forked from badtuxx/giropops-senhas
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Atualizar nome e versão do pacote para senhas 1.0.0
- Loading branch information
1 parent
c2076ea
commit f9a457d
Showing
11 changed files
with
847 additions
and
77 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,85 +1,102 @@ | ||
| name: Build e Distribuição de Pacotes com Melange e APKO | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - 'main' | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build e Distribuição de Pacotes | ||
| runs-on: ubuntu-20.04 | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| deploy: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Fazer checkout do código | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Configurar QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| # Passo 1: Checkout do código | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Instalar Cosign | ||
| uses: sigstore/cosign-installer@v3 | ||
| # Passo 2: Configurar Docker Buildx | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
|
|
||
| - name: Configurar Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| # Passo 3: Instalar Melange | ||
| - name: Install Melange | ||
| run: | | ||
| wget https://github.com/chainguard-dev/melange/releases/download/v0.11.2/melange_0.11.2_linux_386.tar.gz | ||
| tar -xzf melange_0.11.2_linux_386.tar.gz | ||
| sudo mv melange /usr/local/bin/ | ||
| melange version | ||
| - name: Fazer login no Docker Hub | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| # Passo 4: Instalar APKO | ||
| - name: Install APKO | ||
| run: | | ||
| wget https://github.com/chainguard-dev/apko/releases/download/v0.14.7/apko_0.14.7_linux_386.tar.gz | ||
| tar -xzf apko_0.14.7_linux_386.tar.gz | ||
| sudo mv apko /usr/local/bin/ | ||
| apko version | ||
| - name: Install Melange | ||
| run: | | ||
| wget https://github.com/chainguard-dev/melange/releases/download/v0.11.2/melange_0.11.2_linux_386.tar.gz | ||
| tar -xzf melange_0.11.2_linux_386.tar.gz | ||
| cd melange_0.11.2_linux_386 | ||
| sudo mv melange /usr/local/bin/ | ||
| sudo chmod +x /usr/local/bin/melange | ||
| melange version | ||
| # Passo 5: Gerar chaves com Melange | ||
| - name: Generate keys with Melange | ||
| run: | | ||
| cd chainguard | ||
| melange keygen | ||
| - name: Install APKO | ||
| run: | | ||
| wget https://github.com/chainguard-dev/apko/releases/download/v0.14.7/apko_0.14.7_linux_386.tar.gz | ||
| tar -xzf apko_0.14.7_linux_386.tar.gz | ||
| cd apko_0.14.7_linux_386 | ||
| sudo mv apko /usr/local/bin/ | ||
| sudo chmod +x /usr/local/bin/apko | ||
| apko version | ||
| # Passo 6: Construir pacotes com Melange | ||
| - name: Build packages with Melange | ||
| run: | | ||
| cd chainguard | ||
| melange build melange.yaml --runner docker --signing-key melange.rsa --arch amd64 | ||
| - name: Gerar chaves com Melange | ||
| run: | | ||
| cd chainguard | ||
| melange keygen | ||
| # Passo 7: Construir imagem de container com APKO | ||
| - name: Build container image with APKO | ||
| run: | | ||
| cd chainguard | ||
| apko build apko.yaml senhas senhas.tar -k melange.rsa.pub --arch amd64 | ||
| - name: Construir pacotes com Melange | ||
| run: | | ||
| cd chainguard | ||
| melange build melange.yaml --runner docker --signing-key melange.rsa --arch amd64 | ||
| # Passo 8: Carregar a imagem Docker | ||
| - name: Load Docker image | ||
| run: | | ||
| docker load < senhas.tar | ||
| docker images | ||
| - name: Construir imagem de container com APKO | ||
| run: | | ||
| cd chainguard | ||
| apko build apko.yaml senhas:v1.0.0 giropops-senhas.tar -k melange.rsa.pub --arch amd64 | ||
| # Passo 9: Fazer login no DockerHub | ||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
|
||
| - name: Carregar a imagem Docker | ||
| run: | | ||
| docker load < chainguard/giropops-senhas.tar | ||
| # Passo 10: Gerar nome único para a tag | ||
| - name: Gerar nome único para a tag | ||
| id: generate-tag | ||
| run: | | ||
| SHORT_HASH=$(git log -1 --pretty=format:%h | cut -c1-5) | ||
| TIMESTAMP=$(date +%Y%m%d%H%M%S) | ||
| echo "tag=${SHORT_HASH}-${TIMESTAMP}" >> $GITHUB_ENV | ||
| echo "::set-output name=tag::${SHORT_HASH}-${TIMESTAMP}" | ||
| - name: Extrair metadados (tags, labels) para Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ secrets.DOCKER_USERNAME }}/giropops-senhas | ||
| # Passo 11: Fazer push da imagem Docker | ||
| - name: Fazer push da imagem Docker | ||
| run: | | ||
| docker tag senhas:latest-amd64 ${{ secrets.DOCKER_USERNAME }}/senhas:${{ steps.generate-tag.outputs.tag }} | ||
| docker push ${{ secrets.DOCKER_USERNAME }}/senhas:${{ steps.generate-tag.outputs.tag }} | ||
| - name: Gerar nome único para a tag | ||
| id: generate-tag | ||
| run: | | ||
| SHORT_HASH=$(git log -1 --pretty=format:%h | cut -c1-5) | ||
| TIMESTAMP=$(date +%Y%m%d%H%M%S) | ||
| echo "tag=${SHORT_HASH}-${TIMESTAMP}" >> $GITHUB_ENV | ||
| echo "::set-output name=tag::${SHORT_HASH}-${TIMESTAMP}" | ||
| # Passo 12: Scan de segurança com Trivy | ||
| - name: Aqua Security Trivy | ||
| uses: aquasecurity/trivy-action@0.24.0 | ||
| with: | ||
| image-ref: nataliagranato/linuxtips-giropops-senhas:${{ steps.generate-tag.outputs.tag }} | ||
| format: 'sarif' | ||
| severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' | ||
| output: 'trivy-results.sarif' | ||
|
|
||
| - name: Fazer upload dos resultados do Trivy para a aba de Segurança do GitHub | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| if: always() | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||
|
|
||
| - name: Assinar imagem com uma chave | ||
| run: | | ||
| images="" | ||
| for tag in ${TAGS}; do | ||
| images+="${tag}@${DIGEST} " | ||
| done | ||
| cosign sign --yes --key env://COSIGN_PRIVATE_KEY $images | ||
| env: | ||
| TAGS: ${{ steps.meta.outputs.tags }} | ||
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | ||
| DIGEST: ${{ steps.<load-images>.outputs.digest }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| MIIJKQIBAAKCAgEAwq9yCsE5qxsW9LooU7yQ80+APGT6fAz0c+qetKpAbUC42KPw | ||
| X2RToCT0vqNOcPdyEaUpF1jJ2DBaxHeLXT5qTqEUjO1tSsx9961lk+PXu4QOwuBj | ||
| mwmK9uS53/lgJ7OoPxofXq8qH7IMX/8Br+TvYRspGnZZ0kR+mLhl8J90eHSO43ze | ||
| 9UbRdUqsTUg7Yyx33qxgkk5e2C+Qdyi0cInb2y3xh5h6IwucMT6iq+dJNBRH8Age | ||
| PQNoynC8WTy8Vfro1Rk754ouxPgzFhhHQUe1zIYhSJNzT2PNAmBPOTiqf4o5Pra4 | ||
| K+W1uAdHWZp3LP6RxJP+cK04KZHkY3F/zidCP3wCB3Y9DDgnC2zkuA2vOggN//Jd | ||
| D2p2pt89aM3UAQCsCi3LT9+amqzKYlMka10tZTiTR3DEUgEGlmwkFhycrDNp5t1E | ||
| BcnVEEqQlxeGRqExkhZMBO+QuW9er27Tv2hNw7nM0oAylMVsIcNjxDWuhljuJpw6 | ||
| 6pdADPTZbODL7NYoAJzv/KoG0uI4idvUz12BJS0Rg00wXdV0oG5NgqLebV2uve/r | ||
| ZPq9CkkCyKExa2/xos5JFNrHCHiz8t2Yw2+1YL7og0BvMRguVAqOIyDbK3CxDI/M | ||
| /b5Fs15KVhq/drOw95D4XBD2Oy6oCIIplnYZJi4xhgxJCQyEUQ25tN/IKncCAwEA | ||
| AQKCAgA8DdKn7qLTXS/fne0Cp5Au/b8Y4i1CRtzBRQZfxITLLsPWT/u98Ty6kavN | ||
| gqKXxjyxpLjgMstQnNni8N1UjgRM7PNh5XtpL1tMI3jJ/eZ2OW40PvN6x57OOg/8 | ||
| PviiRpEHpg83LeFYlZuroQXsNDqDQdWUDB349pf2lCsd5pIO9iV9lu9PyeCixb4Q | ||
| uM9Y8EapsZK4juRC26k8mJnQfTYMjkeLBEXouZQcvK2BSX8TSY5HRLnPKFYS3GO9 | ||
| Qzb1bsiTs4z/B2kV6VoY3rRcNrqltFpgANv5CVgb+4l0pT4yyXiPF94H7Hv5oIUp | ||
| 5rQMdRqSAPTj3QsOB6rj4gcCmKmeUSYZ8iXF4FJjsAEI8sRUkLnqF72fnUHiZpXc | ||
| ANeweaE0YGTn/3594AC1d74EXjrPRmr2L5L8ldn9FLdEQFkqx1NjUtY46CQF+SYT | ||
| y1rLOdR9eXuzI8aUyMtDnvqhdZgg9BslxpEpzynzMyh+svaEq7ZOVgg5TUiUIyPh | ||
| vCIU0xuIUeTetz89v0u16sdwOkeZBGy9fhATDifXxeKyYueybpgC/cZG6jsjqxi5 | ||
| T74+KGT7EvzEbEaf4qa9mxWno5CHkWefIhUz1oWUNyA6W3dbp5AJeMRDK/34ddbq | ||
| SKeTsXTJ3E0Ip3dJLCW1xkceuSXMn57C4MJRz7t1aKnFA599QQKCAQEA+GdXcAMa | ||
| YnVvv2vahJFbQXd2sOrzLOMdI+Td+IOBj22RDuf6cElCjPE8rYMLCLYYdfGzxheA | ||
| kutQxxfgrLY2w8Ur9+1Rzx3b5V9JB02k2cciQSvG25BY9enBGgtIyGjjbKwFeoCB | ||
| IescHzyXCpz4H/AAPFMx8QOVRCqXPU5slfmIo+GBQHS5bnuErTy2TuCTAZOAN91O | ||
| BFW07oVQ3kWx8lUBBZdm6Txs+qhVcWIoibZhcJdWfAK5D/j2SKORgDtEAT5lnrTc | ||
| ONyzpRzUl2Et90dHFPrGtVnmQVO8hhRfThszP/paJNb7X9ySM+rS2sAJX0jX2bWZ | ||
| euzgInTbklrWzQKCAQEAyKOQNgvZpZHzLPTaCwZ6HW0q6zzu0aqj3N/0nPENDSHu | ||
| G9UlXDCn3wfHoSD4PCm7KwyZTsaZMdj7GZiBUfJFnQ0+g8LznsTNtPho5CvIuSKe | ||
| qVjQXthArBvtsefC57MnQ1nP8DtxV634z97SDOom9rN2JhPmKtJh3MAyiTQktK3E | ||
| Se8ru9ths6TX6tqeJr2AscA96BJQKyUgNPyq297emBjH4mkBM9GvkD9yXtI5zI+z | ||
| VeVQ2GWJVwTvy1FZU/hmq3CRMz/hCFRtrwklQjycIgpt8Pj3G4wCwcu+99K/jTCF | ||
| MGK+fzgPpN5H22dTDXZrDI+zxoSc05OGv7fCVsqeUwKCAQEA6bhaRdM1nRQ/+4zg | ||
| QsF9amCb9aRq/34FqgMqcyxQ2AHQbYUJV2Mm0fQdEmjtFdo3s6mia60rVZFBJMKr | ||
| q/WaG6NGVnUd91Fx2CRKUyvUAvBho44sAeSUP3UcMoQRjDdcXKCSWwvT9HUBtcZN | ||
| mzfMIkiwABKLN+kWJdgpCw7iDk6GKSQBeAMbgf+H+3PXWOnmh6IgDvAT+vIlVhNr | ||
| 3mcXIhqm5nro4mTvaPy/v/oKiGBo2AYc4nuxYnzuRbRZL50TxFPQS36CgqHuCVnS | ||
| EUjndfXDxNKb6oBWrHq8NC+w6I2hL/4/mNAKHs0rZtv4Xsg3SUcBiR9b9JQx41mu | ||
| SstbtQKCAQB6CTKQDQkm8e0NLSjqh9gCygHO71L7aGUe1YF9bAjaMgcYGr8MofOZ | ||
| bqv3z4vtXByiBJnDFnzbmvSwDtiptUiuS/34Or3flijgqC90iUUfhnUm4ARti+9a | ||
| P+qFyUf9kjSRfLFDl4RLJmAuX4M3o7xrVaDJbFUVOr2Xfbe/SF4DH6ZCqhzZuIhm | ||
| sh86lBqZya3bb+i3nVvxwjUixYRPE/IkZP4/Mksu751viYfRMOFDESytVDumQ6wT | ||
| p8cKzcIdlvsrz94hY/tGC8RjMJbfAOqeseVJKsVyleifY4QWTLOB9z8rvQPNcZXi | ||
| W+ktBF251IssKsPYPZT+A790IRstmzRNAoIBAQDRolwWiFBGSzcgaHrMGLgUvnO4 | ||
| n+zZlyoC3dVqv9NJAlXCFVxABC46Arx41hr08DhmVtt2udZ5SpP3A4PNhhgeGFYZ | ||
| 17rRUOyCUc2JArNKz1ZvVSMMDwH0o7kC1UptvNS2KfOr4VeyfslFKhjO5q1NQ3MH | ||
| EpjJ3rPPaw5eQ+qftYnq6qw+fkMf6b6apWsyOVFNYMQQfDgLaQvN36eT3Eesw5O6 | ||
| HWXPMgACzXOwvWEHKQoYAu6/ecLTs0cElVlC1FwDI8J1eLWpIg1FuboU35CzOUVq | ||
| 2NwCN3pKtT71WXvTQnKuftHZ3v1twkDjO+NZVfiQfIDRo8sK29HNmqaqwjFB | ||
| -----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| -----BEGIN PUBLIC KEY----- | ||
| MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwq9yCsE5qxsW9LooU7yQ | ||
| 80+APGT6fAz0c+qetKpAbUC42KPwX2RToCT0vqNOcPdyEaUpF1jJ2DBaxHeLXT5q | ||
| TqEUjO1tSsx9961lk+PXu4QOwuBjmwmK9uS53/lgJ7OoPxofXq8qH7IMX/8Br+Tv | ||
| YRspGnZZ0kR+mLhl8J90eHSO43ze9UbRdUqsTUg7Yyx33qxgkk5e2C+Qdyi0cInb | ||
| 2y3xh5h6IwucMT6iq+dJNBRH8AgePQNoynC8WTy8Vfro1Rk754ouxPgzFhhHQUe1 | ||
| zIYhSJNzT2PNAmBPOTiqf4o5Pra4K+W1uAdHWZp3LP6RxJP+cK04KZHkY3F/zidC | ||
| P3wCB3Y9DDgnC2zkuA2vOggN//JdD2p2pt89aM3UAQCsCi3LT9+amqzKYlMka10t | ||
| ZTiTR3DEUgEGlmwkFhycrDNp5t1EBcnVEEqQlxeGRqExkhZMBO+QuW9er27Tv2hN | ||
| w7nM0oAylMVsIcNjxDWuhljuJpw66pdADPTZbODL7NYoAJzv/KoG0uI4idvUz12B | ||
| JS0Rg00wXdV0oG5NgqLebV2uve/rZPq9CkkCyKExa2/xos5JFNrHCHiz8t2Yw2+1 | ||
| YL7og0BvMRguVAqOIyDbK3CxDI/M/b5Fs15KVhq/drOw95D4XBD2Oy6oCIIplnYZ | ||
| Ji4xhgxJCQyEUQ25tN/IKncCAwEAAQ== | ||
| -----END PUBLIC KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| { | ||
| "SPDXID": "SPDXRef-DOCUMENT", | ||
| "name": "sbom-sha256:737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060", | ||
| "spdxVersion": "SPDX-2.3", | ||
| "creationInfo": { | ||
| "created": "2024-08-23T06:08:54Z", | ||
| "creators": [ | ||
| "Tool: apko (v0.14.7)", | ||
| "Organization: Chainguard, Inc" | ||
| ], | ||
| "licenseListVersion": "3.16" | ||
| }, | ||
| "dataLicense": "CC0-1.0", | ||
| "documentNamespace": "https://spdx.org/spdxdocs/apko/", | ||
| "documentDescribes": [ | ||
| "SPDXRef-Package-sha256-737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060" | ||
| ], | ||
| "packages": [ | ||
| { | ||
| "SPDXID": "SPDXRef-Package-sha256-737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060", | ||
| "name": "sha256:737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060", | ||
| "versionInfo": "sha256:737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060", | ||
| "filesAnalyzed": false, | ||
| "description": "Multi-arch image index", | ||
| "downloadLocation": "NOASSERTION", | ||
| "supplier": "Organization: Chainguard, Inc.", | ||
| "sourceInfo": "Generated at image build time by apko", | ||
| "primaryPackagePurpose": "CONTAINER", | ||
| "checksums": [ | ||
| { | ||
| "algorithm": "SHA256", | ||
| "checksumValue": "737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060" | ||
| } | ||
| ], | ||
| "externalRefs": [ | ||
| { | ||
| "referenceCategory": "PACKAGE-MANAGER", | ||
| "referenceLocator": "pkg:oci/senhas@sha256%3A737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060?mediaType=application%2Fvnd.oci.image.index.v1%2Bjson", | ||
| "referenceType": "purl" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "SPDXID": "SPDXRef-Package-sha256-00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091", | ||
| "name": "sha256:00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091", | ||
| "versionInfo": "sha256:00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091", | ||
| "filesAnalyzed": false, | ||
| "downloadLocation": "NOASSERTION", | ||
| "supplier": "Organization: Chainguard, Inc.", | ||
| "primaryPackagePurpose": "CONTAINER", | ||
| "checksums": [ | ||
| { | ||
| "algorithm": "SHA256", | ||
| "checksumValue": "00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091" | ||
| } | ||
| ], | ||
| "externalRefs": [ | ||
| { | ||
| "referenceCategory": "PACKAGE-MANAGER", | ||
| "referenceLocator": "pkg:oci/senhas@sha256%3A00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux", | ||
| "referenceType": "purl" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "relationships": [ | ||
| { | ||
| "spdxElementId": "SPDXRef-Package-sha256-737c813461d72ae410a179a113793d0ef7d202d72ed168f83c77ab863406c060", | ||
| "relationshipType": "VARIANT_OF", | ||
| "relatedSpdxElement": "SPDXRef-Package-sha256-00e91458dc4e61f0272a6e14bbe87e62fa1a0d101dbbf7244c756d851d0ec091" | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.