2026-01-23 11:06:49 +00:00
4 changed files with 5 additions and 376 deletions
--- a/.github/workflows/update-main-version.yaml
+++ b/.github/workflows/update-main-version.yaml
@ -1,32 +0,0 @@
 name: Release
 on:
  push:
    tags:
      - v[0-9]+.[0-9]+.[0-9]+
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: version
        id: version
        run: |
          tag=${GITHUB_REF/refs\/tags\//}
          version=${tag#v}
          major=${version%%.*}
          echo "tag=${tag}" >> $GITHUB_OUTPUT
          echo "version=${version}" >> $GITHUB_OUTPUT
          echo "major=${major}" >> $GITHUB_OUTPUT
      - name: force update major tag
        run: |
          git config user.name github-actions
          git config user.email github-actions@github.com
          git tag v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} -f
          git push origin refs/tags/v${{ steps.version.outputs.major }} -f
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@ -53,11 +53,11 @@ jobs:
      tags: ${{ steps.meta.outputs.tags }}
    steps:
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      - id: meta
        name: Extract Metadata
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v4
        with:
          images: ${{ inputs.registry }}/${{ inputs.image }}
          flavor: latest=false
@ -75,14 +75,14 @@ jobs:
            type=semver,pattern={{version}},priority=9999 #1
      - name: Login to Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          registry: ${{ inputs.registry }}
          username: ${{ secrets.username }}
          password: ${{ secrets.password }}
      - name: Build Docker images
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v4
        with:
          push: true
          file: ${{ inputs.file }}
--- a/README.md
+++ b/README.md
@ -1,159 +1 @@
-# Build Image Workflow
+# build-image-action
 This GitHub Action automates the process of building and pushing a Docker image to a self-hosted registry. The workflow includes setting up Docker Buildx, extracting metadata, logging in to the registry, and building and pushing the Docker image.
 ## Inputs
 ### `image` (required)
 - Description: Image Name
 - Required: true
 ### `build-args` (optional)
 - Description: Build Arguments
 - Required: false
 ### `file` (optional)
 - Description: Dockerfile Path
 - Required: false
 ### `registry` (required)
 - Description: Registry URL
 - Required: true
 - Default: reg.dev.krd
 ### `username` (required)
 - Description: Username for the registry
 - Required: true
 ### `password` (required)
 - Description: Password for the registry
 - Required: true
 ### `build-secrets` (optional)
 - Description: Build Secrets
 - Required: false
 ## Outputs
 ### `tag`
 - Description: Image Tag
 - Value: ${{ steps.meta.outputs.tags[0] }}
 ### `tags`
 - Description: Image Tags
 - Value: ${{ steps.meta.outputs.tags }}
 ## Workflow Steps
 1. **Set up Docker Buildx:**
   - Uses: docker/setup-buildx-action@v3
 2. **Extract Metadata:**
   - Uses: docker/metadata-action@v5
   - Inputs:
     - `images`: ${{ inputs.registry }}/${{ inputs.image }}
     - `flavor`: latest=false
     - `tags`:
       - Cache: `type=raw,value=${{ github.ref_name }}-cache`
       - Branches: `type=ref,event=branch`, `type=ref,event=branch,suffix=-{{sha}},priority=8888`
       - Releases: `type=semver,pattern={{major}}`, `type=semver,pattern={{major}}.{{minor}}`, `type=semver,pattern={{version}},priority=9999`
 3. **Login to Registry:**
   - Uses: docker/login-action@v3
   - Inputs:
     - `registry`: ${{ inputs.registry }}
     - `username`: ${{ inputs.username }}
     - `password`: ${{ inputs.password }}
 4. **Build Docker images:**
   - Uses: docker/build-push-action@v5
   - Inputs:
     - `push`: true
     - `file`: ${{ inputs.file }}
     - `tags`: ${{ steps.meta.outputs.tags }}
     - `cache-to`: `type=inline`
     - `cache-from`: `type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache`
     - `build-args`: ${{ inputs.build-args }}
     - `secrets`: ${{ inputs.build-secrets }}
 ## Example Usage
 ```yaml
 name: Build Image Workflow
 on:
  push:
    branches:
      - main
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Build and Push Image
        uses: ditkrg/build-image-workflow@v1
        with:
          image: "my-docker-image"
          registry: "my-registry.example.com"
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
          build-args: "EXAMPLE=123"
          build-secrets: "EXAMPLE=****"
          file: "path/to/Dockerfile"
 ```
 If you want to use it with our GitOps Action:
 ```yaml
 name: Deploy
 on:
  push:
    branches:
      - dev
      - main
    tags:
      - v[0-9]+.[0-9]+.[0-9]+
    paths-ignore:
      - "**.md"
      - ".vscode/**"
      - ".github/**"
      - "!.github/workflows/tests-base.yaml"
      - "!.github/workflows/deploy.yaml"
 jobs:
  build:
    runs-on: ubuntu-latest
    concurrency: build-${{ github.ref_name }}
    outputs:
      tag: ${{ steps.build-image.outputs.tag }}
      tags: ${{ steps.build-image.outputs.tags }}
    steps:
      - id: build-image
        name: Build and Push Image
        uses: ditkrg/build-image-workflow@v1
        with:
          image: "my-docker-image"
          registry: "my-registry.example.com"
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
          build-args: "EXAMPLE=123"
          build-secrets: "EXAMPLE=****"
          file: "path/to/Dockerfile"
  update-gitops:
    runs-on: ubuntu-latest
    concurrency: pr-${{ github.ref_name }}
    needs: build
    steps:
      - name: Update gitops
        uses: ditkrg/update-gitops-image@v1
        with:
          owner: ditkrg
          repo: GITOPS_REPO
          app-id: ${{ secrets.APP_ID }}
          image-tag: ${{ needs.build.outputs.tag }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
          component-name: REPO_NAME
 ```
--- a/action.yml
+++ b/action.yml
@ -1,181 +0,0 @@
 name: "Build, Scan and Push Image"
 description: "Build, Scan and Push Image to Self Hosted Registry"
 inputs:
  push:
    description: "Push to Registry"
    required: false
    default: "true"
  image:
    description: "Image Name"
    required: true
  build-args:
    description: "Build Arguments"
    required: false
  file:
    description: "Dockerfile Path"
    required: false
  registry:
    description: "Registry URL"
    required: true
    default: reg.dev.krd
  username:
    required: true
    description: "Username for registry"
  password:
    required: true
    description: "Password for registry"
  build-secrets:
    required: false
    description: "Build Secrets"
  harbor-scan-report:
    required: false
    default: "true"
    description: "Should try to get harbor scan report"
  comment-harbor-scan-report:
    required: false
    default: "true"
    description: "Should comment harbor scan report on PR"
  harbor-scan-report-comment-marker:
    required: false
    default: '<!-- actions-comment-pull-request "build-and-push" -->'
    description: "Comment marker for harbor scan report"
 outputs:
  digest:
    description: "Digest"
    value: ${{ steps.build-and-push.outputs.digest }}
  tag:
    description: "Image Tag"
    value: ${{ steps.set_tag.outputs.tag }}
  tags:
    description: "Image Tags"
    value: ${{ steps.meta.outputs.tags }}
 runs:
  using: "composite"
  steps:
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
    - id: meta
      name: Extract Metadata
      uses: docker/metadata-action@v5
      with:
        images: ${{ inputs.registry }}/${{ inputs.image }}
        flavor: latest=false
        tags: |
          # Pull Request
          type=ref,event=pr
          type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2
          # Branches
          type=ref,event=branch
          type=ref,event=branch,suffix=-{{sha}},priority=8888 # 2
          # Releases
          type=semver,pattern={{major}}
          type=semver,pattern={{major}}.{{minor}}
          type=semver,pattern={{version}},priority=9999 #1
    - name: Login to Registry
      uses: docker/login-action@v3
      with:
        registry: ${{ inputs.registry }}
        username: ${{ inputs.username }}
        password: ${{ inputs.password }}
    - name: Build Docker images
      uses: docker/build-push-action@v6
      id: build-and-push
      with:
        push: ${{ inputs.push }}
        file: ${{ inputs.file }}
        tags: ${{ steps.meta.outputs.tags }}
        cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
        build-args: ${{ inputs.build-args }}
        secrets: ${{ inputs.build-secrets }}
    - name: Set Tag
      id: set_tag
      shell: bash
      run: |
        extracted_tag=$(echo "$json" | jq -r '.tags | .[0]')
        echo "tag=$extracted_tag" >> $GITHUB_OUTPUT
      env:
        tags: ${{ steps.meta.outputs.tags }}
        json: ${{ steps.meta.outputs.json }}
    - name: Harbor Scan Results
      id: harbor-scan-results
      if: ${{ inputs.harbor-scan-report }} == 'true'
      uses: ditkrg/harbor-scan-results-action@main
      with:
        image: ${{ steps.set_tag.outputs.tag }}
        username: ${{ inputs.username }}
        password: ${{ inputs.password }}
        digest: ${{ steps.build-and-push.outputs.digest }}
    - name: Comment on active branch PR
      uses: actions/github-script@v7
      if: ${{ inputs.comment-harbor-scan-report }} == 'true'
      env:
        COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
        TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
      with:
        script: |
          const prs = await github.rest.pulls.list({
            owner: context.repo.owner,
            repo: context.repo.repo,
            head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
          });
          if (prs.data.length <= 0) {
            console.log('No open PR found for the current branch');
            return;
          }
          const pr = prs.data[0];
          // Check if there's already a comment from this workflow
          const comments = await github.rest.issues.listComments({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: pr.number
            });
            const comment_marker = process.env.COMMENT_MARKER;
            const buildComment = comments.data.find(comment => 
              comment.body.includes(comment_marker)
            );
            const commentBody = `${comment_marker}
            ${process.env.TRIVY_SCAN_RESULTS}
            `;
            if (buildComment) {
              // Update existing comment
              await github.rest.issues.updateComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: buildComment.id,
                body: commentBody
              });
              console.log(`Updated comment to PR #${pr.number}`);
            } else {
              // Create new comment
              await github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: pr.number,
                body: commentBody
              });
              console.log(`Added comment to PR #${pr.number}`);
            }