Add harbor scan report inputs and commenting functionality in action.yml

This update introduces new input parameters for enabling harbor scan report retrieval and commenting on pull requests. The action now includes logic to comment on the PR with scan results, enhancing visibility and feedback during the CI/CD process.

.github/workflows/update-main-version.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/workflow.yaml

@@ -82,7 +82,7 @@ jobs:
           password: ${{ secrets.password }}
 
       - name: Build Docker images
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
           file: ${{ inputs.file }}

README.md

@@ -101,4 +101,59 @@ jobs:
           file: "path/to/Dockerfile"
 ```
 
-Feel free to customize the inputs and adjust the workflow based on your specific requirements.
+If you want to use it with our GitOps Action:
+
+```yaml
+name: Deploy
+
+on:
+  push:
+    branches:
+      - dev
+      - main
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+    paths-ignore:
+      - "**.md"
+      - ".vscode/**"
+
+      - ".github/**"
+      - "!.github/workflows/tests-base.yaml"
+      - "!.github/workflows/deploy.yaml"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    concurrency: build-${{ github.ref_name }}
+    outputs:
+      tag: ${{ steps.build-image.outputs.tag }}
+      tags: ${{ steps.build-image.outputs.tags }}
+    steps:
+      - id: build-image
+        name: Build and Push Image
+        uses: ditkrg/build-image-workflow@v1
+        with:
+          image: "my-docker-image"
+          registry: "my-registry.example.com"
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          build-args: "EXAMPLE=123"
+          build-secrets: "EXAMPLE=****"
+          file: "path/to/Dockerfile"
+
+  update-gitops:
+    runs-on: ubuntu-latest
+    concurrency: pr-${{ github.ref_name }}
+    needs: build
+    steps:
+      - name: Update gitops
+        uses: ditkrg/update-gitops-image@v1
+        with:
+          owner: ditkrg
+          repo: GITOPS_REPO
+          app-id: ${{ secrets.APP_ID }}
+          image-tag: ${{ needs.build.outputs.tag }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          component-name: REPO_NAME
+```

action.yml

@@ -1,6 +1,10 @@
 name: "Build, Scan and Push Image"
 description: "Build, Scan and Push Image to Self Hosted Registry"
 inputs:
+  push:
+    description: "Push to Registry"
+    required: false
+    default: "true"
   image:
     description: "Image Name"
     required: true
@@ -25,10 +29,28 @@ inputs:
     required: false
     description: "Build Secrets"
 
+  harbor-scan-report:
+    required: false
+    default: "true"
+    description: "Should try to get harbor scan report"
+
+  comment-harbor-scan-report:
+    required: false
+    default: "true"
+    description: "Should comment harbor scan report on PR"
+
+  harbor-scan-report-comment-marker:
+    required: false
+    default: '<!-- actions-comment-pull-request "build-and-push" -->'
+    description: "Comment marker for harbor scan report"
+
 outputs:
+  digest:
+    description: "Digest"
+    value: ${{ steps.build-and-push.outputs.digest }}
   tag:
     description: "Image Tag"
-    value: ${{ steps.meta.outputs.tags[0] }}
+    value: ${{ steps.set_tag.outputs.tag }}
   tags:
     description: "Image Tags"
     value: ${{ steps.meta.outputs.tags }}
@@ -46,8 +68,9 @@ runs:
         images: ${{ inputs.registry }}/${{ inputs.image }}
         flavor: latest=false
         tags: |
-          # Cache
+          # Pull Request
-          type=raw,value=${{ github.ref_name }}-cache
+          type=ref,event=pr
+          type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2
 
           # Branches
           type=ref,event=branch
@@ -66,12 +89,93 @@ runs:
         password: ${{ inputs.password }}
 
     - name: Build Docker images
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      id: build-and-push
       with:
-        push: true
+        push: ${{ inputs.push }}
         file: ${{ inputs.file }}
         tags: ${{ steps.meta.outputs.tags }}
-        cache-to: type=inline
+        cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
-        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache
+        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
         build-args: ${{ inputs.build-args }}
         secrets: ${{ inputs.build-secrets }}
+
+    - name: Set Tag
+      id: set_tag
+      shell: bash
+      run: |
+
+        extracted_tag=$(echo "$json" | jq -r '.tags | .[0]')
+        echo "tag=$extracted_tag" >> $GITHUB_OUTPUT
+
+      env:
+        tags: ${{ steps.meta.outputs.tags }}
+        json: ${{ steps.meta.outputs.json }}
+
+    - name: Harbor Scan Results
+      id: harbor-scan-results
+      if: ${{ inputs.harbor-scan-report }} == 'true'
+      uses: ditkrg/harbor-scan-results-action@main
+      with:
+        image: ${{ steps.set_tag.outputs.tag }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+        digest: ${{ steps.build-and-push.outputs.digest }}
+
+    - name: Comment on active branch PR
+      uses: actions/github-script@v7
+      if: ${{ inputs.comment-harbor-scan-report }} == 'true'
+      env:
+        COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
+        TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
+      with:
+        script: |
+          const prs = await github.rest.pulls.list({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
+          });
+
+          if (prs.data.length <= 0) {
+            console.log('No open PR found for the current branch');
+            return;
+          }
+
+          const pr = prs.data[0];
+          // Check if there's already a comment from this workflow
+          const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: pr.number
+            });
+            
+            const comment_marker = process.env.COMMENT_MARKER;
+            const buildComment = comments.data.find(comment => 
+              comment.body.includes(comment_marker)
+            );
+
+            const commentBody = `${comment_marker}
+            ${process.env.TRIVY_SCAN_RESULTS}
+            `;
+            
+            if (buildComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: buildComment.id,
+                body: commentBody
+              });
+
+              console.log(`Updated comment to PR #${pr.number}`);
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: pr.number,
+                body: commentBody
+              });
+
+              console.log(`Added comment to PR #${pr.number}`);
+            }