Add harbor scan report inputs and commenting functionality in action.yml

This update introduces new input parameters for enabling harbor scan report retrieval and commenting on pull requests. The action now includes logic to comment on the PR with scan results, enhancing visibility and feedback during the CI/CD process.
Refactor caching mechanism in action.yml
2026-01-23 11:06:49 +00:00 · 2025-05-09 03:10:50 +03:00 · 2025-05-09 01:27:45 +03:00 · 2025-05-08 23:21:34 +03:00 · 2025-05-08 20:51:26 +03:00 · 2025-04-28 02:46:59 +03:00
2 changed files with 99 additions and 7 deletions
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@ -82,7 +82,7 @@ jobs:
          password: ${{ secrets.password }}

      - name: Build Docker images
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          push: true
          file: ${{ inputs.file }}
--- a/action.yml
+++ b/action.yml
@ -1,6 +1,10 @@
 name: "Build, Scan and Push Image"
 description: "Build, Scan and Push Image to Self Hosted Registry"
 inputs:
+  push:
+    description: "Push to Registry"
+    required: false
+    default: "true"
  image:
    description: "Image Name"
    required: true
@ -25,7 +29,25 @@ inputs:
    required: false
    description: "Build Secrets"

+  harbor-scan-report:
+    required: false
+    default: "true"
+    description: "Should try to get harbor scan report"
+
+  comment-harbor-scan-report:
+    required: false
+    default: "true"
+    description: "Should comment harbor scan report on PR"
+
+  harbor-scan-report-comment-marker:
+    required: false
+    default: '<!-- actions-comment-pull-request "build-and-push" -->'
+    description: "Comment marker for harbor scan report"
+
 outputs:
+  digest:
+    description: "Digest"
+    value: ${{ steps.build-and-push.outputs.digest }}
  tag:
    description: "Image Tag"
    value: ${{ steps.set_tag.outputs.tag }}
@ -46,8 +68,9 @@ runs:
        images: ${{ inputs.registry }}/${{ inputs.image }}
        flavor: latest=false
        tags: |
-          # Cache
-          type=raw,value=${{ github.ref_name }}-cache
+          # Pull Request
+          type=ref,event=pr
+          type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2

          # Branches
          type=ref,event=branch
@ -66,13 +89,14 @@ runs:
        password: ${{ inputs.password }}

    - name: Build Docker images
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      id: build-and-push
      with:
-        push: true
+        push: ${{ inputs.push }}
        file: ${{ inputs.file }}
        tags: ${{ steps.meta.outputs.tags }}
-        cache-to: type=inline
-        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache
+        cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
+        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
        build-args: ${{ inputs.build-args }}
        secrets: ${{ inputs.build-secrets }}

@ -87,3 +111,71 @@ runs:
      env:
        tags: ${{ steps.meta.outputs.tags }}
        json: ${{ steps.meta.outputs.json }}
+
+    - name: Harbor Scan Results
+      id: harbor-scan-results
+      if: ${{ inputs.harbor-scan-report }} == 'true'
+      uses: ditkrg/harbor-scan-results-action@main
+      with:
+        image: ${{ steps.set_tag.outputs.tag }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+        digest: ${{ steps.build-and-push.outputs.digest }}
+
+    - name: Comment on active branch PR
+      uses: actions/github-script@v7
+      if: ${{ inputs.comment-harbor-scan-report }} == 'true'
+      env:
+        COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
+        TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
+      with:
+        script: |
+          const prs = await github.rest.pulls.list({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
+          });
+
+          if (prs.data.length <= 0) {
+            console.log('No open PR found for the current branch');
+            return;
+          }
+
+          const pr = prs.data[0];
+          // Check if there's already a comment from this workflow
+          const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: pr.number
+            });
+            
+            const comment_marker = process.env.COMMENT_MARKER;
+            const buildComment = comments.data.find(comment => 
+              comment.body.includes(comment_marker)
+            );
+
+            const commentBody = `${comment_marker}
+            ${process.env.TRIVY_SCAN_RESULTS}
+            `;
+            
+            if (buildComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: buildComment.id,
+                body: commentBody
+              });
+
+              console.log(`Updated comment to PR #${pr.number}`);
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: pr.number,
+                body: commentBody
+              });
+
+              console.log(`Added comment to PR #${pr.number}`);
+            }
Author	SHA1	Message	Date
Shkar T. Noori	95127ca9d2	Add harbor scan report inputs and commenting functionality in action.yml This update introduces new input parameters for enabling harbor scan report retrieval and commenting on pull requests. The action now includes logic to comment on the PR with scan results, enhancing visibility and feedback during the CI/CD process.	2025-05-09 03:10:50 +03:00
Shkar T. Noori	ce1914c7e6	Refactor caching mechanism in action.yml This update modifies the caching strategy by removing the previous cache type and introducing a new registry-based cache for builds. This change enhances the efficiency of the caching process during CI/CD workflows.	2025-05-09 01:27:45 +03:00
Shkar T. Noori	6bc379401f	Add pull request event types to action.yml This update introduces new event types for handling pull requests in the action.yml file, allowing for better caching and event management during CI/CD processes.	2025-05-08 23:21:34 +03:00
Shkar T. Noori	a126631a61	Add digest output to action.yml and set build-and-push step ID This update introduces a new output 'digest' to the action.yml file, which captures the digest value from the build-and-push step. Additionally, the build-and-push step is now assigned an ID for better output management.	2025-05-08 20:51:26 +03:00
Shkar T. Noori	03f50cfd52	Add input option for pushing to registry in action.yml Introduced a new input parameter 'push' to control whether the image should be pushed to the registry. The default value is set to true, allowing for more flexible image handling during the build process.	2025-04-28 02:46:59 +03:00
Shakar Bakr	89f03a4cdf	Merge pull request #15 from ditkrg/dependabot/github_actions/docker/build-push-action-6 Bump docker/build-push-action from 5 to 6	2024-10-17 14:36:08 +03:00
dependabot[bot]	99f10f531b	Bump docker/build-push-action from 5 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-06-18 04:46:54 +00:00