feat: publish eol-scan image (#282)

Author: rlmestre

.github/workflows/ci.yml

@@ -39,15 +39,10 @@ jobs:
     needs: shellcheck
     strategy:
       fail-fast: false
+      max-parallel: 3
       matrix:
-        node:
-          - 20
-          - 22
-          - 23
-        platform:
-          - ubuntu-latest
-          - macos-latest
-          - windows-latest
+        node: [20, 22, 24]
+        platform: [ubuntu-latest, macos-latest, windows-latest]
     name: "${{matrix.platform}} w/ Node.js ${{matrix.node}}.x"
     runs-on: ${{matrix.platform}}
     env:

.github/workflows/release.yml

@@ -43,3 +43,48 @@ jobs:
         run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }}
+
+  publish-images:
+    name: Publish Images
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Parse tag
+        run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
+
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          # Enable when we have Docker Hub set up
+          images: |
+            name=ghcr.io/herodevs/eol-scan
+            name=docker.io/herodevs/eol-scan,enable=false
+          tags: |
+            type=sha,format=long
+            type=raw,value=latest
+            type=raw,value=${{ env.VERSION }}
+
+      - uses: docker/login-action@v3
+        # Enable when we have Docker Hub set up
+        if: ${{ false }}
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v6
+        with:
+          context: . 
+          file: ./ci/image.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

README.md

@@ -237,3 +237,95 @@ EXAMPLES
 
 _See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.45/src/commands/update.ts)_
 <!-- commandsstop -->
+
+## CI/CD Usage
+
+You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.
+
+### Using the Docker Image (recommended)
+
+We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen), 
+it contains build tools for most project types and will provide best results when generating an SBOM.
+
+#### GitHub Actions
+
+```yaml
+# .github/workflows/herodevs-eol-scan.yml
+name: HeroDevs EOL Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run EOL Scan with Docker
+        uses: docker://ghcr.io/herodevs/eol-scan
+        with:
+          args: "--json"
+```
+
+#### GitLab CI/CD
+
+```yaml
+eol-scan: 
+  image: 
+    name: "ghcr.io/herodevs/eol-scan"
+    # Entrypoint or base command must be disabled due 
+    # to GitLab's execution mechanism and run manually
+    entrypoint: [""] 
+  script: "npx @herodevs/cli@beta --json"
+```
+
+### Using `npx`
+
+You can use `npx` to run the CLI just like you'd run it locally.
+
+> [!NOTE] 
+> The development environment is expected to be ready to run the app. For best results, 
+prefer [using the prebuilt image](#using-the-docker-image-recommended), but otherwise, prepare 
+all requirements before the scan step.
+
+#### GitHub Actions
+
+```yaml
+# .github/workflows/herodevs-eol-scan.yml
+name: HeroDevs EOL Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - run: echo # Prepare environment, install tooling, perform setup, etc.
+
+      - name: Run EOL Scan
+        run: npx @herodevs/cli@beta
+```
+
+#### GitLab CI/CD
+
+```yaml
+image: alpine
+
+eol-scan:
+  script:
+    - echo # Prepare environment, install tooling, perform setup, etc.
+    - npx @herodevs/cli@beta
+```

ci/image.Dockerfile

@@ -0,0 +1,6 @@
+FROM ghcr.io/cyclonedx/cdxgen:v11.4.3
+WORKDIR /app
+COPY . .
+RUN npm config set update-notifier false && npm config set loglevel error
+ENV NODE_NO_WARNINGS=1
+ENTRYPOINT ["npm", "exec", "-y", "@herodevs/cli@beta", "--", "scan:eol"]