Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add: upload 3rd gen into greenbone registry #104

Merged
merged 7 commits into from
Sep 24, 2024
Merged

Add: upload 3rd gen into greenbone registry #104

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
24f7b07
Add: upload 3rd gen into greenbone registry
pascalholthaus Aug 30, 2024
7e97b66
WIP: seperate 3rd gen upload
mathisschiwy Sep 24, 2024
849ec42
WIP seperate 3rd gen upload
mathisschiwy Sep 24, 2024
84b33a5
WIP: seperate 3rd gen upload
mathisschiwy Sep 24, 2024
dcc8e66
WIP: seperate 3rd gen upload
mathisschiwy Sep 24, 2024
91d8f33
Update helm-container-build-push-3rd-gen.yml
pascalholthaus Sep 24, 2024
60a2c55
Update helm-container-build-push-3rd-gen.yml
pascalholthaus Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .github/workflows/helm-container-build-push-3rd-gen.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Container build and push 3rd gen
id: build-and-push
uses: greenbone/actions/container-build-push-generic@v3
Expand Down Expand Up @@ -121,6 +122,83 @@ jobs:
scout-user: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_USERNAME || '' }}
scout-password: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_TOKEN || '' }}

building-container-greenbone-reg:
if: (inputs.helm-chart) && (startsWith(github.ref, 'refs/tags/v'))
runs-on: self-hosted-generic
outputs:
digest: ${{ steps.build-and-push.outputs.digest }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Unfortunately we have to format the URL here because in many repos multiple images are built with static URLs.
# Later we can also use this step to distribute the images into different OCI projects
- name: Create image url
id: image-url
shell: bash
run: |
if ${{ github.ref_name }} | grep -Eq "alpha|rc"; then
url="opensight-dev/$(basename ${{ inputs.image-url }})"
else
case "${{ inputs.image-url }}" in
*"asset-management"*)
url="opensight-asset/$(basename ${{ inputs.image-url }})"
;;
*"vulnerability-intelligence"*)
url="opensight-lookout/$(basename ${{ inputs.image-url }})"
;;
*"scan-management"*)
url="opensight-appliance/$(basename ${{ inputs.image-url }})"
;;
*"opensight-postgres"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-keycloak"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-ingress"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-opensearch"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-notification-service"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*)
echo "no supported service in ${{ inputs.image-url }}"
exit 1
;;
# Follow pattern for all 3rd gen products
esac
fi
echo "url=$url" >> $GITHUB_OUTPUT

- name: Container build and push 3rd gen to additional url
id: build-and-push-additional
uses: greenbone/actions/container-build-push-generic@v3
with:
build-context: ${{ inputs.build-context }}
build-docker-file: ${{ inputs.build-docker-file }}
build-args: ${{ inputs.build-args }}
build-secrets: ${{ contains(inputs.build-secret-greenbonebot, 'true') && format('GREENBONE_BOT_PACKAGES_READ_TOKEN={0}', secrets.GREENBONE_BOT_PACKAGES_READ_TOKEN) || inputs.build-secrets }}
cosign-key: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign-key-password: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
# The tlog function does not currently support an ed25519 key.
cosign-tlog-upload: "false"
image-url: ${{ steps.image-url.outputs.url }}
image-labels: ${{ inputs.image-labels }}
image-tags: |
# create container tag for git tags
type=ref,event=tag,value=latest
type=match,pattern=v(.*),group=1
type=ref,event=pr
# use unstable for main branch
type=raw,value=unstable,enable={{is_default_branch}}
registry: ${{ secrets.GREENBONE_REGISTRY }}
registry-username: ${{ secrets.GREENBONE_REGISTRY_USER }}
registry-password: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}

building-service-chart:
if: (inputs.helm-chart) && (startsWith(github.ref, 'refs/tags/v'))
needs:
Expand Down