From fe5b23b495ba445134cd0347726707dd51632118 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 12:21:21 -0400
Subject: [PATCH 01/17] add workflows for container builds

---
 .github/workflows/docker-build.yaml | 75 ++++++++++++++++++++++++
 .github/workflows/docker-push.yaml  | 91 +++++++++++++++++++++++++++++
 2 files changed, 166 insertions(+)
 create mode 100644 .github/workflows/docker-build.yaml
 create mode 100644 .github/workflows/docker-push.yaml

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
new file mode 100644
index 0000000..a491e32
--- /dev/null
+++ b/.github/workflows/docker-build.yaml
@@ -0,0 +1,75 @@
+on:
+  workflow_call:
+    inputs:
+      dockerfilePath:
+        description: "Path to Dockerfile."
+        required: true
+        type: string
+      buildArgs:
+        description: "Build args to be used to build the container image."
+        required: false
+        type: string
+      ociRegistry:
+        description: "Registry to push the image to."
+        required: false
+        type: string
+      imageTag:
+        description: "Desired tag for container image."
+        required: false
+        type: string
+    secrets:
+      oci_registry_user:
+        description: "Username to authn"
+        required: false
+      oci_registry_password:
+        description: "User password to authn"
+        required: false
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Build container image
+        run: |
+            cd ${{ inputs.dockerfilePath }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
+            # Push to ttl.sh for scanning
+            IMAGE_NAME=$(uuidgen)
+            docker tag ${{ inputs.ociRegistry}}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
+            docker push ttl.sh/${IMAGE_NAME}:1h
+            echo "${IMAGE_NAME} > ttl.sh.tag
+
+      # - name: Upload ttl.sh tag
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: ttl.sh.tag
+      #     path: ${{ inputs.dockerfilePath}}/
+      #     retention-days: 1
+
+
+  scan:
+    runs-on: ubuntu-latest
+    container:
+      image: aquasec/trivy:latest
+
+    steps:
+      # - name: Checkout repo
+      #   uses: actions/checkout@v2
+      #
+      # - name: Download plan
+      #   uses: actions/download-artifact@v3
+      #   with:
+      #     name: ttl.sh.tag
+      #     path: ${{ inputs.dockerfilePath}}/
+
+      - name: Scan image artifact
+        run: |
+            cd ${{ inputs.dockerfilePath }}
+            # IMAGE_NAME=$(cat ttl.sh.tag)
+            trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h
diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
new file mode 100644
index 0000000..0257df4
--- /dev/null
+++ b/.github/workflows/docker-push.yaml
@@ -0,0 +1,91 @@
+on:
+  workflow_call:
+    inputs:
+      dockerfilePath:
+        description: "Path to Dockerfile."
+        required: true
+        type: string
+      buildArgs:
+        description: "Build args to be used to build the container image."
+        required: false
+        type: string
+      ociRegistry:
+        description: "Registry to push the image to."
+        required: false
+        type: string
+      imageTag:
+        description: "Desired tag for container image."
+        required: false
+        type: string
+    secrets:
+      oci_registry_user:
+        description: "Username to authn"
+        required: false
+      oci_registry_password:
+        description: "User password to authn"
+        required: false
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Build container image
+        run: |
+            cd ${{ inputs.dockerfilePath }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
+            # Push to ttl.sh for scanning
+            IMAGE_NAME=$(uuidgen)
+            docker tag ${{ inputs.ociRegistry}}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
+            docker push ttl.sh/${IMAGE_NAME}:1h
+            echo "${IMAGE_NAME} > ttl.sh.tag
+
+      # - name: Upload ttl.sh tag
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: ttl.sh.tag
+      #     path: ${{ inputs.dockerfilePath}}/
+      #     retention-days: 1
+
+
+  scan:
+    runs-on: ubuntu-latest
+    container:
+      image: aquasec/trivy:latest
+
+    steps:
+      # - name: Checkout repo
+      #   uses: actions/checkout@v2
+      #
+      # - name: Download plan
+      #   uses: actions/download-artifact@v3
+      #   with:
+      #     name: ttl.sh.tag
+      #     path: ${{ inputs.dockerfilePath}}/
+
+      - name: Scan image artifact
+        run: |
+            cd ${{ inputs.dockerfilePath }}
+            # IMAGE_NAME=$(cat ttl.sh.tag)
+            trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h
+
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Build container image
+        run: |
+            cd ${{ inputs.dockerfilePath }}
+            docker login -p ${{ secrets.oci_registry_password }} -u ${{ secrets.oci_registry_user }} ${{ inputs.ociRegistry }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
+            docker push ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
+            docker push ${{ inputs.ociRegistry}}:latest

From 4b539a413b8728a310e752a3e582fcdbeca9d994 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 12:29:03 -0400
Subject: [PATCH 02/17] scan needs build job

---
 .github/workflows/docker-build.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index a491e32..cce70a7 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -57,6 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     container:
       image: aquasec/trivy:latest
+    needs: [build]
 
     steps:
       # - name: Checkout repo

From d271217eb573c27c15e935fdc24eb651e3c2cc45 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 13:13:28 -0400
Subject: [PATCH 03/17] temp for testing with ttl.sh

---
 .github/workflows/docker-build.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index cce70a7..aeb4221 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -37,8 +37,8 @@ jobs:
       - name: Build container image
         run: |
             cd ${{ inputs.dockerfilePath }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageTag }}:1h
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageTag }}:latest
             # Push to ttl.sh for scanning
             IMAGE_NAME=$(uuidgen)
             docker tag ${{ inputs.ociRegistry}}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h

From 0d2d01732b1c893e95c996b210867971eac7665d Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 13:18:35 -0400
Subject: [PATCH 04/17] right tagging

---
 .github/workflows/docker-build.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index aeb4221..d3b7b2b 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -13,6 +13,10 @@ on:
         description: "Registry to push the image to."
         required: false
         type: string
+      imageName:
+        description: "Desired name for container image."
+        required: false
+        type: string
       imageTag:
         description: "Desired tag for container image."
         required: false
@@ -37,11 +41,11 @@ jobs:
       - name: Build container image
         run: |
             cd ${{ inputs.dockerfilePath }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageTag }}:1h
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageTag }}:latest
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:${{ inputs.imageTag }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:latest
             # Push to ttl.sh for scanning
             IMAGE_NAME=$(uuidgen)
-            docker tag ${{ inputs.ociRegistry}}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
+            docker tag ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
             echo "${IMAGE_NAME} > ttl.sh.tag
 

From 9b1c67a9d8413a110554cf4b6f0aaab669b72ff5 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 13:24:24 -0400
Subject: [PATCH 05/17] build one for ttl.sh

---
 .github/workflows/docker-build.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index d3b7b2b..4a4843e 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -45,9 +45,8 @@ jobs:
             docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:latest
             # Push to ttl.sh for scanning
             IMAGE_NAME=$(uuidgen)
-            docker tag ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
+            docker build . ${{ inputs.buildArgs }} -t ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
-            echo "${IMAGE_NAME} > ttl.sh.tag
 
       # - name: Upload ttl.sh tag
       #   uses: actions/upload-artifact@v3

From ea300ebf13fc5c8be073c402363a571ba95dcc3e Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 13:29:07 -0400
Subject: [PATCH 06/17] no need to cd anywhere

---
 .github/workflows/docker-build.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 4a4843e..25d63cd 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -74,6 +74,4 @@ jobs:
 
       - name: Scan image artifact
         run: |
-            cd ${{ inputs.dockerfilePath }}
-            # IMAGE_NAME=$(cat ttl.sh.tag)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h

From cd11208b8ad7301ce28b1ebf70b75f34054fdfaa Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:21:32 -0400
Subject: [PATCH 07/17] save the random gen uui

---
 .github/workflows/docker-build.yaml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 25d63cd..1f2a4ef 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -48,12 +48,12 @@ jobs:
             docker build . ${{ inputs.buildArgs }} -t ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
 
-      # - name: Upload ttl.sh tag
-      #   uses: actions/upload-artifact@v3
-      #   with:
-      #     name: ttl.sh.tag
-      #     path: ${{ inputs.dockerfilePath}}/
-      #     retention-days: 1
+      - name: Upload ttl.sh tag
+        uses: actions/upload-artifact@v3
+        with:
+          name: ttl.sh.tag
+          path: "/tmp/"
+          retention-days: 1
 
 
   scan:
@@ -66,12 +66,13 @@ jobs:
       # - name: Checkout repo
       #   uses: actions/checkout@v2
       #
-      # - name: Download plan
-      #   uses: actions/download-artifact@v3
-      #   with:
-      #     name: ttl.sh.tag
-      #     path: ${{ inputs.dockerfilePath}}/
+      - name: Download plan
+        uses: actions/download-artifact@v3
+        with:
+          name: ttl.sh.tag
+          path: "/tmp/"
 
       - name: Scan image artifact
         run: |
+            IMAGE_NAME=$(cat /tmp/ttl.sh.tag)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h

From 0f130144827e2520f9dd3f07eda0d555d6507956 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:28:02 -0400
Subject: [PATCH 08/17] change file name

---
 .github/workflows/docker-build.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 1f2a4ef..d91e623 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -45,14 +45,15 @@ jobs:
             docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:latest
             # Push to ttl.sh for scanning
             IMAGE_NAME=$(uuidgen)
+            echo $IMAGE_NAME > random_uuid
             docker build . ${{ inputs.buildArgs }} -t ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
 
       - name: Upload ttl.sh tag
         uses: actions/upload-artifact@v3
         with:
-          name: ttl.sh.tag
-          path: "/tmp/"
+          name: random_uuid
+          path: random_uuid
           retention-days: 1
 
 
@@ -69,10 +70,10 @@ jobs:
       - name: Download plan
         uses: actions/download-artifact@v3
         with:
-          name: ttl.sh.tag
-          path: "/tmp/"
+          name: random_uuid
+          path: random_uuid
 
       - name: Scan image artifact
         run: |
-            IMAGE_NAME=$(cat /tmp/ttl.sh.tag)
+            IMAGE_NAME=$(cat random_uuid)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h

From a58a754593d950510fc5c02245b3067244d88d72 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:32:32 -0400
Subject: [PATCH 09/17] right path where file is created

---
 .github/workflows/docker-build.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index d91e623..9510791 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -49,11 +49,11 @@ jobs:
             docker build . ${{ inputs.buildArgs }} -t ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
 
-      - name: Upload ttl.sh tag
+      - name: Upload temp tag
         uses: actions/upload-artifact@v3
         with:
           name: random_uuid
-          path: random_uuid
+          path: ${{ inputs.dockerfilePath }}/random_uuid
           retention-days: 1
 
 
@@ -67,7 +67,7 @@ jobs:
       # - name: Checkout repo
       #   uses: actions/checkout@v2
       #
-      - name: Download plan
+      - name: Download tag artifact
         uses: actions/download-artifact@v3
         with:
           name: random_uuid

From 9777a5eb4dc41b68e2ec851e249aa5de2da80d8c Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:42:01 -0400
Subject: [PATCH 10/17] save it to pwd

---
 .github/workflows/docker-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 9510791..5f2eb36 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -71,7 +71,7 @@ jobs:
         uses: actions/download-artifact@v3
         with:
           name: random_uuid
-          path: random_uuid
+          path: ./random_uuid
 
       - name: Scan image artifact
         run: |

From c456f80776282ed2c492ff372877e4a8f2e54574 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:53:21 -0400
Subject: [PATCH 11/17] debug

---
 .github/workflows/docker-build.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 5f2eb36..607a6b6 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -75,5 +75,6 @@ jobs:
 
       - name: Scan image artifact
         run: |
+            ls -lah
             IMAGE_NAME=$(cat random_uuid)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h

From 7f8adfc1fa129f4ac4f49191192e19a26057fda1 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 14:58:57 -0400
Subject: [PATCH 12/17] save to pwd not new dir

---
 .github/workflows/docker-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 607a6b6..14dd9a5 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -71,7 +71,7 @@ jobs:
         uses: actions/download-artifact@v3
         with:
           name: random_uuid
-          path: ./random_uuid
+          path: ./
 
       - name: Scan image artifact
         run: |

From 2bad52839802dbe58c80f50be7a890b378448cbf Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 15:04:16 -0400
Subject: [PATCH 13/17] working now

---
 .github/workflows/docker-build.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 14dd9a5..6a79fad 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -75,6 +75,5 @@ jobs:
 
       - name: Scan image artifact
         run: |
-            ls -lah
             IMAGE_NAME=$(cat random_uuid)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h

From b08ad72b3e9ae54a0821a71718604129c8cd1043 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 15:12:59 -0400
Subject: [PATCH 14/17] push for prod use

---
 .github/workflows/docker-push.yaml | 46 ++++++++++++++----------------
 1 file changed, 21 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 0257df4..583ffc9 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -37,45 +37,41 @@ jobs:
       - name: Build container image
         run: |
             cd ${{ inputs.dockerfilePath }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
             # Push to ttl.sh for scanning
             IMAGE_NAME=$(uuidgen)
-            docker tag ${{ inputs.ociRegistry}}:${{ inputs.imageTag }} ttl.sh/${IMAGE_NAME}:1h
+            echo $IMAGE_NAME > random_uuid
+            docker build . ${{ inputs.buildArgs }} -t ttl.sh/${IMAGE_NAME}:1h
             docker push ttl.sh/${IMAGE_NAME}:1h
-            echo "${IMAGE_NAME} > ttl.sh.tag
-
-      # - name: Upload ttl.sh tag
-      #   uses: actions/upload-artifact@v3
-      #   with:
-      #     name: ttl.sh.tag
-      #     path: ${{ inputs.dockerfilePath}}/
-      #     retention-days: 1
 
+      - name: Upload temp tag
+        uses: actions/upload-artifact@v3
+        with:
+          name: random_uuid
+          path: ${{ inputs.dockerfilePath }}/random_uuid
+          retention-days: 1
 
   scan:
     runs-on: ubuntu-latest
     container:
       image: aquasec/trivy:latest
+    needs: [build]
 
     steps:
-      # - name: Checkout repo
-      #   uses: actions/checkout@v2
-      #
-      # - name: Download plan
-      #   uses: actions/download-artifact@v3
-      #   with:
-      #     name: ttl.sh.tag
-      #     path: ${{ inputs.dockerfilePath}}/
+
+      - name: Download tag artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: random_uuid
+          path: ./
 
       - name: Scan image artifact
         run: |
-            cd ${{ inputs.dockerfilePath }}
-            # IMAGE_NAME=$(cat ttl.sh.tag)
+            IMAGE_NAME=$(cat random_uuid)
             trivy image --ignore-unfixed -s CRITICAL -s HIGH ttl.sh/${IMAGE_NAME}:1h
 
   push:
     runs-on: ubuntu-latest
+    needs: [scan]
 
     steps:
       - name: Checkout repo
@@ -85,7 +81,7 @@ jobs:
         run: |
             cd ${{ inputs.dockerfilePath }}
             docker login -p ${{ secrets.oci_registry_password }} -u ${{ secrets.oci_registry_user }} ${{ inputs.ociRegistry }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
-            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}:latest
-            docker push ${{ inputs.ociRegistry}}:${{ inputs.imageTag }}
-            docker push ${{ inputs.ociRegistry}}:latest
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:${{ inputs.imageTag }}
+            docker build . ${{ inputs.buildArgs }} -t ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:latest
+            docker push ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:${{ inputs.imageTag }}
+            docker push ${{ inputs.ociRegistry}}/${{ inputs.imageName }}:latest

From e0fa689f54697de0ba48f83f3173248ce6b4f362 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 15:13:23 -0400
Subject: [PATCH 15/17] empty line

---
 .github/workflows/docker-build.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 6a79fad..69d6e06 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -56,7 +56,6 @@ jobs:
           path: ${{ inputs.dockerfilePath }}/random_uuid
           retention-days: 1
 
-
   scan:
     runs-on: ubuntu-latest
     container:
@@ -64,9 +63,7 @@ jobs:
     needs: [build]
 
     steps:
-      # - name: Checkout repo
-      #   uses: actions/checkout@v2
-      #
+
       - name: Download tag artifact
         uses: actions/download-artifact@v3
         with:

From cc9275f264acd3aeed32110c9b31d70e58862a80 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 15:26:06 -0400
Subject: [PATCH 16/17] also a secret

---
 .github/workflows/docker-push.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 583ffc9..7ed383c 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -9,15 +9,14 @@ on:
         description: "Build args to be used to build the container image."
         required: false
         type: string
-      ociRegistry:
-        description: "Registry to push the image to."
-        required: false
-        type: string
       imageTag:
         description: "Desired tag for container image."
         required: false
         type: string
     secrets:
+      ociRegistry:
+        description: "Registry to push the image to."
+        required: false
       oci_registry_user:
         description: "Username to authn"
         required: false

From 7d99c455f3092e1c2dce3b9c0421f3acacc62fa8 Mon Sep 17 00:00:00 2001
From: Oscar Rodriguez <oscar@macbook-pro.lan>
Date: Fri, 17 Jun 2022 15:31:08 -0400
Subject: [PATCH 17/17] needed

---
 .github/workflows/docker-push.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 7ed383c..a05e6c7 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -9,6 +9,10 @@ on:
         description: "Build args to be used to build the container image."
         required: false
         type: string
+      imageName:
+        description: "Desired name for container image."
+        required: false
+        type: string
       imageTag:
         description: "Desired tag for container image."
         required: false