diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..786ad94 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +./github/workflows +.vscode +.gitignore +.pylintrc +Dockerfile +LICENSE +README.md +setup.cfg \ No newline at end of file diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml new file mode 100644 index 0000000..2270eae --- /dev/null +++ b/.github/workflows/build-image.yml @@ -0,0 +1,31 @@ +name: Publish Container Image to GHCR + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + + steps: + - uses: actions/checkout@v4 + - name: Log in to GitHub Container Registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Multi-Platform Image + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ghcr.io/${{ github.repository_owner }}/workbench-agent:latest \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e1b736e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM cgr.dev/chainguard/python:latest-dev as builder +WORKDIR /app +COPY requirements.txt . +RUN pip install -r requirements.txt --user + +FROM cgr.dev/chainguard/python:latest +WORKDIR /app +COPY --from=builder /home/nonroot/.local/lib/python3.12/site-packages /home/nonroot/.local/lib/python3.12/site-packages +COPY workbench-agent.py . +ENTRYPOINT [ "python", "/app/workbench-agent.py" ] \ No newline at end of file diff --git a/workbench-agent.py b/workbench-agent.py index 08353ad..7cf3090 100755 --- a/workbench-agent.py +++ b/workbench-agent.py @@ -80,11 +80,11 @@ def _send_request(self, payload: dict) -> dict: def upload_files(self, scan_code: str, path: str): """ - Uploads a .fossid file to the Workbench using the API's Upload endpoint. + Uploads files to the Workbench using the API's File Upload endpoint. Args: - scan_code (str): The code of the scan where the hashes should be uploaded. - path (str): Path to the blind scan result (.fossid file). + scan_code (str): The scan code where the file or files will be uploaded. + path (str): Path to the file or files to upload. """ name = base64.b64encode(os.path.basename(path).encode()).decode("utf-8") scan_code = base64.b64encode(scan_code.encode()).decode("utf-8") @@ -106,7 +106,7 @@ def upload_files(self, scan_code: str, path: str): sys.exit(1) except IOError: # Error opening file - print(f"Failed to upload hashes for scan {scan_code}") + print(f"Failed to upload files to the scan {scan_code}.") print(traceback.print_exc()) sys.exit(1) @@ -134,7 +134,7 @@ def _delete_existing_scan(self, scan_code: str): def create_webapp_scan(self, scan_code: str, project_code: str = None, target_path: str = None) -> bool: """ - Creates a new web application scan in the Workbench. + Creates a Scan in Workbench. The scan can optionally be created inside a Project. Args: scan_code (str): The unique identifier for the scan. @@ -154,7 +154,7 @@ def create_webapp_scan(self, scan_code: str, project_code: str = None, target_pa "scan_name": scan_code, "project_code": project_code, "target_path": target_path, - "description": "Automatically created scan by Workbench Agent script.", + "description": "Scan created using the Workbench Agent.", }, } response = self._send_request(payload)