Develop

.github/workflows/dispatch-example.yml

@@ -3,31 +3,53 @@ name: GitHub action dispath
 on:
   workflow_dispatch:
     inputs:
-      source-regurl-tag:
+      source_regurl_tag:
         required: true
         default: ""
         description: "Container image registry URL with tag. e.g., gcr.io/project-id-372417/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2"
-      target-regurl:
+      target_regurl:
         required: true
         default: ""
-        description: "Container image registry URL WITHOUT tag e.g., gcr.io/project-id-372417/target-image"
+        description: "Container image registry URL without tag. e.g., gcr.io/project-id-372417/target-image"
 
 jobs:
   copy_container_image:
     name: Copy container image
     runs-on: ubuntu-latest
     env:
-      SOURCE_IMAGE_WITH_TAG: ${{ github.env.inputs.source-regurl-tag }}
-      TARGET_IMAGE_URL: ${{ github.env.inputs.target-regurl }}
+      IMAGE_TAG: ''
+      TARGET_IMAGE: ''   
     steps:
+      - name: print
+        run: |
+          echo ${{ inputs.source_regurl_tag }}
+          echo ${{ inputs.target-tag }}
       - name: Get image tag
         run: |
-          echo IMAGE_TAG=$(echo ${{ env.SOURCE_IMAGE_WITH_TAG }} | cut -d":" -f2) >> $GITHUB_ENV
+          echo IMAGE_TAG=$(echo ${{ inputs.source_regurl_tag }} | cut -d":" -f2) >> $GITHUB_ENV
+          echo "TARGET_IMAGE=${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}" >> $GITHUB_ENV
+
+      - uses: 'google-github-actions/auth@v1'
+        with:
+          credentials_json: ${{ secrets.SA_A }}
+
+      - name: Configure Docker auth for gcloud command-line
+        run: gcloud --quiet auth configure-docker && gcloud auth list
+
+      - name: Pull from source image
+        run: docker pull ${{ inputs.source_regurl_tag }}
+
+      - name: Tag target image
+        run: docker tag ${{ inputs.source_regurl_tag }} ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}
+
+      - name: Push to target
+        run: docker push ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}
 
       - name: Summary
         run: |
-          echo "SOURCE_IMAGE_WITH_TAG=${{ env.SOURCE_IMAGE_WITH_TAG }}" >> $GITHUB_STEP_SUMMARY
-          echo "PROD_IMAGE=${{ env.TARGET_IMAGE_URL }}:${{ env.IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
+          echo "source_regurl_tag: ${{ inputs.source_regurl_tag }}" >> $GITHUB_STEP_SUMMARY
+          echo "target_regurl: ${{ inputs.target_regurl }}" >> $GITHUB_STEP_SUMMARY
+          echo "TARGET_IMAGE: ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
 
       - uses: hmarr/debug-action@v2
         if: always()

.github/workflows/dispatch-request-exmple.json

@@ -1,7 +1,7 @@
 { 
    "ref": "develop",
     "inputs": {
-        "source-url-tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
-        "target-url": "gcr.io/project-id/target-image"
+        "source_regurl_tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
+        "target_regurl": "gcr.io/project-id/target-image"
     }
 }

README.md

@@ -1,3 +1,4 @@
+
 # GitHub Actions
 
 [![Build](https://github.com/DevSecOpsSamples/githubactions/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/DevSecOpsSamples/githubactions/actions/workflows/build.yml)
@@ -71,11 +72,13 @@ Provides GitHub Workflow and Action samples.
 cp .github/workflows/dispatch-request-exmple.json request-body.json
 cat request-body.json
 
+TOKEN="example-github_pat_XXXXX"
+
 curl -d @request-body.json \
   -H "Accept: application/vnd.github+json" \
   -H "X-GitHub-Api-Version: 2022-11-28" \
-  -H "Authorization: Bearer <your-token>" \
-  https://github.com/DevSecOpsSamples/githubactions/actions/workflows/dispatch-example.yml/dispatches
+  -H "Authorization: Bearer $TOKEN" \
+  https://api.github.com/repos/DevSecOpsSamples/githubactions/actions/workflows/dispatch-example.yml/dispatches
 ```
 
 develop branch:
@@ -86,8 +89,8 @@ develop branch:
 { 
    "ref": "develop",
     "inputs": {
-        "test-url-tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
-        "prod-url": "gcr.io/project-id/target-image"
+        "source_regurl_tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
+        "target_regurl": "gcr.io/project-id/target-image"
     }
 }
 ```
@@ -96,10 +99,10 @@ master branch:
 
 ```json
 { 
-   "ref": "develop",
+   "ref": "master",
     "inputs": {
-        "test-url-tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
-        "prod-url": "gcr.io/project-id/target-image"
+        "source_regurl_tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2",
+        "target_regurl": "gcr.io/project-id/target-image"
     }
 }
 ```
@@ -113,4 +116,4 @@ master branch:
 
 - https://github.com/actions/cache/blob/main/examples.md#java---gradle
 
-- https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event
+- https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event

app/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.9-alpine
+
+VOLUME ./:app/
+
+COPY requirements.txt requirements.txt
+RUN pip install -r requirements.txt
+
+COPY . /app/
+
+WORKDIR /app
+
+EXPOSE 8000
+
+CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:8000"]

app/app.py

@@ -0,0 +1,37 @@
+from flask import Flask
+from flask import request
+from flask import json
+from werkzeug.exceptions import HTTPException
+
+app = Flask(__name__)
+
+@app.route("/")
+def ping_root():
+    return ping()
+
+@app.route("/<string:path1>")
+def ping_path1(path1):
+    return ping()
+
+def ping():
+    return {
+        "host": request.host,
+        "url": request.url,
+        "method": request.method,
+        "message": "ping-api"
+    }
+
+@app.errorhandler(HTTPException)
+def handle_exception(e):
+    response = e.get_response()
+    response.data = json.dumps({
+        "code": e.code,
+        "name": e.name,
+        "description": e.description,
+    })
+    response.content_type = "application/json"
+    return response
+
+if __name__ == '__main__':
+    app.debug = True
+    app.run(host='0.0.0.0', port=8000)

app/requirements.txt

@@ -0,0 +1,2 @@
+Flask==2.1.1
+gunicorn==20.1.0