build docker container

.github/actions/build-ssweb/README.md

@@ -0,0 +1,17 @@
+# Build VOL API Artifact
+Action to build VOL API artifact
+
+####  Prerequisites
+Git checkout
+
+####  Context
+This action allows the workflow to build VOL API artifact
+
+####  Outputs
+VOL_API_Artifact
+
+####  Usage     
+```yaml
+- name: Build VOL API artifact
+  uses: dvsa/olcs-backend/.github/actions/build-vol-api@main       
+```

.github/actions/build-ssweb/action.yaml

@@ -0,0 +1,38 @@
+name: Build VOL SSWEB FE
+description: Build VOL SSWEB FE
+
+runs:
+  using: 'composite'
+  steps: 
+    - uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version:  ${{ inputs.terraform_version }}      
+        terraform_wrapper: false
+
+    # Create s3 bucket in vol-non-prod tooling & vol-prod tooling to get the composer
+    - name: Download the compose file
+      run: |
+        php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+        php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+        php -r "unlink('composer-setup.php');"
+      shell: bash
+
+    - name: Install Composer dependencies
+      run: |
+       composer install --optimize-autoloader --no-interaction --no-dev
+      shell: bash
+
+    - name: Build VOL SSWEB FE
+      run: |
+        date > config/version
+        git describe --all >> config/version
+        tar cvzf selfserve.tar.gz --exclude=config/autoload/local.php \
+          --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor
+      shell: bash
+
+    # - name: Save Artifact
+    #   uses: actions/upload-artifact@v3
+    #   with:
+    #     name: VOL_selfserve_Artifact
+    #     path: ./backend.tar.gz
+    #     retention-days: 1

.github/actions/image-integrity/README.md

@@ -0,0 +1,17 @@
+# Build VOL API Artifact
+Action to build VOL API artifact
+
+####  Prerequisites
+Git checkout
+
+####  Context
+This action allows the workflow to build VOL API artifact
+
+####  Outputs
+VOL_API_Artifact
+
+####  Usage     
+```yaml
+- name: Build VOL API artifact
+  uses: dvsa/olcs-backend/.github/actions/build-vol-api@main       
+```

.github/actions/image-integrity/action.yaml

@@ -0,0 +1,50 @@
+name: Validate AWS ECR Image Signature
+description: Validate AWS ECR Image Signature
+
+inputs:
+  aws_signer_profile_arn:
+    description: 'AWS Signer Profile ARN if `image_sign_create` is set to `true`'
+    required: false
+  ecr_tagged_image:
+    description: 'AWS ECR Image: {ACCOUNT_ID}.dkr.ecr.{REGION}.amazonaws.com/{REPO_NAME}:{IMAGE_TAG}'
+    required: true
+  image_sign_create:
+    description: 'Sign image if `true`'
+    required: true
+    default: 'false'
+  image_sign_inspect:
+    description: 'Inspect sign if `true`'
+    required: true
+    default: 'false'
+
+runs:
+  using: 'composite'
+  steps: 
+    - name: Login to ECR
+      id: login-to-ecr
+      uses: aws-actions/[email protected]
+
+    - name: Setup Notation CLI
+      uses: notaryproject/notation-action/setup@v1
+      with:
+        version: 1.0.0
+
+    - name: Set up Notation AWS Signer plugin
+      run: |
+        wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
+        sudo dpkg -i aws-signer-notation-cli_amd64.deb
+      shell: bash
+
+    - name: Sign image
+      if: inputs.image_sign_create == 'true'
+      run: |
+        notation sign ${{ inputs.ecr_tagged_image }} \
+          --plugin "com.amazonaws.signer.notation.plugin" \
+          --id "${{ inputs.aws_signer_profile_arn }}"
+      shell: bash
+
+    - name: Validate signature of image
+      if: inputs.image_sign_inspect == 'true'
+      run: |
+        notation inspect ${{ inputs.ecr_tagged_image }}
+      shell: bash

.github/workflows/docker-hadolint.yaml

@@ -0,0 +1,23 @@
+name: Lint check Dockerfile
+
+on:
+  workflow_call:
+
+jobs:
+  hadolint:
+
+    name: Run hadolint on Dockerfile
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout the repository to the runner
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Lint check on dockerfile
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: dockerfile
+          ignore: DL3018,DL3048

.github/workflows/image-sign-validation.yaml

@@ -0,0 +1,46 @@
+name: Validate AWS ECR Image Signature
+
+on:
+  workflow_call:
+    secrets:
+      aws_role_arn:
+        required: true
+      ecr_tagged_image:
+        required: true
+
+jobs:
+
+  validate-image-signature:
+
+    name: Validate Image Sign
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout the repository to the runner
+        uses: actions/checkout@v3
+
+      - name: Configure aws credential
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.aws_role_arn }}
+          role-session-name: GithubActionsSession
+          aws-region: ${{ vars.DVSA_AWS_REGION }}
+
+      - name: Login to ECR
+        id: login-to-ecr
+        uses: aws-actions/[email protected]
+
+      - name: Setup Notation CLI
+        uses: notaryproject/notation-action/setup@v1
+        with:
+          version: 1.0.0
+
+      - name: Set up Notation AWS Signer plugin
+        run: |
+          wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
+          sudo dpkg -i aws-signer-notation-cli_amd64.deb
+
+      - name: Validate signature of VOL API image
+        run: |
+          notation inspect ${{ secrets.ecr_tagged_image }}