From ca90666f0f826262d61747a2c444bed3cac34177 Mon Sep 17 00:00:00 2001
From: iadgovuser29 <33426478+iadgovuser29@users.noreply.github.com>
Date: Tue, 30 Jan 2024 14:03:17 -0500
Subject: [PATCH] GitHub Workflow to create V3 ACA docker images

---
 .ci/docker/Dockerfile.aca-windows       |   5 +-
 .github/workflows/create_aca_images.yml | 182 ++++++++++++++++++++++++
 2 files changed, 185 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/create_aca_images.yml

diff --git a/.ci/docker/Dockerfile.aca-windows b/.ci/docker/Dockerfile.aca-windows
index cb3b54a1..cc61a4e5 100644
--- a/.ci/docker/Dockerfile.aca-windows
+++ b/.ci/docker/Dockerfile.aca-windows
@@ -22,9 +22,10 @@ RUN mkdir -p C:/ProgramData/hirs/log
 # Download and install Java 17
 RUN ((New-Object System.Net.WebClient).DownloadFile('https://download.oracle.com/java/17/archive/jdk-17.0.8_windows-x64_bin.exe', 'C:/jdk-17.0.8_windows-x64_bin.exe'))
 RUN Write-Host "Installing JDK..."
-RUN ./jdk-17.0.8_windows-x64_bin.exe /s
+RUN Start-Process -filepath 'C:/jdk-17.0.8_windows-x64_bin.exe' -Wait -PassThru -ArgumentList "/s"
 RUN Write-Host "Finished installing JDK."
 
+RUN ls 'C:\Program Files'
 RUN ls 'C:\Program Files\Java'
 RUN ls 'C:\Program Files\Java\jdk-17\'
 
@@ -56,7 +57,7 @@ RUN Write-Host "Finished installing .NET SDK."
 RUN ((New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/17/release/vs_buildtools.exe', 'C:/vs_buildtools.exe'))
 RUN ((New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/17/release/channel', 'C:/vs_channel.chman'))
 RUN Write-Host "Installing Visual Studio Build Tools..."
-RUN C:/vs_buildtools.exe --quiet --wait --norestart --nocache --channelUri C:/vs_channel.chman --installChannelUri C:/vs_channel.chman --add Microsoft.VisualStudio.Workload.VCTools --includeRecommended --installPath C:/vsbuildtools
+RUN Start-Process -FilePath 'C:/vs_buildtools.exe' -ArgumentList \"--quiet --wait --norestart --nocache --channelUri C:/vs_channel.chman --installChannelUri C:/vs_channel.chman --add Microsoft.VisualStudio.Workload.VCTools --includeRecommended --installPath C:/vsbuildtools\" -Wait -PassThru
 RUN Write-Host "Finished installing Visual Studio Build Tools."
 
 # Download and extract pre-built openssl
diff --git a/.github/workflows/create_aca_images.yml b/.github/workflows/create_aca_images.yml
new file mode 100644
index 00000000..04c817f4
--- /dev/null
+++ b/.github/workflows/create_aca_images.yml
@@ -0,0 +1,182 @@
+name: Create ACA Docker Image
+on:
+  release:
+    types: [ published ]
+  workflow_dispatch:
+    inputs:
+      also_tag_latest:
+        description: 'Tag latest?'
+        required: false
+        type: boolean
+env:
+  DOCKERFILE_ROCKY: aca-rocky
+  DOCKERFILE_WINDOWS: aca-windows
+  IMAGE_NAME_ROCKY: ghcr.io/nsacyber/hirs/aca-rocky
+  IMAGE_NAME_WINDOWS: ghcr.io/nsacyber/hirs/aca-windows
+  IMAGE_NAME_WINDOWS_COMPAT: ghcr.io/nsacyber/hirs/aca-windows-1809
+  PUBLIC_IMAGE_NAME: ghcr.io/nsacyber/hirs/aca
+  PUBLIC_IMAGE_TAG_LATEST: ghcr.io/nsacyber/hirs/aca:latest
+  TAG_LATEST: ${{ github.event_name == 'release' || inputs.also_tag_latest }} # The public docker image will be tagged 'latest' for releases, or if this option is manually selected.
+jobs:   
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      IMAGE_TAG: ${{ steps.setenv.outputs.IMAGE_TAG }}
+      ROCKY_IMAGE_TAG: ${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }}
+      WINDOWS_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }}
+      WINDOWS_COMPAT_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
+      PUBLIC_IMAGE_TAG: ${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }}
+    steps:
+    - name: Set env
+      id: setenv
+      shell: bash
+      run: |
+        # Parse docker image tag from GitHub tag if available
+        if [ "${{ github.ref_type }}" = "tag" ]; then
+          # tags start with refs/tags/. Also remove v if it exists.
+          export IMAGE_TAG_VAR=${GITHUB_REF:10}
+          export IMAGE_TAG_VAR=${IMAGE_TAG_VAR//v/}
+        else
+          # Not a tag, use the commit hash. Do not tag as latest.
+          export IMAGE_TAG_VAR=${GITHUB_SHA:0:7}
+        fi
+        # To lowercase
+        export IMAGE_TAG_VAR=${IMAGE_TAG_VAR,,}
+        
+        # Save to output
+        echo "IMAGE_TAG=$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
+        echo "ROCKY_IMAGE_TAG=$IMAGE_NAME_ROCKY:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
+        echo "WINDOWS_IMAGE_TAG=$IMAGE_NAME_WINDOWS:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
+        echo "WINDOWS_COMPAT_IMAGE_TAG=$IMAGE_NAME_WINDOWS_COMPAT:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
+        echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
+    - name: Print env
+      run: |
+        echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY
+        echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS
+        echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY
+        echo IMAGE_NAME_WINDOWS=$IMAGE_NAME_WINDOWS
+        echo IMAGE_NAME_WINDOWS_COMPAT=$IMAGE_NAME_WINDOWS_COMPAT
+        echo PUBLIC_IMAGE_NAME=$PUBLIC_IMAGE_NAME
+        echo PUBLIC_IMAGE_TAG_LATEST=$PUBLIC_IMAGE_TAG_LATEST
+        echo TAG_LATEST=$TAG_LATEST
+        echo IMAGE_TAG=${{ steps.setenv.outputs.IMAGE_TAG }}
+        echo ROCKY_IMAGE_TAG=${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }}
+        echo WINDOWS_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }}
+        echo WINDOWS_COMPAT_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
+        echo PUBLIC_IMAGE_TAG=${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }}
+  
+  rocky-image:
+    needs: setup
+    runs-on: ubuntu-latest
+    env:
+      TAG: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }}
+    steps:
+    - name: Checkout main
+      uses: actions/checkout@v4
+      
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+        
+    - name: Build and push a release Docker image for ${{ github.repository }}
+      uses: docker/build-push-action@v5
+      with:
+        context: "{{defaultContext}}:.ci/docker"
+        file: Dockerfile.${{env.DOCKERFILE_ROCKY}}
+        tags: ${{env.TAG}}
+        push: true
+        
+  windows-11-image:
+    needs: setup
+    runs-on: windows-latest
+    env:
+      TAG: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }}
+    steps:
+    - name: Checkout main
+      uses: actions/checkout@v4
+      
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build the docker image for ${{ github.repository }}
+      run: |
+        cd ./.ci/docker
+        docker build -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
+    
+    - name: Push the docker image
+      run: |
+        docker push ${{env.TAG}}
+        
+  windows-compat-image: # This job uses a different runner and build arg than the other windows job.
+    needs: setup
+    runs-on: windows-2019
+    env:
+      TAG: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
+    steps:
+    - name: Checkout main
+      uses: actions/checkout@v4
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build the docker image for ${{ github.repository }}
+      run: |
+        cd ./.ci/docker
+        docker build -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
+        
+    - name: Push the docker image
+      run: |
+        docker push ${{env.TAG}}
+        
+        
+  manifest:
+    needs: [setup, rocky-image, windows-11-image, windows-compat-image]
+    runs-on: ubuntu-latest
+    env:
+      IMAGE1: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }}
+      IMAGE2: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }}
+      IMAGE3: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }}
+      PUB: ${{ needs.setup.outputs.PUBLIC_IMAGE_TAG }}
+    steps:
+    - name: Print env
+      run: |
+        echo IMAGE1=${{env.IMAGE1}}
+        echo IMAGE2=${{env.IMAGE2}}
+        echo IMAGE3=${{env.IMAGE3}}
+        echo PUB=${{env.PUB}}
+        
+    - name: Checkout main
+      uses: actions/checkout@v4
+      
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+          
+    - name: Create a new manifest
+      run: |
+        docker manifest create ${{env.PUB}} --amend ${{env.IMAGE1}} --amend ${{env.IMAGE2}} --amend ${{env.IMAGE3}}
+        
+    - name: Push the new manifest
+      run: |
+        docker manifest push ${{env.PUB}}
+        
+    - name: Create and push manifest latest if selected
+      if: env.TAG_LATEST != 'false'
+      run: |
+        docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3
+        docker manifest push $PUBLIC_IMAGE_TAG_LATEST
+ 
\ No newline at end of file