From 4f75e235cf508ebbb98d7b95e12307b9d887496b Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:06:52 +0100
Subject: [PATCH 01/11] fix: refactor image creation name processing

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 79 ++++++++++++++++++++-------------
 1 file changed, 47 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 6a24e35..6521d21 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -43,11 +43,7 @@ on:
         required: false
         type: string
         default: ''
-      image_repo:
-        description: 'The repository of the image'
-        required: false
-        type: string
-        default: ${{ github.repository_owner }}
+
       build_args:
         description: 'The build arguments for the image'
         required: false
@@ -56,6 +52,8 @@ on:
 
 env:
   MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
+  QUAY_USER: ${{ secrets.QUAY_USER }}
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
 
 jobs:
 
@@ -81,41 +79,49 @@ jobs:
       id: get_dir
       run: |
         echo "docker_directory=$(dirname ${{ inputs.dockerfile }})" >> $GITHUB_OUTPUT
-        env
 
     - name: Prepare tagging
       id: prep
       run: |
-        IMAGE_NAME=$(basename ${{ github.repository }})
-        IMAGE_REPO=${{ inputs.image_repo }}
+        name="$(basename ${{ github.repository }})"
         if [[ -n "${{ inputs.image_name }}" ]]; then
-          IMAGE_NAME="${{ inputs.image_name }}"
-        fi
-        VERSION="dev"
-        if [[ '${{ needs.pre-commit.outputs.version }}'  != '' ]]; then
-          VERSION="${{ needs.pre-commit.outputs.version }}"
+          tmp_name="$( basename '${{ inputs.image_name }}')"
         fi
-        if [ "${{ github.event_name }}" = "schedule" ]; then
-          VERSION="nightly"
+        repo=${{ github.repository_owner }}
+        if [[ -n "${{ inputs.image_name }}" ]] && [[ "${name}" != "${{ inputs.image_name}}" ]]; then
+          repo="$( dirname '${{ inputs.image_name }}')"
         fi
-        GHCR_IMAGE="ghcr.io/${IMAGE_NAME}"
-        TAGS="${GHCR_IMAGE}:${VERSION}"
+        IMAGE_NAME="${repo}/${name}
 
-        if [[ -n "${{ secrets.QUAY_USER }}" ]]; then
-          QUAY_IMAGE="quay.io/${IMAGE_REPO}/${IMAGE_NAME}"
-          tags="${TAGS}:${QUAY_IMAGE}:${VERSION}"
-        fi
+        IMAGES=<<EOT
+        name=ghcr.io/${IMAGE_NAME},enable=true
+        name=quay.io/${IMAGE_NAME},enable=$( [[ -n "${{env.QUAY_USER}}" ]] && echo "true" || echo "false" )
+        name=docker.io/${IMAGE_NAME},enable=$( [[ -n "${{env.DOCKER_USER}}" ]] && echo "true" || echo "false" )
+        EOT
 
-        if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-          TAGS="$TAGS,${GHCR_IMAGE}:latest"
-          if [[ -n "${{ secrets.QUAY_USER }}" ]]; then
-            TAGS="$TAGS,${QUAY_IMAGE}:latest"
-          fi
-        fi
+        TAGS=<<EOT
+        type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}
+        type=schedule,pattern=nightly
+        type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
+        EOT
+
+        echo "setting images ${IMAGES}"
         echo "settings tag ${TAGS}"
         echo "tags=${TAGS}" >> $GITHUB_OUTPUT
-        echo "ghcr_tag=${GHCR_IMAGE}:${VERSION}" >> $GITHUB_OUTPUT
-        echo "quay_user=${{ secrets.QUAY_USER }}" >> $GITHUB_OUTPUT
+        echo "images=${IMAGES}" >> $GITHUB_OUTPUT
+
+    - name: Extract metadata (tags, labels) for Docker 👀
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ steps.prep.outputs.images }}
+        tags: |
+          ${{ steps.prep.outputs.tags }}
+
+    - name: foo
+      run : |
+        echo "${{ steps.prep.outputs.json }}"
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
@@ -128,20 +134,29 @@ jobs:
       uses: docker/build-push-action@v5
       with:
         load: true
+        push: false
         context: ${{ steps.get_dir.outputs.docker_directory }}
         file: ${{ inputs.dockerfile }}
-        tags: ${{ steps.prep.outputs.tags }}
+        tags: ${{ steps.meta.outputs.tags }}
         build-args: ${{ inputs.build_args }}
 
     - name: Scan Docker Image
       if: env.MONDOO_CONFIG_BASE64 != ''
       uses: mondoohq/actions/docker-image@v11.0.0
       with:
-          image: ${{ steps.prep.outputs.ghcr_tag }}
+          image: ${{ steps.meta.outputs.ghcr_tag }}
           score-threshold: ${{ inputs.score }}
 
+    - name: Login to Dockerhub
+      if: needs.pre-commit.outputs.version != '' && env.DOCKER_USER != ''
+      uses: docker/login-action@v3
+      with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
     - name: Login to Quay
-      if: needs.pre-commit.outputs.version != '' && steps.prep.outputs.quay_user != ''
+      if: needs.pre-commit.outputs.version != '' && env.QUAY_USER != ''
       uses: docker/login-action@v3
       with:
          registry: quay.io

From ba7acda5ab39003c99c5f30f68e9d0cc97227495 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:10:10 +0100
Subject: [PATCH 02/11] invalid script

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 6521d21..60ddfc0 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -91,7 +91,7 @@ jobs:
         if [[ -n "${{ inputs.image_name }}" ]] && [[ "${name}" != "${{ inputs.image_name}}" ]]; then
           repo="$( dirname '${{ inputs.image_name }}')"
         fi
-        IMAGE_NAME="${repo}/${name}
+        IMAGE_NAME="${repo}/${name}"
 
         IMAGES=<<EOT
         name=ghcr.io/${IMAGE_NAME},enable=true

From bd52b8afd863cdd9382666472169be122dcd8c31 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:16:48 +0100
Subject: [PATCH 03/11] invalid script

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 60ddfc0..5771f03 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -93,17 +93,17 @@ jobs:
         fi
         IMAGE_NAME="${repo}/${name}"
 
-        IMAGES=<<EOT
+        IMAGES=$(cat << EOT
         name=ghcr.io/${IMAGE_NAME},enable=true
-        name=quay.io/${IMAGE_NAME},enable=$( [[ -n "${{env.QUAY_USER}}" ]] && echo "true" || echo "false" )
-        name=docker.io/${IMAGE_NAME},enable=$( [[ -n "${{env.DOCKER_USER}}" ]] && echo "true" || echo "false" )
-        EOT
+        name=quay.io/${IMAGE_NAME},enable=$( [[ -n "***" ]] && echo "true" || echo "false" )
+        name=docker.io/${IMAGE_NAME},enable=$( [[ -n "" ]] && echo "true" || echo "false" )
+        EOT)
 
-        TAGS=<<EOT
-        type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}
+        TAGS=$(cat <<EOT
+        type=semver,pattern={{version}},value=
         type=schedule,pattern=nightly
         type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
-        EOT
+        EOT)
 
         echo "setting images ${IMAGES}"
         echo "settings tag ${TAGS}"

From 7703493bd875dbe59af74dbdece14b294e616ca2 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:20:26 +0100
Subject: [PATCH 04/11] fix: eoi of subcommands

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 5771f03..075a813 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -93,17 +93,19 @@ jobs:
         fi
         IMAGE_NAME="${repo}/${name}"
 
-        IMAGES=$(cat << EOT
+        IMAGES=$(cat << EOI
         name=ghcr.io/${IMAGE_NAME},enable=true
         name=quay.io/${IMAGE_NAME},enable=$( [[ -n "***" ]] && echo "true" || echo "false" )
         name=docker.io/${IMAGE_NAME},enable=$( [[ -n "" ]] && echo "true" || echo "false" )
-        EOT)
+        EOI
+        )
 
-        TAGS=$(cat <<EOT
+        TAGS=$(cat <<EOI
         type=semver,pattern={{version}},value=
         type=schedule,pattern=nightly
         type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
-        EOT)
+        EOI
+        )
 
         echo "setting images ${IMAGES}"
         echo "settings tag ${TAGS}"

From 08e0d589df7ce8ee8044f914e0709134412ebb97 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:27:03 +0100
Subject: [PATCH 05/11] fix: tags

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 075a813..937b50d 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -101,7 +101,7 @@ jobs:
         )
 
         TAGS=$(cat <<EOI
-        type=semver,pattern={{version}},value=
+        type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}
         type=schedule,pattern=nightly
         type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
         EOI
@@ -112,14 +112,12 @@ jobs:
         echo "tags=${TAGS}" >> $GITHUB_OUTPUT
         echo "images=${IMAGES}" >> $GITHUB_OUTPUT
 
-    - name: Extract metadata (tags, labels) for Docker 👀
+    - name: Extract metadata (tags, labels) for Docker
       id: meta
       uses: docker/metadata-action@v5
       with:
-        images: |
-          ${{ steps.prep.outputs.images }}
-        tags: |
-          ${{ steps.prep.outputs.tags }}
+        images: ${{ steps.prep.outputs.images }}
+        tags: ${{ steps.prep.outputs.tags }}
 
     - name: foo
       run : |

From a8808703e5c4773542d638c50eb3b6db6eb66225 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:27:53 +0100
Subject: [PATCH 06/11] fix: tags

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 937b50d..54af459 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -85,7 +85,7 @@ jobs:
       run: |
         name="$(basename ${{ github.repository }})"
         if [[ -n "${{ inputs.image_name }}" ]]; then
-          tmp_name="$( basename '${{ inputs.image_name }}')"
+          name="$( basename '${{ inputs.image_name }}')"
         fi
         repo=${{ github.repository_owner }}
         if [[ -n "${{ inputs.image_name }}" ]] && [[ "${name}" != "${{ inputs.image_name}}" ]]; then

From 90c8d3e0ab2bc9889a8e0f631c5f6f954e32fb2e Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:30:15 +0100
Subject: [PATCH 07/11] fix: tags

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 54af459..ac265ff 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -121,7 +121,7 @@ jobs:
 
     - name: foo
       run : |
-        echo "${{ steps.prep.outputs.json }}"
+        echo "${{ steps.meta.outputs.json }}"
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
@@ -138,6 +138,7 @@ jobs:
         context: ${{ steps.get_dir.outputs.docker_directory }}
         file: ${{ inputs.dockerfile }}
         tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
         build-args: ${{ inputs.build_args }}
 
     - name: Scan Docker Image

From 375efd03d7cfdbe7eccaab6775b832a7d78dc4e3 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:36:39 +0100
Subject: [PATCH 08/11] fix: multiline output/input

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index ac265ff..61fa7c4 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -107,10 +107,14 @@ jobs:
         EOI
         )
 
-        echo "setting images ${IMAGES}"
-        echo "settings tag ${TAGS}"
-        echo "tags=${TAGS}" >> $GITHUB_OUTPUT
-        echo "images=${IMAGES}" >> $GITHUB_OUTPUT
+
+        echo 'tags<<EOF' >> $GITHUB_OUTPUT
+        echo ${TAGS} >> $GITHUB_OUTPUT
+        echo 'EOF' >> $GITHUB_OUTPUT
+
+        echo 'images<<EOF' >> $GITHUB_OUTPUT
+        echo ${IMAGES} >> $GITHUB_OUTPUT
+        echo 'EOF' >> $GITHUB_OUTPUT
 
     - name: Extract metadata (tags, labels) for Docker
       id: meta
@@ -119,9 +123,6 @@ jobs:
         images: ${{ steps.prep.outputs.images }}
         tags: ${{ steps.prep.outputs.tags }}
 
-    - name: foo
-      run : |
-        echo "${{ steps.meta.outputs.json }}"
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3

From 694124285d13c0a016e2a00bfc5b3a1dd97e6a84 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:56:23 +0100
Subject: [PATCH 09/11] fix: multiline output/input

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 61fa7c4..56c347c 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -94,26 +94,25 @@ jobs:
         IMAGE_NAME="${repo}/${name}"
 
         IMAGES=$(cat << EOI
-        name=ghcr.io/${IMAGE_NAME},enable=true
-        name=quay.io/${IMAGE_NAME},enable=$( [[ -n "***" ]] && echo "true" || echo "false" )
-        name=docker.io/${IMAGE_NAME},enable=$( [[ -n "" ]] && echo "true" || echo "false" )
         EOI
         )
 
         TAGS=$(cat <<EOI
-        type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}
-        type=schedule,pattern=nightly
-        type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr
+
         EOI
         )
 
 
         echo 'tags<<EOF' >> $GITHUB_OUTPUT
-        echo ${TAGS} >> $GITHUB_OUTPUT
+        echo "type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}" >> $GITHUB_OUTPUT
+        echo "type=schedule,pattern=nightly" >> $GITHUB_OUTPUT
+        echo "type=ref,enable=true,priority=600,prefix=pr-,suffix=,event=pr" >> $GITHUB_OUTPUT
         echo 'EOF' >> $GITHUB_OUTPUT
 
         echo 'images<<EOF' >> $GITHUB_OUTPUT
-        echo ${IMAGES} >> $GITHUB_OUTPUT
+        echo "name=ghcr.io/${IMAGE_NAME},enable=true" >> $GITHUB_OUTPUT
+        echo "name=quay.io/${IMAGE_NAME},enable=$( [[ -n "***" ]] && echo "true" || echo "false" )" >> $GITHUB_OUTPUT
+        echo "name=docker.io/${IMAGE_NAME},enable=$( [[ -n "" ]] && echo "true" || echo "false" )" >> $GITHUB_OUTPUT
         echo 'EOF' >> $GITHUB_OUTPUT
 
     - name: Extract metadata (tags, labels) for Docker

From 15a393deb6821a0495f808e8ae8c32d5714abfec Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 10:57:46 +0100
Subject: [PATCH 10/11] fix: multiline output/input

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 56c347c..3047e07 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -93,16 +93,6 @@ jobs:
         fi
         IMAGE_NAME="${repo}/${name}"
 
-        IMAGES=$(cat << EOI
-        EOI
-        )
-
-        TAGS=$(cat <<EOI
-
-        EOI
-        )
-
-
         echo 'tags<<EOF' >> $GITHUB_OUTPUT
         echo "type=semver,pattern={{version}},value=${{ needs.pre-commit.outputs.version }}" >> $GITHUB_OUTPUT
         echo "type=schedule,pattern=nightly" >> $GITHUB_OUTPUT

From aaf90332a1f89258b5cfdef9b6a9ec2454322c7c Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mabunixda@gmail.com>
Date: Fri, 6 Dec 2024 11:01:57 +0100
Subject: [PATCH 11/11] fix: mondoo tag scan

Signed-off-by: Martin Buchleitner <mabunixda@gmail.com>
---
 .github/workflows/container.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 3047e07..f21e4a2 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -112,7 +112,6 @@ jobs:
         images: ${{ steps.prep.outputs.images }}
         tags: ${{ steps.prep.outputs.tags }}
 
-
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
@@ -135,7 +134,7 @@ jobs:
       if: env.MONDOO_CONFIG_BASE64 != ''
       uses: mondoohq/actions/docker-image@v11.0.0
       with:
-          image: ${{ steps.meta.outputs.ghcr_tag }}
+          image: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
           score-threshold: ${{ inputs.score }}
 
     - name: Login to Dockerhub