Skip to content

Commit

Permalink
Add: upload 3rd gen into greenbone registry (#104)
Browse files Browse the repository at this point in the history 
Co-authored-by: mathisschiwy <[email protected]>
  • Loading branch information
@pascalholthaus @mathisschiwy
pascalholthaus and mathisschiwy authored Sep 24, 2024
1 parent dbe6bf9 commit 9500d1c
Showing 1 changed file with 78 additions and 0 deletions.
78 changes: 78 additions & 0 deletions .github/workflows/helm-container-build-push-3rd-gen.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Container build and push 3rd gen
id: build-and-push
uses: greenbone/actions/container-build-push-generic@v3
Expand Down Expand Up @@ -121,6 +122,83 @@ jobs:
scout-user: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_USERNAME || '' }}
scout-password: ${{ contains(inputs.scout, 'true') && secrets.DOCKERHUB_TOKEN || '' }}

building-container-greenbone-reg:
if: (inputs.helm-chart) && (startsWith(github.ref, 'refs/tags/v'))
runs-on: self-hosted-generic
outputs:
digest: ${{ steps.build-and-push.outputs.digest }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Unfortunately we have to format the URL here because in many repos multiple images are built with static URLs.
# Later we can also use this step to distribute the images into different OCI projects
- name: Create image url
id: image-url
shell: bash
run: |
if ${{ github.ref_name }} | grep -Eq "alpha|rc"; then
url="opensight-dev/$(basename ${{ inputs.image-url }})"
else
case "${{ inputs.image-url }}" in
*"asset-management"*)
url="opensight-asset/$(basename ${{ inputs.image-url }})"
;;
*"vulnerability-intelligence"*)
url="opensight-lookout/$(basename ${{ inputs.image-url }})"
;;
*"scan-management"*)
url="opensight-appliance/$(basename ${{ inputs.image-url }})"
;;
*"opensight-postgres"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-keycloak"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-ingress"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-opensearch"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*"opensight-notification-service"*)
url="opensight/$(basename ${{ inputs.image-url }})"
;;
*)
echo "no supported service in ${{ inputs.image-url }}"
exit 1
;;
# Follow pattern for all 3rd gen products
esac
fi
echo "url=$url" >> $GITHUB_OUTPUT
- name: Container build and push 3rd gen to additional url
id: build-and-push-additional
uses: greenbone/actions/container-build-push-generic@v3
with:
build-context: ${{ inputs.build-context }}
build-docker-file: ${{ inputs.build-docker-file }}
build-args: ${{ inputs.build-args }}
build-secrets: ${{ contains(inputs.build-secret-greenbonebot, 'true') && format('GREENBONE_BOT_PACKAGES_READ_TOKEN={0}', secrets.GREENBONE_BOT_PACKAGES_READ_TOKEN) || inputs.build-secrets }}
cosign-key: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign-key-password: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
# The tlog function does not currently support an ed25519 key.
cosign-tlog-upload: "false"
image-url: ${{ steps.image-url.outputs.url }}
image-labels: ${{ inputs.image-labels }}
image-tags: |
# create container tag for git tags
type=ref,event=tag,value=latest
type=match,pattern=v(.*),group=1
type=ref,event=pr
# use unstable for main branch
type=raw,value=unstable,enable={{is_default_branch}}
registry: ${{ secrets.GREENBONE_REGISTRY }}
registry-username: ${{ secrets.GREENBONE_REGISTRY_USER }}
registry-password: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}

building-service-chart:
if: (inputs.helm-chart) && (startsWith(github.ref, 'refs/tags/v'))
needs:
Expand Down

0 comments on commit 9500d1c

Please sign in to comment.