Add reusable workflow

.github/dependabot.yml

@@ -0,0 +1,10 @@
+---
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "ditkrg/devops"

.github/workflows/workflow.yaml

@@ -0,0 +1,124 @@
+---
+name: Build, Scan and Push Image
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        type: string
+        required: true
+        description: Image name excluding registry
+      build-args:
+        type: string
+        required: false
+        description: "List of build-time variables"
+      file:
+        type: string
+        required: false
+      registry:
+        type: string
+        default: reg.dev.krd
+        required: false
+
+      runs-on:
+        type: string
+        default: "[ 'self-hosted', 'ubuntu-focal' ]"
+        required: false
+
+      # Trivy Options
+      trivy:
+        type: boolean
+        required: false
+        default: true
+        description: Enable trivy image vulnerability check
+
+      trivy-exit-code:
+        type: number
+        required: false
+        default: 0
+        description: Exit code when vulnerabilities were found
+
+      trivy-severity:
+        type: string
+        required: false
+        default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+        description: severities of vulnerabilities to be displayed (comma separated)
+
+      trivy-format:
+        type: string
+        required: false
+        default: table
+        description: How to display the results
+
+    secrets:
+      username:
+        required: true
+      password:
+        required: true
+      build-secrets:
+        required: false
+
+jobs:
+  build-push:
+    name: Build and Push
+    runs-on: ${{ fromJson(inputs.runs-on) }}
+    timeout-minutes: 10
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - id: meta
+        name: Extract Metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ inputs.registry }}/{{ inputs.image }}
+          flavor: latest=false
+          tags: |
+            # Branches
+            type=ref,event=branch
+            type=ref,event=branch,suffix=-{{sha}},priority=8888 # 2
+
+            # Releases
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}},priority=9999 #1
+
+      - name: Login to Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ secrets.username }}
+          password: ${{ secrets.password }}
+
+      - name: Build Docker images
+        if: ${{ inputs.trivy }}
+        uses: docker/build-push-action@v3
+        with:
+          load: true
+          file: ${{ inputs.file }}
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-to: type=registry,ref=${{ inputs.registry }}/{{ inputs.image }}:buildcache,mode=max
+          cache-from: type=registry,ref=${{ inputs.registry }}/{{ inputs.image }}:buildcache
+          build-args: ${{ inputs.build-args }}
+          secrets: ${{ secrets.build-secrets }}
+
+      - name: Run Trivy vulnerability scanner
+        if: ${{ inputs.trivy }}
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
+          format: ${{ inputs.format }}
+          exit-code: ${{ inputs.exit-code }}
+          severity: ${{ inputs.severity }}
+
+      - name: Build Docker images
+        if: ${{ inputs.trivy }}
+        uses: docker/build-push-action@v3
+        with:
+          load: true
+          file: ${{ inputs.file }}
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-to: type=registry,ref=${{ inputs.registry }}/{{ inputs.image }}:buildcache,mode=max
+          cache-from: type=registry,ref=${{ inputs.registry }}/{{ inputs.image }}:buildcache
+          build-args: ${{ inputs.build-args }}
+          secrets: ${{ secrets.build-secrets }}