feat: init action

.github/workflows/test.yml

@@ -0,0 +1,22 @@
+on: [push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: test veinmind action
+    steps:
+      - uses: actions/checkout@v3
+      - uses: chaitin/veinmind-action@main
+        with:
+          scan-action: scan-host
+          image-ref: ubuntu:20.04
+  test2:
+    runs-on: ubuntu-latest
+    name: test veinmind action
+    steps:
+      - uses: actions/checkout@v3
+      - run: docker build -t weakpass:latest -f test/Dockerfile .
+      - uses: chaitin/veinmind-action@main
+        with:
+          scan-action: scan-host
+          image-ref: weakpass:latest

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -0,0 +1,34 @@
+# Veinmind Action
+> 基于 [veinmind-tools]() 实现的 [Github Action]()
+
+<img src="https://img.shields.io/github/v/release/chaitin/veinmind-action.svg" />
+<img src="https://img.shields.io/github/release-date/chaitin/veinmind-action.svg?color=blue&label=update" />
+
+![](https://dinfinite.oss-cn-beijing.aliyuncs.com/image/20220424161009.png)
+
+## 🕹️ 快速开始
+扫描在 Action 过程中构建的镜像
+```
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build image from your dockerfile
+        run: docker build -t my-app:${{ github.sha }} .
+      - name: Run veinmind-tools to scan image
+        uses: chaitin/veinmind-action@main
+        with:
+          scan-action: scan-host
+          image-ref: 'my-app:${{ github.sha }}'
+```
+
+## 🏳️‍🌈 参数设置
+
+| 参数名称    | 参数作用       | 默认值    |
+| ----------- | -------------- | --------- |
+| scan-action | 扫描功能类型   | scan-host |
+| image-ref   | 镜像 Reference |           |
+

action.yaml

@@ -0,0 +1,19 @@
+name: 'Veinmind'
+description: 'Scan images for security issues with veinmind-tools'
+author: 'Veinmind Team'
+branding:
+  color: purple
+  icon: check-circle
+inputs:
+  scan-action:
+    description: 'Scan action for scanning security issues'
+    required: true
+    default: 'scan-host'
+  image-ref:
+    description: 'image reference'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - run: bash run.sh ${{ inputs.scan-action }} ${{ inputs.image-ref }}
+      shell: bash

example/workflow.yml

@@ -0,0 +1,14 @@
+on: [push]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build image from your dockerfile
+        run: docker build -t my-app:${{ github.sha }} .
+      - name: Run veinmind-tools to scan image
+        uses: chaitin/veinmind-action@main
+        with:
+          scan-action: scan-host
+          image-ref: 'my-app:${{ github.sha }}'

run.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Install SDK
+echo 'deb [trusted=yes] https://download.veinmind.tech/libveinmind/apt/ ./' | sudo tee /etc/apt/sources.list.d/libveinmind.list
+sudo apt-get update
+sudo apt-get install libveinmind-dev
+
+# Install Runner
+docker pull veinmind/veinmind-runner:latest
+docker run --rm --mount 'type=bind,source=/,target=/host,readonly,bind-propagation=rslave' -v /var/run/docker.sock:/var/run/docker.sock veinmind/veinmind-runner $*

test/Dockerfile

@@ -0,0 +1,2 @@
+FROM ubuntu
+RUN echo "weak:\$6\$865D9X3D\$VYosfH/OiP1o73C5VHGy2uf1Bl1Rpn7zMB2qChhThHOEcQ3CrgcqEZ5LzsMTVPMrTaqlV/AkVkCZ1B3nE2wmR.:19018:0:99999:7:::" >> /etc/shadow