Add: Provide a Dockerfile to build and upload a container image

Allow to use the project from a docker container.

.dockerignore

@@ -0,0 +1,8 @@
+.git
+.mypy_cache
+.ruff_cache
+.venv
+.vscode
+.env
+lib
+htmlcov

.github/workflows/container.yml

@@ -0,0 +1,49 @@
+name: Container Image Builds
+
+on:
+  push:
+    branches: [ main ]
+    tags: ["v*"]
+  workflow_dispatch:
+
+jobs:
+  images:
+    name: Build images
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.IMAGE_REGISTRY }}
+          username: ${{ secrets.GREENBONE_BOT }}
+          password: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}
+      - name: Setup container meta information
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ vars.IMAGE_REGISTRY }}/${{ github.repository }}
+          labels: |
+            org.opencontainers.image.vendor=Greenbone
+            org.opencontainers.image.base.name=debian:stable-slim
+          tags: |
+            # create container tag for git tags
+            type=ref,event=tag
+            # set edge for default branch
+            type=edge
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push Container image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          file: docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

docker/Dockerfile

@@ -0,0 +1,57 @@
+FROM debian:stable-slim as builder
+
+COPY . /source
+
+WORKDIR /source
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends --no-install-suggests -y \
+    python3 \
+    python-is-python3 \
+    pipx && \
+    apt-get remove --purge --auto-remove -y && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN pipx install poetry
+
+RUN rm -rf dist && /root/.local/bin/poetry build -f wheel
+
+FROM debian:stable-slim
+
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+ENV PIP_NO_CACHE_DIR off
+
+WORKDIR /greenbone-scap
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends --no-install-suggests -y \
+    gosu \
+    python3 \
+    python-is-python3 \
+    python3-pip && \
+    apt-get remove --purge --auto-remove -y && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN addgroup --gid 1001 --system greenbone && \
+    adduser --no-create-home --shell /bin/false --disabled-password --uid 1001 --system --group greenbone
+
+COPY --from=builder /source/dist/* /greenbone-scap/
+COPY docker/entrypoint.sh /usr/local/bin/entrypoint
+
+RUN python3 -m pip install --break-system-packages /greenbone-scap/*
+
+RUN mkdir -p /etc/bash_completion.d && \
+    greenbone-cve-download --print-completion bash > /etc/bash_completion.d/greenbone-cve-download-complete.bash && \
+    echo "source /etc/bash_completion.d/greenbone-cve-download-complete.bash" >> /etc/bash.bashrc && \
+    greenbone-cpe-download --print-completion bash > /etc/bash_completion.d/greenbone-cpe-download-complete.bash && \
+    echo "source /etc/bash_completion.d/greenbone-cpe-download-complete.bash" >> /etc/bash.bashrc && \
+    greenbone-cpe-find --print-completion bash > /etc/bash_completion.d/greenbone-cpe-find-complete.bash && \
+    echo "source /etc/bash_completion.d/greenbone-cpe-find-complete.bash" >> /etc/bash.bashrc
+
+RUN chown -R greenbone:greenbone /greenbone-scap && \
+    chmod 755 /usr/local/bin/entrypoint
+
+ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
+
+CMD ["/bin/bash"]

docker/entrypoint.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec gosu greenbone "$@"