Skip to content

Commit

Permalink
Add: upload 3rd gen into greenbone registry
Browse files Browse the repository at this point in the history 
WIP: seperate 3rd gen upload

WIP: seperate 3rd gen uploads

WIP: seperate 3rd gen uploads
  • Loading branch information
@pascalholthaus @mathisschiwy
pascalholthaus authored and mathisschiwy committed Sep 16, 2024
1 parent 9f4b8e4 commit 6eef89d
Showing 1 changed file with 104 additions and 0 deletions.
104 changes: 104 additions & 0 deletions .github/workflows/helm-container-build-push-3rd-gen.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Container build and push 3rd gen
id: build-and-push
uses: greenbone/actions/container-build-push-generic@v3
Expand Down Expand Up @@ -121,6 +122,109 @@ jobs:
scout-user: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_USERNAME || '' }}
scout-password: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_TOKEN || '' }}

building-container-greenbone-reg:
runs-on: self-hosted-generic
outputs:
digest: ${{ steps.build-and-push.outputs.digest }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Unfortunately we have to format the URL here because in many repos multiple images are built with static URLs.
# Later we can also use this step to distribute the images into different OCI projects
- name: Create base url
id: image-url
run: |
if echo "${{ inputs.image-labels }}" | grep -q "alpha"; then
base_url="$(echo '${{ inputs.image-url }}' | sed 's@greenbone@opensight-dev@g')"
else
base_url="$(echo '${{ inputs.image-url }}' | sed 's@greenbone@opensight@g')"
fi
echo "base_url=$base_url" >> $GITHUB_OUTPUT
- name: Container build and push 3rd gen to opensight
id: build-and-push
uses: greenbone/actions/container-build-push-generic@v3
with:
build-context: ${{ inputs.build-context }}
build-docker-file: ${{ inputs.build-docker-file }}
build-args: ${{ inputs.build-args }}
build-secrets: ${{ contains(inputs.build-secret-greenbonebot, 'true') && format('GREENBONE_BOT_PACKAGES_READ_TOKEN={0}', secrets.GREENBONE_BOT_PACKAGES_READ_TOKEN) || inputs.build-secrets }}
cosign-key: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign-key-password: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
# The tlog function does not currently support an ed25519 key.
cosign-tlog-upload: "false"
image-url: ${{ steps.image-url.outputs.base_url }}
image-labels: ${{ inputs.image-labels }}
image-tags: |
# create container tag for git tags
type=ref,event=tag,value=latest
type=match,pattern=v(.*),group=1
type=ref,event=pr
# use unstable for main branch
type=raw,value=unstable,enable={{is_default_branch}}
registry: ${{ secrets.GREENBONE_REGISTRY }}
registry-username: ${{ secrets.GREENBONE_REGISTRY_USER }}
registry-password: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}

- name: Determine additional url
id: determine-url
run: |
case "${{ inputs.image-url }}" in
*"asset-management"*)
if echo "${{ inputs.image-labels }}" | grep -q "alpha"; then
additional_url="opensight-asset-dev/$(basename ${{ steps.image-url.outputs.base_url }})"
else
additional_url="opensight-asset/$(basename ${{ steps.image-url.outputs.base_url }})"
fi
;;
*"vulnerability-intelligence"*)
if echo "${{ inputs.image-labels }}" | grep -q "alpha"; then
additional_url="opensight-lookout-dev/$(basename ${{ steps.image-url.outputs.base_url }})"
else
additional_url="opensight-lookout/$(basename ${{ steps.image-url.outputs.base_url }})"
fi
;;
*"scan-management"*)
if echo "${{ inputs.image-labels }}" | grep -q "alpha"; then
additional_url="opensight-appliance-dev/$(basename ${{ steps.image-url.outputs.base_url }})"
else
additional_url="opensight-appliance/$(basename ${{ steps.image-url.outputs.base_url }})"
fi
;;
*)
additional_url=''
;;
# Follow pattern for all 3rd gen products
esac
echo "additional_url=$additional_url" >> $GITHUB_OUTPUT
- name: Container build and push 3rd gen to additional url
if: steps.determine-url.outputs.additional_url != ''
id: build-and-push-additional
uses: greenbone/actions/container-build-push-generic@v3
with:
build-context: ${{ inputs.build-context }}
build-docker-file: ${{ inputs.build-docker-file }}
build-args: ${{ inputs.build-args }}
build-secrets: ${{ contains(inputs.build-secret-greenbonebot, 'true') && format('GREENBONE_BOT_PACKAGES_READ_TOKEN={0}', secrets.GREENBONE_BOT_PACKAGES_READ_TOKEN) || inputs.build-secrets }}
cosign-key: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign-key-password: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
# The tlog function does not currently support an ed25519 key.
cosign-tlog-upload: "false"
image-url: ${{ steps.determine-url.outputs.additional_url }}
image-labels: ${{ inputs.image-labels }}
image-tags: |
# create container tag for git tags
type=ref,event=tag,value=latest
type=match,pattern=v(.*),group=1
type=ref,event=pr
# use unstable for main branch
type=raw,value=unstable,enable={{is_default_branch}}
registry: ${{ secrets.GREENBONE_REGISTRY }}
registry-username: ${{ secrets.GREENBONE_REGISTRY_USER }}
registry-password: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}

building-service-chart:
if: (inputs.helm-chart) && (startsWith(github.ref, 'refs/tags/v'))
needs:
Expand Down

0 comments on commit 6eef89d

Please sign in to comment.