some docu

comsysto · Sep 23, 2024 · fb2427e · fb2427e
1 parent 552a605
commit fb2427e
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -137,4 +137,32 @@ The [`reusable-workflow-packer-image.yml`](./.github/workflows/reusable-workflow
 
 ### Example User Repository
 
-An example user repository that demonstrates how to call these reusable workflows can be found [here](https://github.com/comsysto/wp10-image-factory-user).
+An example user repository that demonstrates how to call these reusable workflows can be found [here](https://github.com/comsysto/wp10-image-factory-user-1).
+
+## GitHub Action Runners
+
+### Multi-target architecture
+
+Our infrastructure now supports the production of both arm64 and amd64 container images. This enhancement has been achieved by enabling multi-architecture support on our Image Factory GitHub Actions runners.
+
+The following commands were executed to facilitate this capability:
+
+```bash
+sudo update-binfmts --enable qemu-aarch64
+sudo update-binfmts --enable qemu-arm
+```
+
+By enabling these QEMU interpreters, our CI/CD pipeline can seamlessly handle and build container images for multiple architectures, empowering customers with greater flexibility and compatibility for their deployment needs.
+
+### Quality gate and SBOM generation
+
+Quality Gate Checking with Trivy helps us enforce quality gates automatically. This integration reduces the risk of deploying insecure or non-compliant images to production, maintaining high security.
+
+SBOM Generation with Trivy provides detailed visibility into the components, libraries, and dependencies within our Docker images. This transparency allows us to manage software components effectively, quickly identify and mitigate vulnerabilities, and ensure compliance with licensing and regulatory requirements.
+
+SBOM is generated in following formats:
+
+- CycloneDX
+- SPDX
+
+Each invocation of our reusable workflow generates and uploads the results to the GitHub Actions run. The output is consolidated into a file named image-scan-results.zip.
diff --git a/images/docker/image-factory-runner/Dockerfile b/images/docker/image-factory-runner/Dockerfile
@@ -33,16 +33,6 @@ RUN apt-get update -y && \
     wget && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# # Create runner user
-# RUN mkdir -p ${USER_HOME} && \
-#     useradd -r -d ${USER_HOME} -s /sbin/nologin -c "GitHub Actions User" ${USER_NAME}
-
-# # Add podman configuration file(s) and permissions
-# ADD files/containers.conf ${USER_HOME}/.config/containers/containers.conf
-# ADD files/registries.conf ${USER_HOME}/.config/containers/registries.conf
-# RUN mkdir -p ${USER_HOME}/.local/share/containers && \
-#     chown -R ${USER_GROUP}:${USER_NAME} ${USER_HOME}
-
 # Create runner user and necessary directories
 RUN groupadd -r ${USER_GROUP} && \
     useradd -r -d ${USER_HOME} -s /sbin/nologin -g ${USER_GROUP} -c "GitHub Actions User" ${USER_NAME} && \

diff --git a/images/packer/Readme.md b/images/packer/Readme.md
@@ -0,0 +1,25 @@
+# packer
+
+This directory contains 2 repositories:
+
+- image-factory-vm
+- user-packer
+
+Both directories are used to build VM images with Packer and store them in Azure Shared Image Gallery however there is difference in when one is used:
+
+## image-factory-vm
+
+This directory contains Packer scripts to build Image Factory VM which will host GitHub Actions runner.
+
+Produced VM image version is then used by Terraform module during deployment:
+
+- runner
+
+To trigger image rebuild following GitHub Actions Workflow needs to be executed:
+
+- Build Image Factory VM
+
+## user-packer
+
+This directory contains Packer scripts to build user VM images produced by Image Factory.
+These scripts are used whenever user calls reusable workflow: "Reusable workflow - build packer VM"
diff --git a/images/packer/user-packer/scripts/setup-vm.sh b/images/packer/user-packer/scripts/setup-vm.sh