From de7196d7e741dc02b41a5289ca72b278305b3986 Mon Sep 17 00:00:00 2001
From: Sivli Embir <sivli.embir@jupiterone.com>
Date: Mon, 15 Jul 2024 08:04:14 -0700
Subject: [PATCH] SRE-1913 - Move from workflow to action

---
 .github/actions/sign_ghcr/action.yaml | 38 +++++++++++++++++++++++
 .github/workflows/sign_ghcr.yaml      | 44 ---------------------------
 2 files changed, 38 insertions(+), 44 deletions(-)
 create mode 100644 .github/actions/sign_ghcr/action.yaml
 delete mode 100644 .github/workflows/sign_ghcr.yaml

diff --git a/.github/actions/sign_ghcr/action.yaml b/.github/actions/sign_ghcr/action.yaml
new file mode 100644
index 0000000..4f2789c
--- /dev/null
+++ b/.github/actions/sign_ghcr/action.yaml
@@ -0,0 +1,38 @@
+name: Sign Package Collector Image
+description: |
+  This action is responsible for signing the Docker image of the Package Collector
+  and pushing the signature to the GitHub Container Registry (GHCR).
+
+inputs:
+  image-name:
+    description: 'The name of the image.'
+    required: true
+  image-digest:
+    description: 'The digest of the image.'
+    required: true
+  PACKAGE_GITHUB_TOKEN:
+    description: 'GitHub Token to authenticate and sign with'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Install Cosign
+      uses: sigstore/cosign-installer@v3
+    - name: Log into registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.PACKAGE_GITHUB_TOKEN }}
+    # Sign the Docker image (Using OIDC Token for "keyless signing")
+    # https://github.com/sigstore/cosign-installer
+    - name: Sign the images with GH OIDC Token
+      shell: bash
+      run: |
+        cosign sign -d -y $IMAGE
+      env:
+        COSIGN_REPOSITORY: ghcr.io/${{ inputs.image-name }}-signatures
+        IMAGE: ghcr.io/${{ inputs.image-name }}@${{ inputs.image-digest }}
diff --git a/.github/workflows/sign_ghcr.yaml b/.github/workflows/sign_ghcr.yaml
deleted file mode 100644
index 1cd71d4..0000000
--- a/.github/workflows/sign_ghcr.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: Sign Package Collector Image
-
-on:
-  workflow_call:
-    inputs:
-      image-name:
-        description: 'The name of the image.'
-        type: string
-        required: true
-      image-digest:
-        description: 'The digest of the image.'
-        type: string
-        required: true
-    secrets:
-      PACKAGE_GITHUB_TOKEN:
-        description: 'GitHub Token to authenticate and sign with'
-        required: true
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3
-      - name: Log into registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.PACKAGE_GITHUB_TOKEN }}
-      # Sign the Docker image (Using OIDC Token for "keyless signing")
-      # https://github.com/sigstore/cosign-installer
-      - name: Sign the images with GH OIDC Token
-        run: |
-          cosign sign -d -y $IMAGE
-        env:
-          COSIGN_REPOSITORY: ghcr.io/${{ inputs.image-name }}-signatures
-          IMAGE: ghcr.io/${{ inputs.image-name }}@${{ inputs.image-digest }}