From 876763701e09a926cb1c2a8479339404c5698769 Mon Sep 17 00:00:00 2001
From: Caio Fernandes <caiovf13@gmail.com>
Date: Thu, 28 Oct 2021 18:32:49 -0300
Subject: [PATCH 1/4] Add build support to multiple architectures

---
 .github/workflows/registry.yml | 131 +++++++++------------------------
 1 file changed, 33 insertions(+), 98 deletions(-)

diff --git a/.github/workflows/registry.yml b/.github/workflows/registry.yml
index a0a0732..c22f175 100644
--- a/.github/workflows/registry.yml
+++ b/.github/workflows/registry.yml
@@ -7,122 +7,57 @@ on:
 
 jobs:
   build:
-    name: Build
+    name: Build and Push
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Build and export
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          tags: dnxsolutions/musketeers:latest
-          outputs: type=docker,dest=/tmp/musketeers.tar
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: musketeers
-          path: /tmp/musketeers.tar
-  ecr:
-    name: Push to ECR
-    runs-on: ubuntu-latest
-    needs: build
-    container: dnxsolutions/aws:2.1.6-dnx1
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v2
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-      - name: Get the tag
-        id: get_tag
-        run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/}
-      - name: Download docker artifact
-        uses: actions/download-artifact@v2
-        with:
-          name: musketeers
-          path: /tmp
-      - name: Load, tag, and push image
-        env:
-          ECR_REGISTRY: public.ecr.aws
-          ECR_REPOSITORY: dnxsolutions/musketeers
-          IMAGE_TAG: ${{ steps.get_tag.outputs.tag }}
-        run: |
-          apk add docker
-          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-          docker load --input /tmp/musketeers.tar
-          docker image ls -a
-          docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
-          docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
-  docker-hub:
-    name: Push to Docker Hub
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            dnxsolutions/musketeers
+            ghcr.io/dnxlabs/musketeers
+            public.ecr.aws/dnxsolutions/musketeers
+          tags: |
+            type=raw,value=latest
+            type=ref,event=tag
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
+
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
           username: ${{ secrets.DNX_DOCKERHUB_USERNAME }}
           password: ${{ secrets.DNX_DOCKERHUB_TOKEN }}
-      - name: Get the tag
-        id: get_tag
-        run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/}
-      - name: Download artifact
-        uses: actions/download-artifact@v2
-        with:
-          name: musketeers
-          path: /tmp
-      - name: Load, tag, and push image
-        env:
-          DOCKERHUB_REPOSITORY: dnxsolutions/musketeers
-          IMAGE_TAG: ${{ steps.get_tag.outputs.tag }}
-        run: |
-          docker load --input /tmp/musketeers.tar
-          docker image ls -a
-          docker push $DOCKERHUB_REPOSITORY:latest
-          docker tag $DOCKERHUB_REPOSITORY:latest $DOCKERHUB_REPOSITORY:$IMAGE_TAG
-          docker push $DOCKERHUB_REPOSITORY:$IMAGE_TAG
 
-  ghcr:
-    name: Push to GitHub Registry
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v1
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Get the tag
-        id: get_tag
-        run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/}
-      - name: Download artifact
-        uses: actions/download-artifact@v2
+
+      - name: Login to Public ECR
+        uses: docker/login-action@v1
         with:
-          name: musketeers
-          path: /tmp
-      - name: Load, tag, and push image
+          registry: public.ecr.aws
+          username: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }}
         env:
-          BASE_REPOSITORY: dnxsolutions/musketeers
-          GHCR_REPOSITORY: ghcr.io/dnxlabs/musketeers
-          IMAGE_TAG: ${{ steps.get_tag.outputs.tag }}
-        run: |
-          docker load --input /tmp/musketeers.tar
-          docker image ls -a
-          docker tag $BASE_REPOSITORY:latest $GHCR_REPOSITORY:latest
-          docker push $GHCR_REPOSITORY:latest
-          docker tag $GHCR_REPOSITORY:latest $GHCR_REPOSITORY:$IMAGE_TAG
-          docker push $GHCR_REPOSITORY:$IMAGE_TAG
\ No newline at end of file
+          AWS_REGION: us-east-1
+
+      - name: Build and Push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/arm64/v6, linux/arm64/v8, linux/arm/v7, linux/s390x, linux/amd64, linux/ppc64le
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file

From 86866deab58db9d14207dd35b242db602407c77f Mon Sep 17 00:00:00 2001
From: Caio Fernandes <caiovf13@gmail.com>
Date: Thu, 28 Oct 2021 18:33:06 -0300
Subject: [PATCH 2/4] Add new docker security scan

---
 .github/workflows/security.yml | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 1be960e..89c53b2 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -9,17 +9,25 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v1
-
-      - name: Set tag var
-        id: vars
-        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
+      - name: Checkout the code
+        uses: actions/checkout@v2
 
       - name: Build the Docker image
-        run: docker build . --file Dockerfile --tag docker-kubectl:${{ steps.vars.outputs.docker_tag }}
+        run: docker build . --file Dockerfile --tag dnxsolutions/aws-v2:latest
+
+      - name: Scan image
+        uses: anchore/scan-action@v3
+        id: scan
+        with:
+          image: dnxsolutions/aws-v2:latest
+          fail-build: true
+          severity-cutoff: critical
+          acs-report-enable: true
+
+      - name: Inspect action SARIF report
+        run: cat ${{ steps.scan.outputs.sarif }}
 
-      - name: Scan with Phonito Security
-        uses: phonito/phonito-scanner-action@master
+      - name: Upload Anchore Scan Report
+        uses: github/codeql-action/upload-sarif@v1
         with:
-          image: docker-kubectl:${{ steps.vars.outputs.docker_tag }}
-          phonito-token: ${{ secrets.PHONITO_TOKEN }}
\ No newline at end of file
+          sarif_file: ${{ steps.scan.outputs.sarif }}
\ No newline at end of file

From 91959a5ec5d718732bff4f5c19789d55151cc1a9 Mon Sep 17 00:00:00 2001
From: Caio Fernandes <caiovf13@gmail.com>
Date: Thu, 28 Oct 2021 19:21:38 -0300
Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20Available=20architect?=
 =?UTF-8?q?ure=20platforms?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/registry.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/registry.yml b/.github/workflows/registry.yml
index c22f175..4c6ab5f 100644
--- a/.github/workflows/registry.yml
+++ b/.github/workflows/registry.yml
@@ -57,7 +57,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
-          platforms: linux/arm64/v6, linux/arm64/v8, linux/arm/v7, linux/s390x, linux/amd64, linux/ppc64le
+          platforms: linux/arm64/v8, linux/arm/v5, linux/arm/v7, linux/368, linux/s390x, linux/ppc64le, linux/amd64, 
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file

From 8416209c189bb08b4dfb97ec631e8b79ea42ea04 Mon Sep 17 00:00:00 2001
From: Caio Fernandes <caiovf13@gmail.com>
Date: Thu, 28 Oct 2021 19:22:09 -0300
Subject: [PATCH 4/4] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20Security=20scan=20ima?=
 =?UTF-8?q?ge=20name?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/security.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 89c53b2..02bf3cb 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -13,13 +13,13 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Build the Docker image
-        run: docker build . --file Dockerfile --tag dnxsolutions/aws-v2:latest
+        run: docker build . --file Dockerfile --tag dnxsolutions/musketeers:latest
 
       - name: Scan image
         uses: anchore/scan-action@v3
         id: scan
         with:
-          image: dnxsolutions/aws-v2:latest
+          image: dnxsolutions/musketeers:latest
           fail-build: true
           severity-cutoff: critical
           acs-report-enable: true