Migrate build pipeline

.github/workflows/build_kim.yaml

@@ -0,0 +1,133 @@
+name: KIM
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
+      - "[0-9]+.[0-9]+.[0-9]+-*"
+    paths-ignore:
+      - .reuse
+      - hack/
+      - LICENSES/
+      - LICENSE
+      - .gitignore
+      - "**.md"
+
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - .reuse
+      - hack/
+      - LICENSES/
+      - LICENSE
+      - .gitignore
+      - "**.md"
+
+env:
+  trivy-table: trivy-table.txt
+
+permissions:
+  id-token: write # This is required for requesting the JWT token
+  contents: read # This is required for actions/checkout
+
+jobs:
+  setup:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - id: tag
+        if: github.event_name == 'push' && github.ref_type == 'tag'
+        run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+
+  trivy:
+    permissions:
+      contents: read
+    runs-on: "ubuntu-20.04"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      - name: Install trivy
+        run: |
+          mkdir ./trivy
+          curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy
+          ./trivy/trivy --version
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+
+          exit-code: 1
+          severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
+          ignore-unfixed: false
+          timeout: "5m0s"
+          vuln-type: "os,library"
+
+          format: table
+          output: ${{ env.trivy-table }}
+
+      - name: Upload trivy table
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.trivy-table }}
+          path: ${{ env.trivy-table }}
+
+      - name: Print trivy table
+        if: success() || failure()
+        run: cat ${{ env.trivy-table }}
+
+  build-image:
+    needs: setup
+    uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
+    with:
+      name: infrastructure-manager
+      dockerfile: Dockerfile
+      context: .
+      tags: ${{ needs.setup.outputs.tag }}
+
+  summary:
+    runs-on: ubuntu-latest
+    needs: [build-image, trivy]
+    if: success() || failure()
+    steps:
+      - name: "Download trivy log"
+        uses: actions/download-artifact@v4
+        continue-on-error: true
+        with:
+          name: ${{ env.trivy-table }}
+      - name: "Generate summary"
+        run: |
+          {
+            echo '# Kyma Infrastructure Manager'
+            # if trivy results table exists
+            if [ -f ${{ env.trivy-table }} ]; then
+              echo '## Trivy'
+              printf '\n```txt\n'
+              cat ${{ env.trivy-table }}
+              printf '\n```\n'
+            fi
+
+            # if build-image was successful
+            if [ "${{ needs.build-image.result }}" == "success" ]; then
+              printf '\n\n## Image\n'
+              printf '\n```json\n'
+              echo '${{ needs.build-image.outputs.images }}' | jq
+              printf '\n```\n'
+            fi
+          } >> $GITHUB_STEP_SUMMARY