Build SecObserve docker image

stackabletech · Mar 4, 2024 · 4f5e1cc · 4f5e1cc
1 parent 35f383a
commit 4f5e1cc
Showing 1 changed file with 25 additions and 15 deletions.
diff --git a/.github/workflows/build_push_dev.yml b/.github/workflows/build_push_dev.yml
@@ -1,8 +1,12 @@
 name: Build and push dev images
 
-on: workflow_dispatch
+on:
+  push:
+    branches:
+      - stackable
 
-permissions: read-all
+permissions:
+  id-token: write
 
 jobs:
   docker:
@@ -18,41 +22,47 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
       -
-        name: Login to Docker Hub
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        name: Login to Stackable Harbor
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # tag=v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: oci.stackable.tech
+          username: robot$stackable+github-action-build
+          password: ${{ secrets.HARBOR_ROBOT_STACKABLE_GITHUB_ACTION_BUILD_SECRET }}
+      -
+        name: Set up Cosign
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # tag=v3.3.0
       -
         name: Set current date as env variable
         run: echo "CREATED=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
       -
         name: Build and push backend
+        id: build-and-push-backend
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
           file: ./docker/backend/prod/django/Dockerfile
           push: true
-          tags: maibornwolff/secobserve-backend:dev
+          tags: stackable/secobserve-backend:dev
           build-args: |
             CREATED=${{ env.CREATED }}
             REVISION=${{ github.sha }}
             VERSION=dev
+      -
+        name: Sign the published backend image
+        run: cosign sign -y oci.stackable.tech/stackable/secobserve-backend@${{ steps.build-and-push-backend.outputs.digest }}
       -
         name: Build and push frontend
+        id: build-and-push-frontend
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           context: .
           file: ./docker/frontend/Dockerfile
-          push: true
-          tags: maibornwolff/secobserve-frontend:dev
+          push: truet
+          tags: stackable/secobserve-frontend:dev
           build-args: |
             CREATED=${{ env.CREATED }}
             REVISION=${{ github.sha }}
             VERSION=dev
-      - 
-        name: Run SCA vulnerability scanners
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@cd1288ce6cb16c1b41bea98f60c275c0fc103166 # main
-        with:
-          so_configuration: 'so_configuration_sca_dev.yml'
-          SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
+      -
+        name: Sign the published frontend image
+        run: cosign sign -y oci.stackable.tech/stackable/secobserve-frontend@${{ steps.build-and-push-backend.outputs.digest }}