-cache libc6-compat python3 make g++
+
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+
+RUN npm install -g turbo
+RUN corepack enable pnpm
+
+COPY .gitignore .gitignore
+COPY turbo.json turbo.json
+RUN pnpm add -g turbo
+
+COPY package.json package.json
+COPY pnpm-*.yaml .
+
+COPY packages/logger/package.json ./packages/logger/package.json
+COPY packages/node-sdk/package.json ./packages/node-sdk/package.json
+COPY packages/validators/package.json ./packages/validators/package.json
+COPY providers/google-cloud/compute-scanner/package.json ./providers/google-cloud/compute-scanner/package.json
+
+RUN pnpm install --frozen-lockfile
+COPY . .
+RUN turbo build --filter=...@ctrlplane/google-compute-scanner
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nodejs
+USER nodejs
+
+CMD node providers/google-cloud/compute-scanner/dist/index.js

providers/google-cloud/compute-scanner/package.json → providers/google-compute-scanner/package.json

@@ -39,6 +39,7 @@
     "@ctrlplane/prettier-config": "workspace:*",
     "@ctrlplane/tsconfig": "workspace:*",
     "@types/lodash": "^4.17.5",
+    "@types/semver": "^7.5.8",
     "eslint": "catalog:",
     "prettier": "catalog:",
     "typescript": "^5.4.5"