From 430dfe38d5e2c963e39ce75fff120bf23efcf0ec Mon Sep 17 00:00:00 2001
From: maximkorezkij <maxim.korezkij@digits.schwarz>
Date: Thu, 19 Mar 2026 13:08:28 +0100
Subject: [PATCH] fix: first commit

---
 README.md                          |  3 ++
 actions/docker/build/action.yml    | 74 ++++++++++++++++++++++++++++++
 actions/docker/manifest/action.yml | 53 +++++++++++++++++++++
 3 files changed, 130 insertions(+)
 create mode 100644 README.md
 create mode 100644 actions/docker/build/action.yml
 create mode 100644 actions/docker/manifest/action.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..87bcb8e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# IaaS-Actions
+
+This repo holds default yaml files to use as actions.
diff --git a/actions/docker/build/action.yml b/actions/docker/build/action.yml
new file mode 100644
index 0000000..91c240f
--- /dev/null
+++ b/actions/docker/build/action.yml
@@ -0,0 +1,74 @@
+---
+name: docker-build-main
+
+description: "Runs docker-build-main"
+
+inputs:
+  roleId:
+    description: 'This is the vault approle id'
+    required: true
+  secretId:
+    description: 'This is the vault approle secret id'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Get Vault secrets
+      id: import-secrets
+      uses: https://stackit-iaas.git.onstackit.cloud/actions/vault-action@v3
+      with:
+        url: ${{ vars.VAULT_HOST }}
+        caCertificate: ${{ vars.VAULT_CA_CERT }}
+        method: approle
+        outputToken: true
+        roleId: ${{ inputs.roleId }}
+        secretId: ${{ inputs.secretId }}
+        secrets: |
+          iaas/data/docker-registry/registry.infra.eu01.int.stackit.cloud harbor-push | REGISTRY_PASS ;
+          iaas/data/git/forgejo/iaas-technical-user readonly | FORGEJO_SECRET_TOKEN ;
+          iaas/data/azure read_only_token | AZURE_DEVOPS_TOKEN ;
+    - name: Login to Registry
+      uses: https://stackit-iaas.git.onstackit.cloud/actions/login-action@v4
+      with:
+        registry: ${{ env.REGISTRY_URL }}
+        username: ${{ env.REGISTRY_USER }}
+        password: ${{ env.REGISTRY_PASS }}
+    - name: docker-build-main
+      env:
+        DOCKER_FORGEJO_TOKEN: ${{ steps.import-secrets.outputs.FORGEJO_SECRET_TOKEN }}
+        DOCKER_AZURE_DEVOPS_TOKEN: ${{ steps.import-secrets.outputs.AZURE_DEVOPS_TOKEN }}
+      shell: bash
+      run: |
+        set -x
+        if [ -n "${BRANCH_NAME}" ]; then
+          BRANCH_NICE=$(echo ${BRANCH_NAME} | iconv -t ascii | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z)
+          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${BRANCH_NICE}-${TARGET_ARCH}"
+        elif [ -n "${TAG}" ]; then
+          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${TAG}-${TARGET_ARCH}"
+        else
+          echo "Either TAG or BRANCH_NAME env variable need to be set. Exiting."
+          exit 1
+        fi
+
+        is_release="${RELEASE:-false}"
+        build_args=("--tag" "$DOCKER_TAG")
+        if [[ $RELEASE == "true" ]]; then
+          DOCKER_LATEST="${REGISTRY_URL}/${DOCKER_PATH}:latest-${TARGET_ARCH}"
+          build_args+=("--tag" "$DOCKER_LATEST")
+        fi
+
+        set +x
+        docker build . \
+          --build-arg FORGEJO_TOKEN="${DOCKER_FORGEJO_TOKEN}" \
+          --build-arg AZURE_DEVOPS_TOKEN="${DOCKER_AZURE_DEVOPS_TOKEN}" \
+          --file ${DOCKER_FILE} \
+          --platform "linux/${TARGET_ARCH}" \
+          --provenance false \
+          "${build_args[@]}"
+
+        docker push $DOCKER_TAG
+
+        if [[ $RELEASE == true ]]; then
+          docker push $DOCKER_LATEST
+        fi
diff --git a/actions/docker/manifest/action.yml b/actions/docker/manifest/action.yml
new file mode 100644
index 0000000..e9407b1
--- /dev/null
+++ b/actions/docker/manifest/action.yml
@@ -0,0 +1,53 @@
+---
+name: manifest
+
+description: "Creates manifest"
+
+inputs:
+  roleId:
+    description: 'This is the vault approle id'
+    required: true
+  secretId:
+    description: 'This is the vault approle secret id'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Get Vault secrets
+      uses: https://github.com/hashicorp/vault-action@v3
+      with:
+        url: ${{ vars.VAULT_HOST }}
+        caCertificate: ${{ vars.VAULT_CA_CERT }}
+        method: approle
+        outputToken: true
+        roleId: ${{ inputs.roleId }}
+        secretId: ${{ inputs.secretId }}
+        secrets: |
+          iaas/data/docker-registry/registry.infra.eu01.int.stackit.cloud harbor-push | REGISTRY_PASS ;
+    - name: Login to Registry
+      uses: https://stackit-iaas.git.onstackit.cloud/actions/login-action@v4
+      with:
+        registry: ${{ env.REGISTRY_URL }}
+        username: ${{ env.REGISTRY_USER }}
+        password: ${{ env.REGISTRY_PASS }}
+    - name: Create Manifest
+      shell: bash
+      run: |
+        if [ -n "${BRANCH_NAME}" ]; then
+          BRANCH_NICE=$(echo ${BRANCH_NAME} | iconv -t ascii | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z)
+          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${BRANCH_NICE}"
+        elif [ -n "${TAG}" ]; then
+          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${TAG}"
+        else
+          echo "Either TAG or BRANCH_NAME env variable need to be set. Exiting."
+          exit 1
+        fi
+
+        docker manifest create "${DOCKER_TAG}" "${DOCKER_TAG}-amd64" "${DOCKER_TAG}-arm64"
+        docker manifest push "${DOCKER_TAG}"
+
+        if [[ $RELEASE == "true" ]]; then
+          docker manifest create "${DOCKER_LATEST}" "${DOCKER_LATEST}-amd64" "${DOCKER_LATEST}-arm64"
+          docker manifest push "${DOCKER_LATEST}"
+        fi