Skip to content

feat: publish eol-scan image #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rlmestre merged 5 commits into from
Jul 16, 2025
Merged

feat: publish eol-scan image #282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
33aa795
feat: publish eol-scan image; document GitHub Actions workflows
rlmestre Jul 14, 2025
b3cb6cc
chore: add link to cdxgen
rlmestre Jul 14, 2025
151ee2e
chore: bump CI tested Node version to 24
rlmestre Jul 14, 2025
19f4269
chore: add GitLab steps and improve readme
rlmestre Jul 14, 2025
03db7c3
chore: fix typo in readme
rlmestre Jul 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,10 @@ jobs:
needs: shellcheck
strategy:
fail-fast: false
max-parallel: 3
matrix:
node:
- 20
- 22
- 23
platform:
- ubuntu-latest
- macos-latest
- windows-latest
node: [20, 22, 24]
platform: [ubuntu-latest, macos-latest, windows-latest]
Comment thread
rlmestre marked this conversation as resolved.
name: "${{matrix.platform}} w/ Node.js ${{matrix.node}}.x"
runs-on: ${{matrix.platform}}
env:
Expand Down
45 changes: 45 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,48 @@ jobs:
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }}

publish-images:
name: Publish Images
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Parse tag
run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV

- uses: docker/metadata-action@v5
id: meta
with:
# Enable when we have Docker Hub set up
images: |
name=ghcr.io/herodevs/eol-scan
name=docker.io/herodevs/eol-scan,enable=false
tags: |
type=sha,format=long
type=raw,value=latest
type=raw,value=${{ env.VERSION }}

- uses: docker/login-action@v3
# Enable when we have Docker Hub set up
if: ${{ false }}
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v6
with:
context: .
file: ./ci/image.Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
92 changes: 92 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,3 +237,95 @@ EXAMPLES

_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.45/src/commands/update.ts)_
<!-- commandsstop -->

## CI/CD Usage

You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.

### Using the Docker Image (recommended)

We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen),
it contains build tools for most project types and will provide best results when generating an SBOM.

#### GitHub Actions

```yaml
# .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Run EOL Scan with Docker
uses: docker://ghcr.io/herodevs/eol-scan
with:
args: "--json"
```

#### GitLab CI/CD

```yaml
eol-scan:
image:
name: "ghcr.io/herodevs/eol-scan"
# Entrypoint or base command must be disabled due
# to GitLab's execution mechanism and run manually
entrypoint: [""]
script: "npx @herodevs/cli@beta --json"
```

### Using `npx`

You can use `npx` to run the CLI just like you'd run it locally.

> [!NOTE]
> The development environment is expected to be ready to run the app. For best results,
prefer [using the prebuilt image](#using-the-docker-image-recommended), but otherwise, prepare
all requirements before the scan step.

#### GitHub Actions

```yaml
# .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'

- run: echo # Prepare environment, install tooling, perform setup, etc.

- name: Run EOL Scan
run: npx @herodevs/cli@beta
```

#### GitLab CI/CD

```yaml
image: alpine

eol-scan:
script:
- echo # Prepare environment, install tooling, perform setup, etc.
- npx @herodevs/cli@beta
```
Comment thread
rlmestre marked this conversation as resolved.
6 changes: 6 additions & 0 deletions ci/image.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM ghcr.io/cyclonedx/cdxgen:v11.4.3
WORKDIR /app
COPY . .
Comment thread
rlmestre marked this conversation as resolved.
Comment thread
rlmestre marked this conversation as resolved.
RUN npm config set update-notifier false && npm config set loglevel error
ENV NODE_NO_WARNINGS=1
ENTRYPOINT ["npm", "exec", "-y", "@herodevs/cli@beta", "--", "scan:eol"]
Loading