From 314ea3cc4e0dd7cff10f9ca18429509bbc374987 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mbuchleitner@infralovers.com>
Date: Wed, 8 May 2024 12:18:26 +0200
Subject: [PATCH 1/2] fix: Change workflow

Signed-off-by: Martin Buchleitner <mbuchleitner@infralovers.com>
---
 .github/workflows/ci.yml | 143 ++++-----------------------------------
 1 file changed, 15 insertions(+), 128 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0565c3f..2e73fa5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,137 +1,24 @@
 name: Infralovers Container Build
 
-# ref: github.com/infralovers/github/workflow-templates/container.yml
-
 on:
   push:
-    branches: [ 'main' ]
+    branches: [ main ]
+
   pull_request:
-    branches: [ 'main' ]
+    branches: [ main ]
 
 jobs:
-  prebuild:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.semrel.outputs.version }}
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Check pre-commit presence
-      id: precommit_exists
-      uses: andstor/file-existence-action@v1
-      with:
-        files: ".pre-commit-config.yaml"
-
-    - uses: actions/setup-python@v3
-      if: steps.precommit_exists.outputs.files_exists == 'true'
-
-    - uses: pre-commit/action@v3.0.0
-      if: steps.precommit_exists.outputs.files_exists == 'true'
-
-    - uses: go-semantic-release/action@v1
-      if: github.event_name != 'pull_request'
-      id: semrel
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        prepend: true
-        dry: true
 
   build:
-    runs-on: ubuntu-latest
-    needs: [ prebuild ]
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Prepare tagging
-      id: prep
-      run: |
-        IMAGE_NAME=$(basename ${{ github.repository }})
-        IMAGE_REPO=${{ github.repository_owner }}
-        if [[ -n "${{ secrets.IMAGE_NAME }}" ]]; then
-          IMAGE_NAME="${{ secrets.IMAGE_NAME }}"
-        fi
-        if [[ -n "${{ secrets.IMAGE_REPO }}" ]]; then
-          IMAGE_REPO="${{ secrets.IMAGE_REPO }}"
-        fi
-        QUAY_IMAGE="quay.io/$IMAGE_REPO/$IMAGE_NAME"
-        GHCR_IMAGE="ghcr.io/${{ github.repository }}"
-        VERSION="dev"
-        if [[ '${{ needs.prebuild.outputs.version }}'  != '' ]]; then
-          VERSION="${{ needs.prebuild.outputs.version }}"
-        fi
-        if [ "${{ github.event_name }}" = "schedule" ]; then
-          VERSION="nightly"
-        fi
-        TAGS="${QUAY_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}"
-        if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-          TAGS="$TAGS,${QUAY_IMAGE}:latest,${GHCR_IMAGE}:latest"
-        fi
-        echo "settings tag ${TAGS}"
-        echo "tags=${TAGS}" >> $GITHUB_OUTPUT
-
-    - name: Set up Docker Buildx
-      id: buildx
-      uses: docker/setup-buildx-action@v2
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-      with:
-        platforms: 'amd64'
-
-    - name: Cache Docker layers
-      uses: actions/cache@v2
-      with:
-        path: /tmp/.buildx-cache
-        key: ${{ runner.os }}-buildx-${{ github.sha }}
-        restore-keys: |
-          ${{ runner.os }}-buildx-
-
-    - name: Login to Quay
-      if: needs.prebuild.outputs.version != ''
-      uses: docker/login-action@v1
-      with:
-        registry: quay.io
-        username: ${{ secrets.QUAY_USER }}
-        password: ${{ secrets.QUAY_TOKEN }}
-
-    - name: Login to GitHub Container Registry
-      if: needs.prebuild.outputs.version != ''
-      uses: docker/login-action@v1
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.BOT_ACCESS_TOKEN }}
-
-    - name: Build and push
-      id: docker_build
-      uses: docker/build-push-action@v2
-      with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ./Dockerfile
-          push: ${{ github.event_name != 'pull_request' && needs.prebuild.outputs.version != '' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          platforms: 'amd64'
-
-  release:
-    needs: [ prebuild, build ]
-    if: github.event_name != 'pull_request'
-    runs-on: ubuntu-latest
-    steps:
-
-    - uses: actions/checkout@v2
-
-    - uses: go-semantic-release/action@v1
-      if: needs.prebuild.outputs.version != ''
-      id: generate_changelog
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        prepend: true
-        changelog-file: CHANGELOG.md
-
-    - name: Update changelog
-      uses: stefanzweifel/git-auto-commit-action@v4
-      if: steps.generate_changelog.outputs.version != ''
-      with:
-        commit_message: 'chore(ci): commit changes from go-semantic-release'
-        file_pattern: CHANGELOG.md
+    uses: infralovers/.github/.github/workflows/container.yml@main
+    secrets:
+      QUAY_USER: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).username }}"
+      QUAY_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).password }}"
+      BOT_ACCESS_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_GITHUB_INFRALOVERS).PAT }}"
+      MONDOO_SERVICE_ACCOUNT: "${{ secrets.MONDOO_SERVICE_ACCOUNT }}"
+    with:
+      dockerfile: Dockerfile
+      score: 50
+      platforms: "linux/amd64, linux/arm64"
+      release: true
+      
\ No newline at end of file

From 573d701a7e948d284289b1f848437ad326a477b4 Mon Sep 17 00:00:00 2001
From: Martin Buchleitner <mbuchleitner@infralovers.com>
Date: Wed, 8 May 2024 12:22:46 +0200
Subject: [PATCH 2/2] fix: Change workflow

Signed-off-by: Martin Buchleitner <mbuchleitner@infralovers.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2e73fa5..852a5b6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       QUAY_USER: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).username }}"
       QUAY_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_QUAY_ROBOT_ACCOUNT).password }}"
       BOT_ACCESS_TOKEN: "${{ fromJSON(secrets.VAULT_KV_1D187965_OP_GITHUB_INFRALOVERS).PAT }}"
-      MONDOO_SERVICE_ACCOUNT: "${{ secrets.MONDOO_SERVICE_ACCOUNT }}"
+      MONDOO_SERVICE_ACCOUNT: "${{ fromJson(secrets.VAULT_KV_1D187965_OP_MONDOO_PACKER_AGENT).password }}"
     with:
       dockerfile: Dockerfile
       score: 50