secureCodeBox · rfelber · Jul 2, 2021 · Jun 25, 2021 · Jun 25, 2021 · Jun 26, 2021
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -173,6 +173,14 @@ jobs:
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/${{ matrix.component }}
+          readme-filepath: ./${{ matrix.component }}/docs/README.DockerHub-Core.md
 
   # ---- Build Stage | SDK Matrix ----
 
@@ -275,6 +283,14 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
 
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.hook }}
+          readme-filepath: ./hooks/${{ matrix.hook }}/docs/README.DockerHub-Hook.md
+
   # ---- Build Stage | Matrix Parsers ----
 
   parsers:
@@ -340,6 +356,14 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
 
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.parser }}
+          readme-filepath: ./scanners/${{ matrix.parser }}/docs/README.DockerHub-Parser.md
+
   # ---- Build | Scanners ----
 
   # Note we only build images for scanner that don't provider official public container images
@@ -405,6 +429,14 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
 
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }}
+          readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md
+
   # ---- Build | Scanners | Custom Scanner ----
 
   # This Section contains Scanners that are developed by the secureCodeBox project
@@ -461,6 +493,14 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
 
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }}
+          readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md
+
   scanner-nikto:
     # This Scanner has to be build seperately because the official image is only on GitHub but not on DockerHub
     name: "Build | Scanner | Nikto"
@@ -535,6 +575,14 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
 
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.DOCKER_NAMESPACE }}/scanner-nikto
+          readme-filepath: ./scb/scanners/nikto/docs/README.DockerHub-Scanner.md
+
   # ---- Integration Tests ----
 
   Integration-tests:

diff --git a/.github/workflows/helm-charts.yaml → .github/workflows/helm-charts-release.yaml b/.github/workflows/helm-charts.yaml → .github/workflows/helm-charts-release.yaml
@@ -33,7 +33,15 @@ jobs:
             echo "Processing Helm Chart in $dir"
             helm package --version $RELEASE_VERSION .
             NAME=$(yq eval '.name' - < Chart.yaml)
-            curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
+            if [ -d "docs" ]; then
+              echo "Docs Folder found at: ${dir}/docs"
+              # Use prepared ArtifactHub specific README instead of the general existing one
+              cp docs/README.ArtifactHub.md README.md
+            else
+              echo "Ignoring Docs process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+            fi
+
+            curl --silent --show-error --http1.1 --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
             sleep 5s
           )
           done
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
@@ -23,7 +23,6 @@ jobs:
           passphrase: ${{ secrets.GPG_COMMITS_PASSPHRASE }}
           git-user-signingkey: true
           git-commit-gpgsign: true
-          commit_options: '--signoff'
 
       - name: Download Helm Docs
         run: |
@@ -32,15 +31,101 @@ jobs:
 
           curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz
           tar -xvf helm-docs.tar.gz
-          # Verify install
+          # Verify installation
           ./helm-docs --version
 
       - name: Generate Helm Docs
         run: |
-          ./helm-docs/helm-docs
+          # Generate README.md based on Chart.yaml and template
+          ./helm-docs/helm-docs --template-files=./.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./.helm-docs/README.md.gotmpl
+
+      - name: Generate Demo-Apps Docs
+        run: |
+          # Start in the hooks folder
+          cd demo-targets
+          # https://github.com/koalaman/shellcheck/wiki/SC2044
+          find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+          (
+            dir="$(dirname "${chart}")"
+            echo "Processing Helm Chart in $dir"
+            cd "${dir}" || exit
+            if [ -d "docs" ]; then
+              echo "Docs Folder found at: ${dir}/docs"
+              ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Target.md.gotmpl --output-file=docs/README.DockerHub-Target.md
+              ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+            else
+              echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+            fi
+          )
+          done
+
+      - name: Generate Docker Hooks Docs
+        run: |
+          # Start in the hooks folder
+          cd hooks
+          # https://github.com/koalaman/shellcheck/wiki/SC2044
+          find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+          (
+            dir="$(dirname "${chart}")"
+            echo "Processing Helm Chart in $dir"
+            cd "${dir}" || exit
+            if [ -d "docs" ]; then
+              echo "Docs Folder found at: ${dir}/docs"
+              ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Hook.md.gotmpl --output-file=docs/README.DockerHub-Hook.md
+              ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+            else
+              echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+            fi
+          )
+          done
+
+      - name: Generate Docker Scanner Docs
+        run: |
+          # Start in the scanners folder
+          cd scanners
+          # https://github.com/koalaman/shellcheck/wiki/SC2044
+          find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+          (
+            dir="$(dirname "${chart}")"
+            echo "Processing Helm Chart in $dir"
+            cd "${dir}" || exit
+            if [ -d "docs" ]; then
+              echo "Docs Folder found at: ${dir}/docs"
+              if [ -d "parser" ]; then
+                echo "Parser found at: ${dir}/parser"
+                ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Parser.md.gotmpl --output-file=docs/README.DockerHub-Parser.md
+              fi
+              if [ -d "scanner" ]; then
+                echo "Scanner found at: ${dir}/parser"
+                ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Scanner.md.gotmpl --output-file=docs/README.DockerHub-Scanner.md
+              fi
+              ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+            else
+              echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+            fi
+          )
+          done
+
+      - name: Generate Core Docs
+        run: |
+          # Start in the operator folder
+          cd operator
+          if [ -d "docs" ]; then
+            echo "Docs Folder found at: operator/docs"
+            ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.DockerHub-Core.md.gotmpl --output-file=docs/README.DockerHub-Core.md
+            ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+          else
+            echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: operator/docs"
+          fi
+
+      - name: Remove Helm Docs Files
+        run: |
           # Remove helm-docs download to ensure they don't get commited back
           rm -rf helm-docs
       - uses: stefanzweifel/git-auto-commit-action@v4.11.0
         with:
           commit_message: Updating Helm Docs
           commit_user_email: securecodebox@iteratec.com
+          # Optional. Used by `git-commit`.
+          # See https://git-scm.com/docs/git-commit#_options
+          commit_options: '--signoff'
diff --git a/.helm-docs/README.ArtifactHub.md.gotmpl b/.helm-docs/README.ArtifactHub.md.gotmpl
@@ -0,0 +1,31 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.chartDeploymentSection" . }}
+
+{{ template "extra.scannerConfigurationSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "extra.chartConfigurationSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "extra.contributionSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.licenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
diff --git a/.helm-docs/README.DockerHub-Core.md.gotmpl b/.helm-docs/README.DockerHub-Core.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+
+```bash
+docker pull securecodebox/{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
diff --git a/.helm-docs/README.DockerHub-Hook.md.gotmpl b/.helm-docs/README.DockerHub-Hook.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+
+```bash
+docker pull securecodebox/hook-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
diff --git a/.helm-docs/README.DockerHub-Parser.md.gotmpl b/.helm-docs/README.DockerHub-Parser.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+
+```bash
+docker pull securecodebox/parser-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
diff --git a/.helm-docs/README.DockerHub-Scanner.md.gotmpl b/.helm-docs/README.DockerHub-Scanner.md.gotmpl
@@ -0,0 +1,30 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+
+```bash
+docker pull securecodebox/scanner-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.scannerConfigurationSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}