Skip to content

Commit

Permalink
Feat/GitHub action (#7)
Browse files Browse the repository at this point in the history 
* feat/creating enigma bake command to build, scan and tag in a single command

* feat:removed tag code as build command was making tag also

* feat:Improved readme

* feat:Added .DS_Store in .gitignore

* feat:Added .DS_Store in .gitignore

* feat:Added .DS_Store in .gitignore

* feat:Added .DS_Store in .gitignore

* feat/created publish command to Push Image on Dockerhub and cleanup images will be done on based of CLEANUP parameter in .enigma

* feat/created publish command to Push Image on Dockerhub and cleanup images will be done on based of CLEANUP parameter in .enigma

* feat:passed dummy values in readme.md

* feat:Publish for aws and gcp also ready

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* feat:custom workflow for enigma docker

* removed sarif file in go code

* commented scan code to test

* added .enigma file

* testing workflow

* removed /n

* modified code

* removed unwanted code

* added aws creds parameters

* feat:added aws inputs

* modified entrypoint.sh

* changed Dockerfile

* modified Dockerfile

* testing by commenting entrypoint.sh

* commented some lines

* modified full correct Dockerfile and action.yml

* modified entrypoint.sh

* changed entrypoint.sh

* modfied entry point.sh

* feat:modified action.yml

* modified scout command

* removed vaues from .enigma

* commented cleanup part

* modified action.yml

* modified action.yml

* added aws cli install part

* commented login part from custom workflow

* added auth part in entrypoint.sh:

* commented aws login in entrypoint

* added auth part in entrypoint.sh

* modified entrypoint file

* added aws in dockerfile

* added aws in dockerfile

* added cleanup

* modifed entrypoint.sh

* modified readme

* Update entrypoint.sh

* Update readme.md

* feat: modified entrypoint.sh and release.yml

* feat:changed tag to v1

* feat:changed release.yml file
  • Loading branch information
@Bharadwajshivam28
Bharadwajshivam28 authored Aug 30, 2024
1 parent 80dd024 commit 6f0e524
Show file tree
Hide file tree
Showing 8 changed files with 127 additions and 22 deletions.
7 changes: 4 additions & 3 deletions .enigma
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
DOCKER_IMAGE
DOCKER_TAG
CLEANUP
DOCKER_IMAGE=
DOCKER_TAG=
CLEANUP=
SCAN=
41 changes: 27 additions & 14 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,33 @@
ARG GO_VERSION=1.23
FROM golang:${GO_VERSION} as builder
ARG PROGRAM=nothing
ARG VERSION=development
FROM golang:1.23

RUN mkdir /src /output
# Install Docker CLI and other dependencies
RUN apt-get update && apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release \
unzip

WORKDIR /src
# Add Docker's official GPG key
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

COPY . .
RUN GOBIN=/output make install VERSION=$VERSION
RUN PROGRAM=$(ls /output); echo "#!/bin/sh\nexec '/usr/bin/$PROGRAM' \"\$@\"" > /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh
# Set up the Docker repository
RUN echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker CE CLI
RUN apt-get update && apt-get install -y docker-ce-cli

# Install AWS CLI v2
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
unzip awscliv2.zip && \
./aws/install && \
rm -rf aws awscliv2.zip

FROM gcr.io/distroless/base:latest
ARG PROGRAM=nothing
WORKDIR /go/src/app
COPY . .
RUN go build -o enigma main.go

COPY --from=builder /output/${PROGRAM} /
USER 1000
ENTRYPOINT [""]
ENTRYPOINT ["/go/src/app/entrypoint.sh"]
2 changes: 1 addition & 1 deletion README.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
This repo offers to Work effortlessly with Docker, Helm, Docker Compose, Terraform, and other essential DevOps tools. It streamlines your workflow by automating complex commands and managing configurations. Simply set your environment variables, and let Enigma handle rest. With its intuitive design and powerful automation, you’ll achieve greater efficiency and consistency in your DevOps processes.

## 🚀 Table Of Content
1. [Docker](https://github.com/clouddrove/enigma/blob/master/modules/docker/README.md)
1. [Docker](https://github.com/clouddrove/enigma/blob/main/modules/docker/readme.md)

## ✨ Contributors

Expand Down
34 changes: 34 additions & 0 deletions action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: 'Enigma Docker Build and Publish'
description: 'Builds, scans, tags, and pushes Docker images using the Enigma tool'
inputs:
command:
description: 'Command to run (bake or publish)'
required: true
DOCKER_IMAGE:
description: 'Docker image name'
required: true
DOCKER_TAG:
description: 'Docker image tag'
required: true
CLEANUP:
description: 'Cleanup after push (true or false)'
required: false
default: 'false'
AWS_REGION:
description: 'AWS Region'
required: true
AWS_ACCOUNT_ID:
description: 'AWS Account ID'
required: true
runs:
using: 'docker'
image: 'Dockerfile'
env:
DOCKER_IMAGE: ${{ inputs.DOCKER_IMAGE }}
DOCKER_TAG: ${{ inputs.DOCKER_TAG }}
AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ inputs.AWS_REGION }}
CLEANUP: ${{ inputs.AWS_REGION }}

args:
- ${{ inputs.command }}
12 changes: 12 additions & 0 deletions entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh
set -e

# Check if provider is AWS
if [ "$PROVIDER" = "aws" ]; then
aws ecr get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com"

else
echo "Please pass a valid provider"
fi

exec "/go/src/app/enigma" "$@"
2 changes: 1 addition & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,4 @@ func main() {
fmt.Println("Unknown command:", command)
fmt.Println("Commands: bake, publish")
}
}
}
10 changes: 9 additions & 1 deletion modules/docker/docker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,20 @@ func BuildDockerImage() {

fmt.Println("Build complete.")

fmt.Println("Build complete.")
TagDockerImage()
}

// ScanDockerImage performs a security scan of the Docker image and saves the report in SARIF format.
// It uses the `docker scout` command to scan the image for vulnerabilities.
func ScanDockerImage() {
scan := os.Getenv("SCAN")

if scan != "true" {
fmt.Println("SCAN is not set to true. Skipping Docker image scan.")
return
}

dockerTag := os.Getenv("DOCKER_TAG")

if dockerTag == "" {
Expand All @@ -56,6 +64,7 @@ func ScanDockerImage() {
log.Fatalf("Error running docker scout scan: %v", err)
}

fmt.Println("Docker image scan complete.")
fmt.Printf("Scan complete. Report saved to %s\n", sarifFile)
}

Expand Down Expand Up @@ -83,7 +92,6 @@ func TagDockerImage() {
fmt.Println("Docker image tagged successfully.")
}


// PushDockerImage pushes the tagged Docker image to the specified registry and optionally cleans up local images.
// It uses the `docker push` command to upload the image to the registry specified in DOCKER_TAG.
// Cleanup is performed by default or when explicitly set to "true". It's only disabled when set to "false".
Expand Down
41 changes: 39 additions & 2 deletions modules/docker/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@
DOCKER_IMAGE=nginx
DOCKER_TAG=xyz:v1
CLEANUP=true
SCAN=false
```

when working on local keep SCAN=true to it scan your image and generate report for it.

3. Add Dockerfile of your in root of the folder

4. Now from root of the folder run:
Expand All @@ -20,12 +23,46 @@ go build -o enigma main.go
```

### To work with Docker commands run-
- To Build, Scan and Tag:
- To Build and Tag:
```
./enigma bake
```

- To Push Image to Registry and cleanup Image at end(Cleanup will be only done if in `.enigma` CLEANUP is set true or by default it will take true):
```
./enigma publish
```
```

## Usage in GitHub Actions
### This GitHub Action builds docker image, tags and pushes to the registry you want.

```yaml
name: Enigma Docker

on:
push:
branches: main

jobs:
login:
runs-on: ubuntu-latest
steps:

- name: Build Docker Image
uses: clouddrove/enigma@main
with:
command: bake
DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
DOCKER_TAG: ${{ env.DOCKER_TAG }}
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ env.AWS_REGION }}

- name: Publish Docker Image
uses: clouddrove/enigma@main
with:
command: publish
DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
DOCKER_TAG: ${{ env.DOCKER_TAG }}
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ env.AWS_REGION }}
```

0 comments on commit 6f0e524

Please sign in to comment.