greenbone
diff --git a/‎.docker/prod-oldstable.Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎.docker/prod-oldstable.Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.docker/prod-testing.Dockerfile‎
Lines changed: 5 additions & 30 deletions b/‎.docker/prod-testing.Dockerfile‎
Lines changed: 5 additions & 30 deletions
diff --git a/‎.docker/prod.Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎.docker/prod.Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/control.yml‎
Lines changed: 0 additions & 20 deletions b/‎.github/workflows/control.yml‎
Lines changed: 0 additions & 20 deletions
diff --git a/‎.github/workflows/push-container-oldstable.yml‎
Lines changed: 0 additions & 46 deletions b/‎.github/workflows/push-container-oldstable.yml‎
Lines changed: 0 additions & 46 deletions
diff --git a/‎.github/workflows/push-container-testing.yml‎
Lines changed: 0 additions & 47 deletions b/‎.github/workflows/push-container-testing.yml‎
Lines changed: 0 additions & 47 deletions
diff --git a/‎.github/workflows/push-container.yml‎
Lines changed: 63 additions & 93 deletions b/‎.github/workflows/push-container.yml‎
Lines changed: 63 additions & 93 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/openvasd/values.yaml‎
Lines changed: 2 additions & 2 deletions b/‎charts/openvasd/values.yaml‎
Lines changed: 2 additions & 2 deletions
@@ -1,6 +1,6 @@
 ARG VERSION=oldstable
 # this allows to override gvm-libs for e.g. smoketests
-ARG GVM_LIBS=registry.community.greenbone.net/community/gvm-libs
+ARG GVM_LIBS=ghcr.io/greenbone/gvm-libs
 
 FROM rust:bookworm AS rust
 COPY . /source
 
@@ -6,37 +6,11 @@ ARG GVM_LIBS_VERSION=testing-edge
 FROM greenbone/openvas-smb:testing-edge AS openvas-smb
 FROM rust AS rust
 
-FROM registry.community.greenbone.net/community/gvm-libs:${GVM_LIBS_VERSION} AS build
+FROM ghcr.io/greenbone/gvm-libs:${GVM_LIBS_VERSION} AS build
 COPY . /source
+RUN sh /source/.github/install-openvas-dependencies.sh
 RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
-    bison \
-    build-essential \
-    clang \
-    clang-format \
-    clang-tools \
-    cmake \
-    curl \
-    git \
-    lcov \
-    libgnutls28-dev \
-    libgpgme-dev \
-    libjson-glib-dev \
-    libksba-dev \
-    libpaho-mqtt-dev \
-    libpcap-dev \
-    libgcrypt-dev \
-    libssh-dev \
-    libbsd-dev \
-    libgnutls30t64 \
-    libgssapi3-heimdal \
-    libkrb5-26-heimdal \
-    libasn1-8-heimdal \
-    libroken19-heimdal \
-    libhdb9-heimdal \
-    libpopt0 \
-    libcurl4 \
-    libcurl4-gnutls-dev \
-    libhiredis-dev \
+    capnproto \
     && rm -rf /var/lib/apt/lists/*
 
 COPY --from=openvas-smb /usr/local/lib/ /usr/local/lib/
@@ -49,11 +23,12 @@ ENV RUSTUP_HOME=/usr/local/rustup \
     CARGO_HOME=/usr/local/cargo \
     PATH=/usr/local/cargo/bin:$PATH
 RUN apt update && apt install -y ca-certificates
+WORKDIR /source/rust
 RUN cargo build --release
 RUN cp target/release/openvasd /install/usr/local/bin
 RUN cp target/release/scannerctl /install/usr/local/bin
 
-FROM registry.community.greenbone.net/community/gvm-libs:${GVM_LIBS_VERSION}
+FROM ghcr.io/greenbone/gvm-libs:${GVM_LIBS_VERSION}
 RUN apt-get update
 RUN apt-get install --no-install-recommends --no-install-suggests -y \
   bison \
 
@@ -1,6 +1,6 @@
 ARG VERSION=edge
 # this allows to override gvm-libs for e.g. smoketests
-ARG GVM_LIBS=registry.community.greenbone.net/community/gvm-libs
+ARG GVM_LIBS=ghcr.io/greenbone/gvm-libs
 
 FROM rust AS rust
 COPY . /source
 
@@ -112,26 +112,6 @@ jobs:
     with:
       is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}}
       is_version_tag: ${{needs.init.outputs.docker_build_is_version }}
-  container-testing:
-    name: container
-    needs: [init, build ]
-    uses: ./.github/workflows/push-container-testing.yml
-    secrets:
-      dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }}
-      dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}}
-    with:
-      is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}}
-      is_version_tag: ${{needs.init.outputs.docker_build_is_version}}
-  container-oldstable:
-    name: container
-    needs: [init, build ]
-    uses: ./.github/workflows/push-container-oldstable.yml
-    secrets:
-      dockerhub_user: ${{ secrets.DOCKERHUB_USERNAME }}
-      dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}}
-    with:
-      is_latest_tag: ${{needs.init.outputs.docker_build_is_latest}}
-      is_version_tag: ${{needs.init.outputs.docker_build_is_version}}
   release:
     permissions:
       contents: write
 
@@ -45,32 +45,45 @@ permissions:
   pull-requests: write
 
 jobs:
-
-  debian_stable_arm64:
-    name: ghcr:debian:stable:arm64
-    runs-on: self-hosted-generic-arm64
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-      - uses: ./.github/actions/copy-docker-binaries
-        with:
-          arch: arm64 
-      - name: Container build and push 3rd gen
-        id: build-and-push
-        uses: greenbone/actions/container-build-push-generic@v3
-        with:
-          image-platforms: linux/arm64
-          build-docker-file: .docker/prod.Dockerfile
-          build-args: |
-            REPOSITORY=${{ github.repository }}
-          cosign-key: ${{ secrets.cosign_key_opensight }}
-          cosign-key-password: ${{ secrets.cosign_password_opensight }}
-          # The tlog function does not currently support an ed25519 key.
-          cosign-tlog-upload: "false"
-          image-labels: |
-            org.opencontainers.image.vendor=Greenbone
-            org.opencontainers.image.base.name=greenbone/gvm-libs
-          image-tags: |
+  build:
+    if: ${{ github.repository == 'greenbone/openvas-scanner' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - build:
+              name: stable
+              dockerfile: .docker/prod.Dockerfile
+              stable-name: stable
+              edge-name: edge
+          - build:
+              name: testing
+              dockerfile: .docker/prod-testing.Dockerfile
+              stable-name: testing
+              edge-name: testing-edge
+          - build:
+              name: oldstable
+              dockerfile: .docker/prod-oldstable.Dockerfile
+              stable-name: oldstable
+              edge-name: oldstable-edge
+    name: Build and Push Container Images (${{ matrix.build.name }})
+    uses: greenbone/workflows/.github/workflows/container-build-push-gea.yml@main
+    with:
+      ref: ${{ inputs.ref-name }}
+      ref-name: ${{ inputs.ref-name }}
+      name: ${{ matrix.build.name }}
+      dockerfile: ${{ matrix.build.dockerfile }}
+      stable-name: ${{ matrix.build.stable-name }}
+      edge-name: ${{ matrix.build.edge-name }}
+      enable-latest: ${{ matrix.build.name == 'stable' }}
+      enable-pr: ${{ matrix.build.name == 'stable' }}
+      enable-version: ${{ matrix.build.name == 'stable' }}
+      labels: |
+        org.opencontainers.image.vendor=Greenbone
+        org.opencontainers.image.base.name=debian:stable-slim
+      build-args: ${{ matrix.build.build-args }}
+      prefix: ${{ matrix.build.prefix }}
+      tags: |
             # when IS_LATEST_TAG is set create a stable and a latest tag
             type=raw,value=latest,enable=${{ inputs.is_latest_tag }}
             type=raw,value=stable,enable=${{ inputs.is_latest_tag }}
@@ -83,73 +96,30 @@ jobs:
             type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
             # use pr-$PR_ID for pull requests (will not be uploaded)
             type=ref,event=pr
-          registry: ${{ vars.IMAGE_REGISTRY }}
-          registry-username: ${{ github.actor }}
-          registry-password: ${{ secrets.GITHUB_TOKEN }}
-  
-  debian_stable:
-    name: ghcr:debian:stable
-    runs-on: ubuntu-latest
+
+    secrets: inherit
+
+  notify:
+    needs:
+      - build
+    if: ${{ !cancelled() && github.event_name != 'pull_request' && github.repository == 'greenbone/openvas-scanner' }}
+    uses: greenbone/workflows/.github/workflows/notify-mattermost-2nd-gen.yml@main
+    with:
+      status: ${{ contains(needs.*.result, 'failure') && 'failure' || 'success' }}
+    secrets: inherit
+
+  trigger-replication:
+    needs:
+      - build
+    if: ${{ !cancelled() && github.event_name != 'pull_request' && github.repository == 'greenbone/openvas-scanner' }}
+    runs-on: self-hosted-generic
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-      - uses: ./.github/actions/copy-docker-binaries
-        with:
-          arch: amd64 
-      - name: Container build and push 3rd gen
-        id: build-and-push
-        uses: greenbone/actions/container-build-push-generic@v3
+      - name: Ensure all tags are replicated on the public registry
+        uses: greenbone/actions/trigger-harbor-replication@v3
+        if: ${{ github.event_name != 'pull_request' }}
         with:
-          build-docker-file: .docker/prod.Dockerfile
-          build-args: |
-            REPOSITORY=${{ github.repository }}
-          cosign-key: ${{ secrets.cosign_key_opensight }}
-          cosign-key-password: ${{ secrets.cosign_password_opensight }}
-          # The tlog function does not currently support an ed25519 key.
-          cosign-tlog-upload: "false"
-          image-labels: |
-            org.opencontainers.image.vendor=Greenbone
-            org.opencontainers.image.base.name=greenbone/gvm-libs
-          image-tags: |
-            # when IS_LATEST_TAG is set create a stable and a latest tag
-            type=raw,value=latest,enable=${{ inputs.is_latest_tag }}
-            type=raw,value=stable,enable=${{ inputs.is_latest_tag }}
-            # if tag version is set than create a version tags
-            type=semver,pattern={{version}},enable=${{ inputs.is_version_tag }}
-            type=semver,pattern={{major}}.{{minor}},enable=${{ inputs.is_version_tag }}
-            type=semver,pattern={{major}},enable=${{ inputs.is_version_tag }}
-            # if on main or a branch TODO calculate upfront
-            type=raw,value=edge,enable=${{ github.ref_name == 'main' }}
-            type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
-            # use pr-$PR_ID for pull requests (will not be uploaded)
-            type=ref,event=pr
-          registry: ${{ vars.IMAGE_REGISTRY }}
-          registry-username: ${{ github.actor }}
-          registry-password: ${{ secrets.GITHUB_TOKEN }}
-          scout-user: ${{ secrets.dockerhub_user }}
-          scout-password: ${{ secrets.dockerhub_token }}
+          registry: ${{ vars.GREENBONE_REGISTRY }}
+          token: ${{ secrets.GREENBONE_REGISTRY_REPLICATION_TOKEN }}
+          user: ${{ secrets.GREENBONE_REGISTRY_REPLICATION_USER }}
+
 
-  #not able to speed that up via prebuild binaries
-  greenbone_reg_debian_stable:
-    name: greenbone-reg:debian:stable
-    uses: greenbone/workflows/.github/workflows/container-build-push-2nd-gen.yml@main
-    with:
-      image-url: community/openvas-scanner
-      image-labels: |
-        org.opencontainers.image.vendor=Greenbone
-        org.opencontainers.image.base.name=greenbone/gvm-libs
-      service: openvas-scanner
-    secrets:
-      COSIGN_KEY_OPENSIGHT: ${{ secrets.cosign_key_opensight }}
-      COSIGN_KEY_PASSWORD_OPENSIGHT: ${{ secrets.cosign_password_opensight }}
-      DOCKERHUB_USERNAME: ${{ secrets.dockerhub_user }}
-      DOCKERHUB_TOKEN: ${{ secrets.dockerhub_token }}
-      GREENBONE_BOT_TOKEN: ${{ secrets.greenbone_bot_token }}
-      GREENBONE_REGISTRY: ${{ secrets.greenbone_registry }}
-      GREENBONE_REGISTRY_USER: ${{ secrets.greenbone_registry_user }}
-      GREENBONE_REGISTRY_TOKEN: ${{ secrets.greenbone_registry_token }}
-      GREENBONE_REGISTRY_READ_USER: ${{ secrets.greenbone_registry_read_user }}
-      GREENBONE_REGISTRY_READ_TOKEN: ${{ secrets.greenbone_registry_read_token }}
-      GREENBONE_REGISTRY_REPLICATION_USER: ${{ secrets.greenbone_registry_replication_user }}
-      GREENBONE_REGISTRY_REPLICATION_TOKEN: ${{ secrets.greenbone_registry_replication_token }}
-      MATTERMOST_WEBHOOK_URL: ${{ secrets.mattermost_webhook_url }}
@@ -44,7 +44,7 @@ everything needed for scanning. Currently it uses the openvas-scanner as scan en
 
 ## Docker, [Greenbone Community Containers](https://greenbone.github.io/docs/latest/22.4/container/)
 
-If you want to use the docker files provided in this repository you can pull them from the [Greenbone registry](registry.community.greenbone.net/community/openvas-scanner:stable). You can also locally build them using:
+If you want to use the docker files provided in this repository you can pull them from the [Greenbone registry](ghcr.io/greenbone/openvas-scanner:stable). You can also locally build them using:
 ```
 docker build -t <image-name> -f .docker/prod.Dockerfile .
 ```
 
@@ -4,13 +4,13 @@
 
 # Is currently reqired by openvasd to control openvas
 ospd:
-  repository: registry.community.greenbone.net/community/ospd-openvas
+  repository: ghcr.io/greenbone/ospd-openvas
   pullPolicy: Always
   tag: "edge"
 
 # Contains openvasd
 openvas:
-  repository: registry.community.greenbone.net/community/openvas-scanner
+  repository: ghcr.io/greenbone/openvas-scanner
   pullPolicy: Always
   tag: "edge"