From f04647d9b12a11a3b7c1743ac19cb2d24629ccc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rui=20Ara=C3=BAjo=20Gomes?= Date: Fri, 25 Oct 2024 14:14:04 +0100 Subject: [PATCH] add OCI labels --- .github/workflows/release-dkr-image.yml | 32 ++++++++++++++++--- .../release-docker-github-actions.yaml | 26 +++++++++++++-- .github/workflows/release-nightly.yml | 32 ++++++++++++++++--- 3 files changed, 77 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml index 35117f4cbb2..dff543f11e7 100644 --- a/.github/workflows/release-dkr-image.yml +++ b/.github/workflows/release-dkr-image.yml @@ -41,14 +41,33 @@ jobs: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Get current date + run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: "checkmarx/kics" + labels: | + org.opencontainers.image.title=KICS + org.opencontainers.image.version=${{ steps.get-version.outputs.version }} + org.opencontainers.image.vendor=Checkmarx + org.opencontainers.image.authors=KICS + org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. + org.opencontainers.image.documentation=https://docs.kics.io + org.opencontainers.image.url=https://github.com/Checkmarx/kics + org.opencontainers.image.source=https://github.com/Checkmarx/kics + org.opencontainers.image.licenses=Apache-2.0 + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push alpine to Docker Hub - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: build_alpine with: context: . @@ -60,9 +79,10 @@ jobs: COMMIT=${{ github.sha }} SENTRY_DSN=${{ secrets.SENTRY_DSN }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Build and push debian to Docker Hub id: build_debian - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: ./docker/Dockerfile.debian @@ -74,9 +94,10 @@ jobs: COMMIT=${{ github.sha }} SENTRY_DSN=${{ secrets.SENTRY_DSN }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Build and push ubi8 to Docker Hub id: build_ubi8 - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: ./docker/Dockerfile.ubi8 @@ -88,6 +109,7 @@ jobs: COMMIT=${{ github.sha }} SENTRY_DSN=${{ secrets.SENTRY_DSN }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} # TODO: dockerhub api does not support PAT yet # https://github.com/docker/roadmap/issues/115#issuecomment-891694974 # https://github.com/docker/roadmap/issues/115 diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml index cb2b87d578a..102e8f7639d 100644 --- a/.github/workflows/release-docker-github-actions.yaml +++ b/.github/workflows/release-docker-github-actions.yaml @@ -26,14 +26,33 @@ jobs: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Get current date + run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: "checkmarx/kics" + labels: | + org.opencontainers.image.title=KICS + org.opencontainers.image.version=${{ github.event.inputs.version }} + org.opencontainers.image.vendor=Checkmarx + org.opencontainers.image.authors=KICS + org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. + org.opencontainers.image.documentation=https://docs.kics.io + org.opencontainers.image.url=https://github.com/Checkmarx/kics + org.opencontainers.image.source=https://github.com/Checkmarx/kics + org.opencontainers.image.licenses=Apache-2.0 + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push Github Action Image to Docker Hub - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: build_gh_action with: context: . @@ -45,6 +64,7 @@ jobs: COMMIT=${{ github.sha }} SENTRY_DSN=${{ secrets.SENTRY_DSN }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Check out the repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 013fdab20a7..fc6adbccbd9 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -152,15 +152,34 @@ jobs: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Get current date + run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: "checkmarx/kics" + labels: | + org.opencontainers.image.title=KICS + org.opencontainers.image.version=nightly-${{ needs.pre_release_job.outputs.sha8 }} + org.opencontainers.image.vendor=Checkmarx + org.opencontainers.image.authors=KICS + org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. + org.opencontainers.image.documentation=https://docs.kics.io + org.opencontainers.image.url=https://github.com/Checkmarx/kics + org.opencontainers.image.source=https://github.com/Checkmarx/kics + org.opencontainers.image.licenses=Apache-2.0 + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push alpine to Docker Hub id: build_alpine - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . push: true @@ -170,9 +189,10 @@ jobs: VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} COMMIT=${{ github.sha }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Build and push debian to Docker Hub id: build_debian - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: ./docker/Dockerfile.debian @@ -183,9 +203,10 @@ jobs: VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} COMMIT=${{ github.sha }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Build and push ubi8 to Docker Hub id: build_ubi8 - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: ./docker/Dockerfile.ubi8 @@ -196,6 +217,7 @@ jobs: VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} COMMIT=${{ github.sha }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} + labels: ${{ steps.meta.outputs.labels }} - name: Create Pull Request uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 with: