clouddrove · anmolnagpal · Aug 30, 2024 · Aug 26, 2024 · Aug 26, 2024 · Aug 26, 2024
diff --git a/.enigma b/.enigma
@@ -1,3 +1,4 @@
-DOCKER_IMAGE
-DOCKER_TAG
-CLEANUP
+DOCKER_IMAGE=
+DOCKER_TAG=
+CLEANUP=
+SCAN=
diff --git a/Dockerfile b/Dockerfile
@@ -1,20 +1,33 @@
-ARG GO_VERSION=1.23
-FROM golang:${GO_VERSION} as builder
-ARG PROGRAM=nothing
-ARG VERSION=development
+FROM golang:1.23
 
-RUN mkdir /src /output
+# Install Docker CLI and other dependencies
+RUN apt-get update && apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release \
+    unzip
 
-WORKDIR /src
+# Add Docker's official GPG key
+RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 
-COPY . .
-RUN GOBIN=/output make install VERSION=$VERSION
-RUN PROGRAM=$(ls /output); echo "#!/bin/sh\nexec '/usr/bin/$PROGRAM' \"\$@\"" > /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh
+# Set up the Docker repository
+RUN echo \
+    "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
+    $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+# Install Docker CE CLI
+RUN apt-get update && apt-get install -y docker-ce-cli
 
+# Install AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+    unzip awscliv2.zip && \
+    ./aws/install && \
+    rm -rf aws awscliv2.zip
 
-FROM gcr.io/distroless/base:latest
-ARG PROGRAM=nothing
+WORKDIR /go/src/app
+COPY . .
+RUN go build -o enigma main.go
 
-COPY --from=builder /output/${PROGRAM} /
-USER 1000
-ENTRYPOINT [""]
+ENTRYPOINT ["/go/src/app/entrypoint.sh"]
diff --git a/README.MD b/README.MD
@@ -28,7 +28,7 @@
 This repo offers to Work effortlessly with Docker, Helm, Docker Compose, Terraform, and other essential DevOps tools. It streamlines your workflow by automating complex commands and managing configurations. Simply set your environment variables, and let Enigma handle rest. With its intuitive design and powerful automation, you’ll achieve greater efficiency and consistency in your DevOps processes.
 
 ## 🚀 Table Of Content
-1. [Docker](https://github.com/clouddrove/enigma/blob/master/modules/docker/README.md)   
+1. [Docker](https://github.com/clouddrove/enigma/blob/main/modules/docker/readme.md)   
 
 ## ✨ Contributors
 

diff --git a/action.yml b/action.yml
@@ -0,0 +1,34 @@
+name: 'Enigma Docker Build and Publish'
+description: 'Builds, scans, tags, and pushes Docker images using the Enigma tool'
+inputs:
+  command:
+    description: 'Command to run (bake or publish)'
+    required: true
+  DOCKER_IMAGE:
+    description: 'Docker image name'
+    required: true
+  DOCKER_TAG:
+    description: 'Docker image tag'
+    required: true
+  CLEANUP:
+    description: 'Cleanup after push (true or false)'
+    required: false
+    default: 'false'
+  AWS_REGION:
+    description: 'AWS Region'
+    required: true
+  AWS_ACCOUNT_ID:
+    description: 'AWS Account ID'
+    required: true
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  env:
+    DOCKER_IMAGE: ${{ inputs.DOCKER_IMAGE }}
+    DOCKER_TAG: ${{ inputs.DOCKER_TAG }}
+    AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID }}
+    AWS_REGION: ${{ inputs.AWS_REGION }}
+    CLEANUP: ${{ inputs.AWS_REGION }}
+
+  args:
+    - ${{ inputs.command }}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+# Check if provider is AWS
+if [ "$PROVIDER" = "aws" ]; then
+  aws ecr get-login-password --region "$AWS_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com"
+fi
+
+exec "/go/src/app/enigma" "$@"
diff --git a/main.go b/main.go
@@ -41,4 +41,4 @@ func main() {
 		fmt.Println("Unknown command:", command)
 		fmt.Println("Commands: bake, publish")
 	}
-}
+}
diff --git a/modules/docker/docker.go b/modules/docker/docker.go
@@ -31,12 +31,20 @@ func BuildDockerImage() {
 
     fmt.Println("Build complete.")
 
+    fmt.Println("Build complete.")
     TagDockerImage()
 }
 
 // ScanDockerImage performs a security scan of the Docker image and saves the report in SARIF format.
 // It uses the `docker scout` command to scan the image for vulnerabilities.
 func ScanDockerImage() {
+    scan := os.Getenv("SCAN")
+
+    if scan != "true" {
+        fmt.Println("SCAN is not set to true. Skipping Docker image scan.")
+        return
+    }
+
     dockerTag := os.Getenv("DOCKER_TAG")
 
     if dockerTag == "" {
@@ -56,6 +64,7 @@ func ScanDockerImage() {
         log.Fatalf("Error running docker scout scan: %v", err)
     }
 
+    fmt.Println("Docker image scan complete.")
     fmt.Printf("Scan complete. Report saved to %s\n", sarifFile)
 }
 
@@ -83,7 +92,6 @@ func TagDockerImage() {
     fmt.Println("Docker image tagged successfully.")
 }
 
-
 // PushDockerImage pushes the tagged Docker image to the specified registry and optionally cleans up local images.
 // It uses the `docker push` command to upload the image to the registry specified in DOCKER_TAG.
 // Cleanup is performed by default or when explicitly set to "true". It's only disabled when set to "false".

diff --git a/modules/docker/readme.md b/modules/docker/readme.md
@@ -8,8 +8,11 @@
 DOCKER_IMAGE=nginx
 DOCKER_TAG=xyz:v1
 CLEANUP=true
+SCAN=false
 ```
 
+when working on local keep SCAN=true to it scan your image and generate report for it. 
+
 3. Add Dockerfile of your in root of the folder
 
 4. Now from root of the folder run:
@@ -20,12 +23,46 @@ go build -o enigma main.go
 ```
 
 ### To work with Docker commands run-
-- To Build, Scan and Tag:
+- To Build and Tag:
   ```
   ./enigma bake
   ```
 
 - To Push Image to Registry and cleanup Image at end(Cleanup will be only done if in `.enigma` CLEANUP is set true or by default it will take true):
   ```
   ./enigma publish
-  ```
+  ```
+
+## Usage in GitHub Actions
+### This GitHub Action builds docker image, tags and pushes to the registry you want. 
+
+```yaml
+name: Enigma Docker
+
+on:
+  push:
+    branches: main
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Build Docker Image
+        uses: clouddrove/enigma@main
+        with:
+          command: bake
+          DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
+          DOCKER_TAG: ${{ env.DOCKER_TAG }}
+          AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Publish Docker Image
+        uses: clouddrove/enigma@main
+        with:
+          command: publish
+          DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
+          DOCKER_TAG: ${{ env.DOCKER_TAG }}
+          AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
+          AWS_REGION: ${{ env.AWS_REGION }}
+```