From 938ff0195b1119486a575dccbf1f44ff2aa4945a Mon Sep 17 00:00:00 2001
From: Matthew Zember <matthew.zember@jupiterone.com>
Date: Mon, 18 Sep 2023 15:17:58 -0400
Subject: [PATCH 1/4] add collector image workflow

---
 .../publish_integration_collector_image.yaml  | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .github/workflows/publish_integration_collector_image.yaml

diff --git a/.github/workflows/publish_integration_collector_image.yaml b/.github/workflows/publish_integration_collector_image.yaml
new file mode 100644
index 00000000..a9988399
--- /dev/null
+++ b/.github/workflows/publish_integration_collector_image.yaml
@@ -0,0 +1,79 @@
+name: Build and Package Collector Image
+
+on:
+  workflow_call:
+    inputs:
+      registry: 
+        description:
+          'The image repository where the image should be pushed'
+        type: string
+        required: false
+        default: 'ghcr.io'
+      image-name:
+        description:
+          'The name of the image. Defaults to repository name (ex. jupiterone/graph-github)'
+        type: string
+        default: ${{ github.repository }}
+        required: false
+      secrets:
+        GHCR_USERNAME:
+          description: 'GHCR Username to authenticate and publish with'
+          required: true
+        GHCR_PASSWORD:
+          description: 'GHCR password to authenticate and publish with'
+          required: true
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3
+
+      - name: Lowercase the image name
+        run: echo "IMAGE_NAME=${{ inputs.image-name,, }}" >>${GITHUB_ENV}
+
+      # Login against a Docker registry
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ inputs.registry }}
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_PASSWORD }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ inputs.registry }}/${{ env.IMAGE_NAME }}
+      #    tags: type=sha,format=long
+
+      # Build and push Docker image
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # Sign the Docker image (Using OIDC Token for "keyless signing")
+      # https://github.com/sigstore/cosign-installer
+      - name: Sign the images with GH OIDC Token
+        run:
+          COSIGN_REPOSITORY=${{ inputs.registry }}/${{ env.IMAGE_NAME }}-signatures cosign sign -y
+          ${{ inputs.registry}}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.DIGEST }}
+

From a9667a4190367246ff04711f866328354bbd8f0f Mon Sep 17 00:00:00 2001
From: Matthew Zember <matthew.zember@jupiterone.com>
Date: Mon, 18 Sep 2023 16:02:48 -0400
Subject: [PATCH 2/4] lowercase input

---
 .github/workflows/publish_integration_collector_image.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/publish_integration_collector_image.yaml b/.github/workflows/publish_integration_collector_image.yaml
index a9988399..7027d7cd 100644
--- a/.github/workflows/publish_integration_collector_image.yaml
+++ b/.github/workflows/publish_integration_collector_image.yaml
@@ -39,7 +39,7 @@ jobs:
         uses: sigstore/cosign-installer@v3
 
       - name: Lowercase the image name
-        run: echo "IMAGE_NAME=${{ inputs.image-name,, }}" >>${GITHUB_ENV}
+        run: echo "IMAGE_NAME=$(echo "${{ inputs.image-name }}" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}
 
       # Login against a Docker registry
       # https://github.com/docker/login-action
@@ -57,7 +57,6 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: ${{ inputs.registry }}/${{ env.IMAGE_NAME }}
-      #    tags: type=sha,format=long
 
       # Build and push Docker image
       # https://github.com/docker/build-push-action

From 3735eed0d0cca3ccb7dfaeb6d74a65c52182d0c3 Mon Sep 17 00:00:00 2001
From: Matthew Zember <matthew.zember@jupiterone.com>
Date: Mon, 18 Sep 2023 16:07:07 -0400
Subject: [PATCH 3/4] formatting

---
 .../publish_integration_collector_image.yaml  | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/publish_integration_collector_image.yaml b/.github/workflows/publish_integration_collector_image.yaml
index 7027d7cd..94a9cbf8 100644
--- a/.github/workflows/publish_integration_collector_image.yaml
+++ b/.github/workflows/publish_integration_collector_image.yaml
@@ -3,15 +3,15 @@ name: Build and Package Collector Image
 on:
   workflow_call:
     inputs:
-      registry: 
-        description:
-          'The image repository where the image should be pushed'
+      registry:
+        description: 'The image repository where the image should be pushed'
         type: string
         required: false
         default: 'ghcr.io'
       image-name:
         description:
-          'The name of the image. Defaults to repository name (ex. jupiterone/graph-github)'
+          'The name of the image. Defaults to repository name (ex.
+          jupiterone/graph-github)'
         type: string
         default: ${{ github.repository }}
         required: false
@@ -23,7 +23,6 @@ on:
           description: 'GHCR password to authenticate and publish with'
           required: true
 
-
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -39,7 +38,9 @@ jobs:
         uses: sigstore/cosign-installer@v3
 
       - name: Lowercase the image name
-        run: echo "IMAGE_NAME=$(echo "${{ inputs.image-name }}" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}
+        run:
+          echo "IMAGE_NAME=$(echo "${{ inputs.image-name }}" | tr '[:upper:]'
+          '[:lower:]')" >>${GITHUB_ENV}
 
       # Login against a Docker registry
       # https://github.com/docker/login-action
@@ -73,6 +74,6 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Sign the images with GH OIDC Token
         run:
-          COSIGN_REPOSITORY=${{ inputs.registry }}/${{ env.IMAGE_NAME }}-signatures cosign sign -y
-          ${{ inputs.registry}}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.DIGEST }}
-
+          COSIGN_REPOSITORY=${{ inputs.registry }}/${{ env.IMAGE_NAME
+          }}-signatures cosign sign -y ${{ inputs.registry}}/${{ env.IMAGE_NAME
+          }}@${{ steps.build-and-push.outputs.DIGEST }}

From b1a36a48ed3f9bbb0a24252ba2c172f5435d089e Mon Sep 17 00:00:00 2001
From: Matthew Zember <matthew.zember@jupiterone.com>
Date: Mon, 18 Sep 2023 17:07:47 -0400
Subject: [PATCH 4/4] prefix with consumer

---
 ...r_image.yaml => halo_publish_integration_collector_image.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{publish_integration_collector_image.yaml => halo_publish_integration_collector_image.yaml} (100%)

diff --git a/.github/workflows/publish_integration_collector_image.yaml b/.github/workflows/halo_publish_integration_collector_image.yaml
similarity index 100%
rename from .github/workflows/publish_integration_collector_image.yaml
rename to .github/workflows/halo_publish_integration_collector_image.yaml