feat(ci): add action to push test images (#30)

.github/workflows/push.yaml

@@ -0,0 +1,57 @@
+name: push
+
+on:
+  push:
+    branches:
+      - master
+
+env:
+  TEST_IMAGE: 'ghcr.io/${{ github.repository_owner }}/trivy-test-images' # used in Makefile
+  GH_USER: "aqua-bot"
+
+jobs:
+  changed_files:
+    runs-on: ubuntu-latest
+    name: Push changed images
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Login to ghcr.io registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ env.GH_USER }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+
+      - name: Get changed files
+        id: changed-files-yaml
+        uses: tj-actions/changed-files@v37
+        with:
+          files_yaml: |
+            busybox:
+              - 'busybox-with-lockfile/**'
+            containerd:
+              - 'containerd/**'
+            spring4shell:
+              - 'spring4shell/**'
+            crane-images:
+              - push-crane-images.sh
+
+      - name: Push `busybox-with-lockfile` image
+        if: steps.changed-files-yaml.outputs.busybox_any_changed == 'true'
+        run: make build-busybox
+
+      - name: Push `containerd` image
+        if: steps.changed-files-yaml.outputs.containerd_any_changed == 'true'
+        run: make build-containerd
+
+      - name: Push `spring4shell` image
+        if: steps.changed-files-yaml.outputs.spring4shell_any_changed == 'true'
+        run: make build-spring4shell
+
+      - name: Copy images
+        if: steps.changed-files-yaml.outputs.crane-images_any_changed == 'true'
+        run: make copy-images

Makefile

@@ -0,0 +1,24 @@
+ifndef TEST_IMAGE
+    export TEST_IMAGE=ghcr.io/aquasecurity/trivy-test-images
+endif
+
+build-busybox:
+	docker build -t $(TEST_IMAGE):busybox-with-lockfile busybox-with-lockfile
+	docker push $(TEST_IMAGE):busybox-with-lockfile
+	docker rmi -f $(TEST_IMAGE):busybox-with-lockfile
+
+build-containerd:
+	docker build -t $(TEST_IMAGE)/containerd:latest containerd
+	docker push $(TEST_IMAGE)/containerd:latest
+	docker rmi -f $(TEST_IMAGE)/containerd:latest
+
+build-spring4shell:
+	docker build --target jre11 -t $(TEST_IMAGE):spring4shell-jre11 spring4shell
+	docker push $(TEST_IMAGE):spring4shell-jre11
+	docker rmi -f $(TEST_IMAGE):spring4shell-jre11
+	docker build --target jre8 -t $(TEST_IMAGE):spring4shell-jre8 spring4shell
+	docker push $(TEST_IMAGE):spring4shell-jre8
+	docker rmi -f $(TEST_IMAGE):spring4shell-jre8
+
+copy-images:
+	./copy-images.sh

push.sh → copy-images.sh

@@ -5,39 +5,6 @@ if !(type "crane" > /dev/null 2>&1); then
   go install github.com/google/go-containerregistry/cmd/crane@latest
 fi
 
-TEST_IMAGE=ghcr.io/aquasecurity/trivy-test-images
-
-
-cat <<EOS
-
-#############################
-Spring4Shell (CVE-2022-22965)
-#############################
-
-EOS
-
-docker build --target jre11 -t ${TEST_IMAGE}:spring4shell-jre11 spring4shell
-docker push ${TEST_IMAGE}:spring4shell-jre11
-docker rmi -f ${TEST_IMAGE}:spring4shell-jre11
-
-docker build --target jre8 -t ${TEST_IMAGE}:spring4shell-jre8 spring4shell
-docker push ${TEST_IMAGE}:spring4shell-jre8
-docker rmi -f ${TEST_IMAGE}:spring4shell-jre8
-
-
-cat <<EOS
-
-##########
-containerd
-##########
-
-EOS
-
-docker build -t ${TEST_IMAGE}/containerd:latest containerd
-docker push ${TEST_IMAGE}/containerd:latest
-docker rmi -f ${TEST_IMAGE}/containerd:latest
-
-
 cat <<EOS
 
 ######################
@@ -81,20 +48,6 @@ EOS
 
 crane copy ghcr.io/distroless/git@sha256:107c3bcf9a5d92c88e1085cb949d247ebe95cfbf6235d4a4307d129d2874de71 ${TEST_IMAGE}:alpine-distroless
 
-
-cat <<EOS
-
-####################
-busybox + Cargo.lock
-####################
-
-EOS
-
-docker build -t ${TEST_IMAGE}:busybox-with-lockfile busybox-with-lockfile
-docker push ${TEST_IMAGE}:busybox-with-lockfile
-docker rmi -f ${TEST_IMAGE}:busybox-with-lockfile
-
-
 cat <<EOS
 
 ############################################