From 4c6262d8063c51a410f065274d6fa57e83ba24cc Mon Sep 17 00:00:00 2001 From: soumya Date: Mon, 23 Feb 2026 06:16:39 +0100 Subject: [PATCH 1/3] Add: agents-deployment actions --- agents/action.yml | 80 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 agents/action.yml diff --git a/agents/action.yml b/agents/action.yml new file mode 100644 index 00000000..e00d8b96 --- /dev/null +++ b/agents/action.yml @@ -0,0 +1,80 @@ +name: 'Agents Production Deployment' +description: 'Promote staging agent image to production feed' + +inputs: + image_repository: + description: 'Full image repository path (e.g., greenbone/scan-agent-app)' + required: true + staging_version: + description: 'Version tag from staging to promote' + required: true + github_token: + description: 'GitHub token for GHCR access' + required: true + harbor_registry: + description: 'Harbor registry URL' + required: true + harbor_username: + description: 'Harbor username' + required: true + harbor_password: + description: 'Harbor password' + required: true + +runs: + using: "composite" + steps: + - name: Extract service name for Harbor + shell: bash + id: service + run: | + SERVICE_NAME=$(echo "${{ inputs.image_repository }}" | cut -d'/' -f2) + echo "service_name=$SERVICE_NAME" >> $GITHUB_OUTPUT + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.github_token }} + + - name: Verify and pull staging image + shell: bash + run: | + STAGING_IMAGE="ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}-staging" + + if ! docker manifest inspect "$STAGING_IMAGE" > /dev/null 2>&1; then + echo "Error: Staging image not found: $STAGING_IMAGE" + exit 1 + fi + + docker pull $STAGING_IMAGE + echo "STAGING_IMAGE=$STAGING_IMAGE" >> $GITHUB_ENV + + - name: Tag and push to GHCR production + shell: bash + run: | + docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }} + docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:enterprise + docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:latest + docker push ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }} + docker push ghcr.io/${{ inputs.image_repository }}:enterprise + docker push ghcr.io/${{ inputs.image_repository }}:latest + + - name: Login to Harbor + uses: docker/login-action@v3 + with: + registry: ${{ inputs.harbor_registry }} + username: ${{ inputs.harbor_username }} + password: ${{ inputs.harbor_password }} + + - name: Tag and push to Harbor + shell: bash + run: | + HARBOR_IMAGE="${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}" + docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:${{ inputs.staging_version }} + docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:community + docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:latest + docker push ${HARBOR_IMAGE}:${{ inputs.staging_version }} + docker push ${HARBOR_IMAGE}:community + docker push ${HARBOR_IMAGE}:latest From 629e6a3b8078ba95f7541d75d8135b61adb063e2 Mon Sep 17 00:00:00 2001 From: soumya Date: Mon, 23 Feb 2026 06:28:39 +0100 Subject: [PATCH 2/3] Add: dry-run to test --- agents/action.yml | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/agents/action.yml b/agents/action.yml index e00d8b96..7eb23645 100644 --- a/agents/action.yml +++ b/agents/action.yml @@ -8,6 +8,10 @@ inputs: staging_version: description: 'Version tag from staging to promote' required: true + dry_run: + description: 'Dry run mode - verify only, do not push to production' + required: false + default: 'true' github_token: description: 'GitHub token for GHCR access' required: true @@ -48,10 +52,18 @@ runs: exit 1 fi - docker pull $STAGING_IMAGE + echo "Staging image verified: $STAGING_IMAGE" + + if [ "${{ inputs.dry_run }}" = "true" ]; then + echo "DRY RUN MODE - Skipping pull" + else + docker pull $STAGING_IMAGE + fi + echo "STAGING_IMAGE=$STAGING_IMAGE" >> $GITHUB_ENV - name: Tag and push to GHCR production + if: inputs.dry_run != 'true' shell: bash run: | docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }} @@ -61,7 +73,17 @@ runs: docker push ghcr.io/${{ inputs.image_repository }}:enterprise docker push ghcr.io/${{ inputs.image_repository }}:latest + - name: Dry run summary for GHCR + if: inputs.dry_run == 'true' + shell: bash + run: | + echo "DRY RUN - Would push to GHCR:" + echo " - ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}" + echo " - ghcr.io/${{ inputs.image_repository }}:enterprise" + echo " - ghcr.io/${{ inputs.image_repository }}:latest" + - name: Login to Harbor + if: inputs.dry_run != 'true' uses: docker/login-action@v3 with: registry: ${{ inputs.harbor_registry }} @@ -69,6 +91,7 @@ runs: password: ${{ inputs.harbor_password }} - name: Tag and push to Harbor + if: inputs.dry_run != 'true' shell: bash run: | HARBOR_IMAGE="${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}" @@ -78,3 +101,12 @@ runs: docker push ${HARBOR_IMAGE}:${{ inputs.staging_version }} docker push ${HARBOR_IMAGE}:community docker push ${HARBOR_IMAGE}:latest + + - name: Dry run summary for Harbor + if: inputs.dry_run == 'true' + shell: bash + run: | + echo "DRY RUN - Would push to Harbor:" + echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:${{ inputs.staging_version }}" + echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:community" + echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:latest" From 813dd379093b645a7d56030dbeabe24ad3964e5b Mon Sep 17 00:00:00 2001 From: soumya Date: Mon, 23 Feb 2026 17:30:36 +0100 Subject: [PATCH 3/3] Change: remove community and harbor deplployment --- agents/action.yml | 51 +---------------------------------------------- 1 file changed, 1 insertion(+), 50 deletions(-) diff --git a/agents/action.yml b/agents/action.yml index 7eb23645..62c34477 100644 --- a/agents/action.yml +++ b/agents/action.yml @@ -1,5 +1,5 @@ name: 'Agents Production Deployment' -description: 'Promote staging agent image to production feed' +description: 'Promote staging agent image to enterprise feed in GHCR' inputs: image_repository: @@ -15,26 +15,10 @@ inputs: github_token: description: 'GitHub token for GHCR access' required: true - harbor_registry: - description: 'Harbor registry URL' - required: true - harbor_username: - description: 'Harbor username' - required: true - harbor_password: - description: 'Harbor password' - required: true runs: using: "composite" steps: - - name: Extract service name for Harbor - shell: bash - id: service - run: | - SERVICE_NAME=$(echo "${{ inputs.image_repository }}" | cut -d'/' -f2) - echo "service_name=$SERVICE_NAME" >> $GITHUB_OUTPUT - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: @@ -46,20 +30,16 @@ runs: shell: bash run: | STAGING_IMAGE="ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}-staging" - if ! docker manifest inspect "$STAGING_IMAGE" > /dev/null 2>&1; then echo "Error: Staging image not found: $STAGING_IMAGE" exit 1 fi - echo "Staging image verified: $STAGING_IMAGE" - if [ "${{ inputs.dry_run }}" = "true" ]; then echo "DRY RUN MODE - Skipping pull" else docker pull $STAGING_IMAGE fi - echo "STAGING_IMAGE=$STAGING_IMAGE" >> $GITHUB_ENV - name: Tag and push to GHCR production @@ -81,32 +61,3 @@ runs: echo " - ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}" echo " - ghcr.io/${{ inputs.image_repository }}:enterprise" echo " - ghcr.io/${{ inputs.image_repository }}:latest" - - - name: Login to Harbor - if: inputs.dry_run != 'true' - uses: docker/login-action@v3 - with: - registry: ${{ inputs.harbor_registry }} - username: ${{ inputs.harbor_username }} - password: ${{ inputs.harbor_password }} - - - name: Tag and push to Harbor - if: inputs.dry_run != 'true' - shell: bash - run: | - HARBOR_IMAGE="${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}" - docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:${{ inputs.staging_version }} - docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:community - docker tag $STAGING_IMAGE ${HARBOR_IMAGE}:latest - docker push ${HARBOR_IMAGE}:${{ inputs.staging_version }} - docker push ${HARBOR_IMAGE}:community - docker push ${HARBOR_IMAGE}:latest - - - name: Dry run summary for Harbor - if: inputs.dry_run == 'true' - shell: bash - run: | - echo "DRY RUN - Would push to Harbor:" - echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:${{ inputs.staging_version }}" - echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:community" - echo " - ${{ inputs.harbor_registry }}/community/${{ steps.service.outputs.service_name }}:latest"