diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml new file mode 100644 index 000000000..5ba7fdb5b --- /dev/null +++ b/.github/workflows/build_docker.yml @@ -0,0 +1,23 @@ +name: Build and publish a 🛢️ container + +on: + push: + paths-ignore: + - '.github/**' + branches: + - 'main' + tags: + - '*' + +jobs: + build-and-push-container: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: voxpupuli/gha-build-and-publish-a-container@v2 + with: + registry_password: ${{ secrets.GITHUB_TOKEN }} + build_arch: linux/amd64,linux/arm64 + buildfile: puppetserver/Dockerfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..a8e320781 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,51 @@ +--- + +on: + pull_request: {} + push: + branches: + - main + +name: CI + +jobs: + build_docker_image: + name: 'Built test Docker image' + runs-on: ubuntu-latest + defaults: + run: + working-directory: 'puppetserver' + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: puppetserver + tags: 'ci/puppetserver:${{ github.sha }}' + push: false + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ci/puppetserver:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + tests: + needs: + - build_docker_image + runs-on: ubuntu-latest + name: Test suite + steps: + - run: echo Test suite completed diff --git a/puppetserver/Dockerfile b/puppetserver/Dockerfile index d49cc7280..8d506e4a6 100644 --- a/puppetserver/Dockerfile +++ b/puppetserver/Dockerfile @@ -10,11 +10,11 @@ FROM ubuntu:22.04 as base ARG PACKAGES=ca-certificates\ git ARG DUMB_INIT_VERSION="1.2.5" -LABEL org.label-schema.maintainer="Voxpupuli Team " \ - org.label-schema.vendor="Voxpupuli" \ - org.label-schema.url="https://github.com/puppetlabs/puppetserver" \ +LABEL org.label-schema.maintainer="" \ + org.label-schema.vendor="Vox Pupuli" \ + org.label-schema.url="https://github.com/voxpupuli/puppetserver-docker" \ org.label-schema.license="Apache-2.0" \ - org.label-schema.vcs-url="https://github.com/puppetlabs/puppetserver" \ + org.label-schema.vcs-url="https://github.com/voxpupuli/puppetserver-docker" \ org.label-schema.schema-version="1.0" \ org.label-schema.dockerfile="/Dockerfile" @@ -77,7 +77,6 @@ FROM base as release ARG version ARG UBUNTU_CODENAME -ARG install_path=puppetserver="$version"-1"$UBUNTU_CODENAME" ARG deb_uri=https://apt.puppetlabs.com/puppet7-release-$UBUNTU_CODENAME.deb ###################################################### @@ -92,7 +91,6 @@ ARG build_type ARG vcs_ref ARG version ARG build_date -ARG install_path ARG deb_uri # used by entrypoint to submit metrics to Google Analytics; # published images should use "production" for this build_arg @@ -105,7 +103,7 @@ ADD $deb_uri /puppet.deb RUN dpkg -i /puppet.deb && \ rm /puppet.deb RUN apt-get update && \ - apt-get install --no-install-recommends -y $install_path puppetdb-termini && \ + apt-get install --no-install-recommends -y puppetserver puppetdb-termini && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ gem install --no-doc r10k && \