From 3e9f28acf62ade5fb1ed72f9f122132ef672f29e Mon Sep 17 00:00:00 2001
From: Skydust <evann.jallet@gmail.com>
Date: Tue, 26 Nov 2024 00:20:26 +0100
Subject: [PATCH] Initial commit

---
 .gitignore    |  1 +
 Dockerfile    | 11 +++++++++++
 action.yml    | 21 +++++++++++++++++++++
 entrypoint.sh | 38 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 action.yml
 create mode 100644 entrypoint.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..485dee6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..d850c03
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM public.ecr.aws/docker/library/node:22-alpine3.20
+
+# Install git for gitea actions and ansible
+RUN apk add --no-cache git grype bash
+
+WORKDIR /usr/src
+
+COPY entrypoint.sh .
+
+RUN chmod +x /usr/src/entrypoint.sh
+ENTRYPOINT ["bash","-c","/usr/src/entrypoint.sh"]
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..0cafa41
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,21 @@
+name: Docker container scanning
+description: A container scanning tool using grype
+author: Skydust
+
+# Define your inputs here.
+inputs:
+  imageName:
+    description: The image name
+    required: true
+  imagePrefix:
+    description: The image prefix
+    required: false
+    default: ${{ gitea.server_url }}/${{ gitea.repository_owner }}/
+  config:
+    description: The grype configuration path
+    required: false
+    default: ""
+
+runs:
+  using: docker
+  image: Dockerfile
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..b78df1b
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+INPUT_IMAGE_NAME=$imageName
+INPUT_IMAGE_PREFIX=$imagePrefix
+INPUT_CONFIG_PATH=$config
+
+set -e
+
+# shellcheck disable=SC2155
+export LOWERCASE_INPUT_IMAGE_PREFIX="$(echo "$INPUT_IMAGE_PREFIX" | tr '[:upper:]' '[:lower:]')"
+IMAGE_NAME="$(echo "$LOWERCASE_INPUT_IMAGE_PREFIX" | sed 's/^https\?:\/\///')$INPUT_IMAGE_NAME"
+
+if [ -n "$DOCKER_CONFIG_BASE64" ]; then
+  echo "Retrieving docker config"
+  mkdir "$HOME/.docker/"
+  echo "$DOCKER_CONFIG_BASE64" | base64 -d > "$HOME/.docker/config.json"
+fi;
+
+echo "Full image name: $IMAGE_NAME"
+
+if [ -z "$INPUT_IMAGE_NAME" ]; then
+  echo "No image name given."
+  exit 1
+fi;
+
+GRYPE_OPTIONS=("-v")
+
+if [ -n "$INPUT_CONFIG_PATH" ]; then
+  GRYPE_OPTIONS+=("-c" "$INPUT_CONFIG_PATH")
+fi
+
+GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
+
+# shellcheck disable=SC2145
+echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]}"
+grype "${GRYPE_OPTIONS[@]}"
+
+exit 0