From f35283a92f389eb25d13693c1d7834805b3d8be4 Mon Sep 17 00:00:00 2001 From: Emmanuel Owosekun Date: Wed, 28 Aug 2024 17:42:23 +0200 Subject: [PATCH 1/5] Add: build and push to ghcr and harbor --- .github/workflows/container.yml | 89 ++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 17 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 3f91bae..d9af90f 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -11,9 +11,14 @@ on: workflow_dispatch: jobs: - images: - name: Build and upload container images - runs-on: ubuntu-latest + generate: + name: Generate pg-gvm archive + runs-on: + - self-hosted + - self-hosted-generic + outputs: + labels: ${{ steps.meta.outputs.labels }} + feed-info: ${{ steps.feed-info.outputs.feed-version }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -21,8 +26,24 @@ jobs: fetch-depth: 0 - uses: greenbone/actions/is-latest-tag@v3 id: latest + - name: Determine Feed Info + id: feed-info + run: | + echo "feed-version=$(date +"%Y%m%d%H%M")" >> $GITHUB_OUTPUT + - name: Create pg-gvm archive + run: tar -cvJ -f pg-gvm.tar.xz . + - name: Create build context + run: | + mkdir -p /tmp/context/pg-gvm/ + cp pg-gvm.tar.xz /tmp/context/pg-gvm/ + cp .docker/*.sh /tmp/context + - name: Upload dfn-cert-data archive + uses: actions/upload-artifact@v4 + with: + name: pg-gvm + path: /tmp/context - name: Setup container meta information - id: meta + id: labels uses: docker/metadata-action@v5 with: images: ${{ github.repository }} @@ -30,18 +51,42 @@ jobs: org.opencontainers.image.vendor=Greenbone org.opencontainers.image.base.name=debian/stable-slim flavor: latest=false # no latest container tag for git tags + ghcr: + needs: generate + name: Build and push to ghcr.io (for feed-deployment only!!!) + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: greenbone/actions/checkout@v3 + - name: Clean directory + run: rm -rf ${{ matrix.FEED_TYPE }}/* + - uses: actions/download-artifact@v4 + with: + name: pg-gvm + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ${{ vars.IMAGE_REGISTRY }} + username: ${{ secrets.GREENBONE_BOT }} + password: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} + - name: Setup additional container meta information + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} tags: | # use version, major.minor and major for tags type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} - + # use edge for default branch type=edge - + # set label for non-published pull request builds type=ref,event=pr - + # when a new git tag is created set stable and a latest tags type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }} @@ -49,16 +94,10 @@ jobs: id: container-opts run: | if [[ "${{ github.ref_type }}" = 'tag' ]]; then - echo "gvm-libs-version=oldstable" >> $GITHUB_OUTPUT - else + echo "gvm-libs-version=oldstable" >> $GITHUB_OUTPUT + else echo "gvm-libs-version=oldstable-edge" >> $GITHUB_OUTPUT fi - - name: Login to Docker Registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx @@ -69,8 +108,24 @@ jobs: context: . push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} build-args: | - GVM_LIBS_VERSION=${{ steps.container-opts.outputs.gvm-libs-version }} + GVM_LIBS_VERSION=${{ steps.container-opts.outputs.gvm-libs-version }} file: .docker/prod.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + labels: ${{ needs.generate.outputs.labels }} + + harbor: + name: Build and push to self-hosted harbor + needs: generate + uses: greenbone/workflows/.github/workflows/container-build-push-feed.yml@main + with: + artifact-name: pg-gvm + artifact-path: /tmp/context + build-context: /tmp/context + image-labels: ${{ needs.generate.outputs.labels }} + image-tags: | + type=raw,value=community + type=raw,value=latest + type=raw,value=${{ needs.generate.outputs.feed-info }} + image-url: community/pg-gvm + secrets: inherit From 725cf38b0341d968b3a5a1554a2749ccd4076f1f Mon Sep 17 00:00:00 2001 From: Emmanuel Owosekun Date: Thu, 29 Aug 2024 11:26:31 +0200 Subject: [PATCH 2/5] Fix: Uses ghcr.io as registry in ghcr --- .github/workflows/container.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index d9af90f..4d92293 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -9,7 +9,7 @@ on: branches: - main workflow_dispatch: - + jobs: generate: name: Generate pg-gvm archive @@ -30,18 +30,11 @@ jobs: id: feed-info run: | echo "feed-version=$(date +"%Y%m%d%H%M")" >> $GITHUB_OUTPUT - - name: Create pg-gvm archive - run: tar -cvJ -f pg-gvm.tar.xz . - name: Create build context run: | mkdir -p /tmp/context/pg-gvm/ cp pg-gvm.tar.xz /tmp/context/pg-gvm/ cp .docker/*.sh /tmp/context - - name: Upload dfn-cert-data archive - uses: actions/upload-artifact@v4 - with: - name: pg-gvm - path: /tmp/context - name: Setup container meta information id: labels uses: docker/metadata-action@v5 @@ -58,16 +51,15 @@ jobs: steps: - name: Checkout repository uses: greenbone/actions/checkout@v3 - - name: Clean directory - run: rm -rf ${{ matrix.FEED_TYPE }}/* - uses: actions/download-artifact@v4 with: name: pg-gvm + path: /tmp/context - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: - registry: ${{ vars.IMAGE_REGISTRY }} + registry: ghcr.io username: ${{ secrets.GREENBONE_BOT }} password: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} - name: Setup additional container meta information From e5dae5f7ce5e885182159acbd1254cc6b61d57a5 Mon Sep 17 00:00:00 2001 From: Emmanuel Owosekun Date: Thu, 29 Aug 2024 11:35:10 +0200 Subject: [PATCH 3/5] Remove: removes creation of build context uses default build context --- .github/workflows/container.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 4d92293..11923e3 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -30,11 +30,6 @@ jobs: id: feed-info run: | echo "feed-version=$(date +"%Y%m%d%H%M")" >> $GITHUB_OUTPUT - - name: Create build context - run: | - mkdir -p /tmp/context/pg-gvm/ - cp pg-gvm.tar.xz /tmp/context/pg-gvm/ - cp .docker/*.sh /tmp/context - name: Setup container meta information id: labels uses: docker/metadata-action@v5 @@ -51,10 +46,6 @@ jobs: steps: - name: Checkout repository uses: greenbone/actions/checkout@v3 - - uses: actions/download-artifact@v4 - with: - name: pg-gvm - path: /tmp/context - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v3 @@ -111,9 +102,6 @@ jobs: needs: generate uses: greenbone/workflows/.github/workflows/container-build-push-feed.yml@main with: - artifact-name: pg-gvm - artifact-path: /tmp/context - build-context: /tmp/context image-labels: ${{ needs.generate.outputs.labels }} image-tags: | type=raw,value=community From 33f0950219ea303bd17bb836afdfdff1704fe71d Mon Sep 17 00:00:00 2001 From: Emmanuel Owosekun Date: Thu, 29 Aug 2024 11:59:34 +0200 Subject: [PATCH 4/5] Add: specifies Dockerfile for harbor push --- .github/workflows/container.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 11923e3..0cb41d4 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -102,6 +102,7 @@ jobs: needs: generate uses: greenbone/workflows/.github/workflows/container-build-push-feed.yml@main with: + build-docker-file: .docker/prod.Dockerfile image-labels: ${{ needs.generate.outputs.labels }} image-tags: | type=raw,value=community From 611bfee2e5bf86e6dfb2eaf53e09108f83f74d21 Mon Sep 17 00:00:00 2001 From: Emmanuel Owosekun Date: Thu, 29 Aug 2024 12:19:24 +0200 Subject: [PATCH 5/5] Add: edits ghcr.io credentials --- .github/workflows/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 0cb41d4..49b591c 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -52,7 +52,7 @@ jobs: with: registry: ghcr.io username: ${{ secrets.GREENBONE_BOT }} - password: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }} + password: ${{ secrets.GREENBONE_BOT_TOKEN }} - name: Setup additional container meta information id: meta uses: docker/metadata-action@v5