Fix: CI: edge should be based on the stable image

nichtsfrei · nichtsfrei · commit 956ceda44023 · 2026-03-16T13:49:16.000Z
Fixes the bug that the definition of prod-testing ended up in edge
instead of testing-edge.
diff --git a/.docker/prod-oldstable.Dockerfile b/.docker/prod-oldstable.Dockerfile
@@ -92,4 +92,4 @@ RUN setcap cap_net_raw,cap_net_admin+eip /usr/local/sbin/openvas
 # allow nmap to send e.g. UDP or TCP SYN probes without root permissions
 ENV NMAP_PRIVILEGED=1
 RUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
-CMD /usr/local/bin/openvasd
+CMD ["/usr/local/bin/openvasd"]
diff --git a/.docker/prod-testing.Dockerfile b/.docker/prod-testing.Dockerfile
@@ -71,3 +71,4 @@ RUN setcap cap_net_raw,cap_net_admin+eip /usr/local/sbin/openvas
 # allow nmap to send e.g. UDP or TCP SYN probes without root permissions
 ENV NMAP_PRIVILEGED=1
 RUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
+CMD ["/usr/local/bin/openvasd"]
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
@@ -94,4 +94,4 @@ RUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
 RUN chmod 755 /usr/local/bin/scannerctl
 RUN chmod 755 /usr/local/bin/openvasd
 RUN mkdir -p /var/lib/openvasd/certs
-CMD /usr/local/bin/openvasd
+CMD ["/usr/local/bin/openvasd"]
diff --git a/.github/workflows/control.yml b/.github/workflows/control.yml
@@ -93,7 +93,7 @@ jobs:
     needs: [build-rs-amd64]
     uses: ./.github/workflows/functional.yaml
   container:
-    needs: [build, init, build-rs-arm64, build-rs-amd64]
+    needs: [build, init]
     uses: ./.github/workflows/push-container.yml
     secrets:
       dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }}
diff --git a/.github/workflows/push-container.yml b/.github/workflows/push-container.yml
@@ -56,6 +56,15 @@ jobs:
               dockerfile: .docker/prod.Dockerfile
               stable-name: stable
               edge-name: edge
+              tags: |
+                    type=raw,value=latest,enable=${{ inputs.is_latest_tag }}
+                    type=raw,value=stable,enable=${{ inputs.is_latest_tag }}
+                    type=semver,pattern={{version}},enable=${{ inputs.is_version_tag }}
+                    type=semver,pattern={{major}}.{{minor}},enable=${{ inputs.is_version_tag }}
+                    type=semver,pattern={{major}},enable=${{ inputs.is_version_tag }}
+                    type=raw,value=edge,enable=${{ github.ref_name == 'main' }}
+                    type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
+                    type=ref,event=pr
           - build:
               name: testing
               dockerfile: .docker/prod-testing.Dockerfile
@@ -69,8 +78,6 @@ jobs:
     name: Build and Push Container Images (${{ matrix.build.name }})
     uses: greenbone/workflows/.github/workflows/container-build-push-gea.yml@main
     with:
-      ref: ${{ inputs.ref-name }}
-      ref-name: ${{ inputs.ref-name }}
       name: ${{ matrix.build.name }}
       dockerfile: ${{ matrix.build.dockerfile }}
       stable-name: ${{ matrix.build.stable-name }}
@@ -83,20 +90,7 @@ jobs:
         org.opencontainers.image.base.name=debian:stable-slim
       build-args: ${{ matrix.build.build-args }}
       prefix: ${{ matrix.build.prefix }}
-      tags: |
-            # when IS_LATEST_TAG is set create a stable and a latest tag
-            type=raw,value=latest,enable=${{ inputs.is_latest_tag }}
-            type=raw,value=stable,enable=${{ inputs.is_latest_tag }}
-            # if tag version is set than create a version tags
-            type=semver,pattern={{version}},enable=${{ inputs.is_version_tag }}
-            type=semver,pattern={{major}}.{{minor}},enable=${{ inputs.is_version_tag }}
-            type=semver,pattern={{major}},enable=${{ inputs.is_version_tag }}
-            # if on main or a branch TODO calculate upfront
-            type=raw,value=edge,enable=${{ github.ref_name == 'main' }}
-            type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
-            # use pr-$PR_ID for pull requests (will not be uploaded)
-            type=ref,event=pr
-
+      tags: ${{ matrix.tags }}
     secrets: inherit
 
   notify:
