From b2e2bdb54bf635b0b5dd9f076f1b9bfbd97a361e Mon Sep 17 00:00:00 2001 From: Tomas Gonzalez Date: Tue, 30 Apr 2024 11:55:33 -0400 Subject: [PATCH 1/5] pushing container image Dockerfile and build workflow --- .dockerignore | 8 ++++++++ .github/workflows/build-image.yml | 31 +++++++++++++++++++++++++++++++ Dockerfile | 10 ++++++++++ workbench-agent.py | 12 ++++++------ 4 files changed, 55 insertions(+), 6 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/workflows/build-image.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..786ad94 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +./github/workflows +.vscode +.gitignore +.pylintrc +Dockerfile +LICENSE +README.md +setup.cfg \ No newline at end of file diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml new file mode 100644 index 0000000..423f47b --- /dev/null +++ b/.github/workflows/build-image.yml @@ -0,0 +1,31 @@ +name: Publish Container Image to GHCR + +on: + push: + branches: + - main + +env: + IMAGE_NAME: workbench-agent + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + + steps: + - uses: actions/checkout@v4 + + - name: Build Container Image + run: docker build . --file Dockerfile --tag $IMAGE_NAME + + - name: Log in to GitHub Container Registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + # + - name: Push image + run: | + IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME + docker tag $IMAGE_NAME $IMAGE_ID:latest + docker push $IMAGE_ID:latest diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e1b736e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM cgr.dev/chainguard/python:latest-dev as builder +WORKDIR /app +COPY requirements.txt . +RUN pip install -r requirements.txt --user + +FROM cgr.dev/chainguard/python:latest +WORKDIR /app +COPY --from=builder /home/nonroot/.local/lib/python3.12/site-packages /home/nonroot/.local/lib/python3.12/site-packages +COPY workbench-agent.py . +ENTRYPOINT [ "python", "/app/workbench-agent.py" ] \ No newline at end of file diff --git a/workbench-agent.py b/workbench-agent.py index 39fcf9c..7b57e07 100755 --- a/workbench-agent.py +++ b/workbench-agent.py @@ -80,11 +80,11 @@ def _send_request(self, payload: dict) -> dict: def upload_files(self, scan_code: str, path: str): """ - Uploads a .fossid file to the Workbench using the API's Upload endpoint. + Uploads files to the Workbench using the API's File Upload endpoint. Args: - scan_code (str): The code of the scan where the hashes should be uploaded. - path (str): Path to the blind scan result (.fossid file). + scan_code (str): The scan code where the file or files will be uploaded. + path (str): Path to the file or files to upload. """ name = base64.b64encode(os.path.basename(path).encode()).decode("utf-8") scan_code = base64.b64encode(scan_code.encode()).decode("utf-8") @@ -106,7 +106,7 @@ def upload_files(self, scan_code: str, path: str): sys.exit(1) except IOError: # Error opening file - print(f"Failed to upload hashes for scan {scan_code}") + print(f"Failed to upload files to the scan {scan_code}.") print(traceback.print_exc()) sys.exit(1) @@ -134,7 +134,7 @@ def _delete_existing_scan(self, scan_code: str): def create_webapp_scan(self, scan_code: str, project_code: str = None) -> bool: """ - Creates a new web application scan in the Workbench. + Creates a Scan in Workbench. The scan can optionally be created inside a Project. Args: scan_code (str): The unique identifier for the scan. @@ -152,7 +152,7 @@ def create_webapp_scan(self, scan_code: str, project_code: str = None) -> bool: "scan_code": scan_code, "scan_name": scan_code, "project_code": project_code, - "description": "Automatically created scan by Workbench Agent script.", + "description": "Scan created using the Workbench Agent.", }, } response = self._send_request(payload) From b9ad04316bfc462819fea7cb885f4777319d8a67 Mon Sep 17 00:00:00 2001 From: Tomas Gonzalez Date: Tue, 30 Apr 2024 11:59:58 -0400 Subject: [PATCH 2/5] add support for multiple platforms --- .github/workflows/build-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 423f47b..2e7adee 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v4 - name: Build Container Image - run: docker build . --file Dockerfile --tag $IMAGE_NAME + run: docker build --platform linux/arm64,linux/amd64 . --file Dockerfile --tag $IMAGE_NAME - name: Log in to GitHub Container Registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin From a0394bcab0ffeb05dd4f49f9ceadd7ed18257e59 Mon Sep 17 00:00:00 2001 From: Tomas Gonzalez Date: Tue, 30 Apr 2024 12:03:41 -0400 Subject: [PATCH 3/5] fix multi platform build --- .github/workflows/build-image.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 2e7adee..3f1fbec 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -18,9 +18,17 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Build Container Image - run: docker build --platform linux/arm64,linux/amd64 . --file Dockerfile --tag $IMAGE_NAME + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build Multi-Platform Image + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64 + - name: Log in to GitHub Container Registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin # From 728000fa69f81c735b2188c2c62328f58ebe958b Mon Sep 17 00:00:00 2001 From: Tomas Gonzalez Date: Tue, 30 Apr 2024 12:08:12 -0400 Subject: [PATCH 4/5] simplify workflow --- .github/workflows/build-image.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 3f1fbec..f4bcf10 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -17,6 +17,8 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Log in to GitHub Container Registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -28,12 +30,5 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 - - - name: Log in to GitHub Container Registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - # - - name: Push image - run: | - IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME - docker tag $IMAGE_NAME $IMAGE_ID:latest - docker push $IMAGE_ID:latest + push: true + tags: ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:latest \ No newline at end of file From de4284df298781c8b848021811c2d233d20fa0e9 Mon Sep 17 00:00:00 2001 From: Tomas Gonzalez Date: Tue, 30 Apr 2024 12:09:37 -0400 Subject: [PATCH 5/5] simplify build --- .github/workflows/build-image.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index f4bcf10..2270eae 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -5,9 +5,6 @@ on: branches: - main -env: - IMAGE_NAME: workbench-agent - jobs: build-and-push: runs-on: ubuntu-latest @@ -31,4 +28,4 @@ jobs: context: . platforms: linux/amd64,linux/arm64 push: true - tags: ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME:latest \ No newline at end of file + tags: ghcr.io/${{ github.repository_owner }}/workbench-agent:latest \ No newline at end of file