debian based dotnet images (#1529)

* Added debian dotnet images

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

.github/workflows/build-base-images.yml

@@ -145,6 +145,83 @@ jobs:
           tags: ${{ steps.meta-cdxgen-dotnet.outputs.tags }}
           labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }}
 
+  debian-dotnet6-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-debian-dotnet6
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/debian-dotnet6
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ci/base-images/debian/Dockerfile.dotnet6
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-debian-dotnet6.outputs.tags }}
+          labels: ${{ steps.meta-debian-dotnet6.outputs.labels }}
+
+  cdxgen-debian-dotnet6-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    needs: debian-dotnet6-image
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-cdxgen-debian-dotnet6
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/cdxgen-debian-dotnet6
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: github.ref == 'refs/heads/master'
+        with:
+          context: .
+          file: ci/base-images/cdxgen/debian/Dockerfile.dotnet6
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11
+          labels: ${{ steps.meta-cdxgen-debian-dotnet6.outputs.labels }}
+
   sle-dotnet7-image:
     if: github.repository == 'CycloneDX/cdxgen'
     runs-on: ubuntu-latest
@@ -321,6 +398,94 @@ jobs:
           tags: ${{ steps.meta-cdxgen-dotnet8.outputs.tags }}
           labels: ${{ steps.meta-cdxgen-dotnet8.outputs.labels }}
 
+  debian-dotnet8-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-debian-dotnet8
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/debian-dotnet8
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ci/base-images/debian/Dockerfile.dotnet8
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-debian-dotnet8.outputs.tags }}
+          labels: ${{ steps.meta-debian-dotnet8.outputs.labels }}
+
+  cdxgen-debian-dotnet8-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    needs: debian-dotnet8-image
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-cdxgen-debian-dotnet8
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/cdxgen-debian-dotnet8
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: github.ref == 'refs/heads/master'
+        with:
+          context: .
+          file: ci/base-images/cdxgen/debian/Dockerfile.dotnet8
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11
+          labels: ${{ steps.meta-cdxgen-debian-dotnet8.outputs.labels }}
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          context: .
+          file: ci/base-images/cdxgen/Dockerfile.dotnet8
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-cdxgen-dotnet8.outputs.tags }}
+          labels: ${{ steps.meta-cdxgen-dotnet8.outputs.labels }}
+
   sle-dotnet9-image:
     if: github.repository == 'CycloneDX/cdxgen'
     runs-on: ubuntu-latest
@@ -409,6 +574,83 @@ jobs:
           tags: ${{ steps.meta-cdxgen-dotnet9.outputs.tags }}
           labels: ${{ steps.meta-cdxgen-dotnet9.outputs.labels }}
 
+  debian-dotnet9-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-debian-dotnet9
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/debian-dotnet9
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ci/base-images/debian/Dockerfile.dotnet9
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-debian-dotnet9.outputs.tags }}
+          labels: ${{ steps.meta-debian-dotnet9.outputs.labels }}
+
+  cdxgen-debian-dotnet9-image:
+    if: github.repository == 'CycloneDX/cdxgen'
+    runs-on: ubuntu-latest
+    needs: debian-dotnet8-image
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta-cdxgen-debian-dotnet9
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/cyclonedx/cdxgen-debian-dotnet9
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        if: github.ref == 'refs/heads/master'
+        with:
+          context: .
+          file: ci/base-images/cdxgen/debian/Dockerfile.dotnet9
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11
+          labels: ${{ steps.meta-cdxgen-debian-dotnet9.outputs.labels }}
+
   sle-java-image:
     if: github.repository == 'CycloneDX/cdxgen'
     runs-on: ubuntu-latest

ci/base-images/README.md

@@ -54,6 +54,12 @@ Dotnet 3.1 or Dotnet 6.0
 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
 ```
 
+Dotnet 3.1 or Dotnet 6.0 (debian)
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
+```
+
 Dotnet 7.0
 
 ```shell
@@ -66,6 +72,14 @@ Dotnet 8.0
 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet8:v11 -r /app -o /app/bom.json -t dotnet
 ```
 
+Dotnet 8.0 (debian)
+
+Use the debian version of the image in case of any crashes with the SLE version used by the image above.
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11 -r /app -o /app/bom.json -t dotnet
+```
+
 Dotnet 9.0
 
 Dotnet 9 is also bundled with the official `ghcr.io/cyclonedx/cdxgen` image.
@@ -74,6 +88,12 @@ Dotnet 9 is also bundled with the official `ghcr.io/cyclonedx/cdxgen` image.
 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet9:v11 -r /app -o /app/bom.json -t dotnet
 ```
 
+Dotnet 9.0 (debian)
+
+```shell
+docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11 -r /app -o /app/bom.json -t dotnet
+```
+
 ### Python applications
 
 Use the custom image `ghcr.io/cyclonedx/cdxgen-python312:v11` or `ghcr.io/cyclonedx/cdxgen-python311:v11`. This includes additional build tools and libraries to build a range of Python applications. Construction of the dependency tree is supported with Python >= 3.9.

ci/base-images/cdxgen/Dockerfile.dotnet9

@@ -8,7 +8,7 @@ LABEL maintainer="CycloneDX" \
       org.opencontainers.image.vendor="AppThreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="cdxgen" \
-      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 8 apps" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 9 apps" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet9:v11 -r /app --server"
 
 ENV CDXGEN_IN_CONTAINER=true \

ci/base-images/cdxgen/debian/Dockerfile.dotnet6

@@ -0,0 +1,21 @@
+FROM ghcr.io/cyclonedx/debian-dotnet6:master
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 6 apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+
+RUN npm install -g @cyclonedx/cdxgen --omit=dev \
+    && pip install --upgrade --no-cache-dir blint --target /opt/pypi
+
+ENTRYPOINT ["cdxgen"]

ci/base-images/cdxgen/debian/Dockerfile.dotnet8

@@ -0,0 +1,21 @@
+FROM ghcr.io/cyclonedx/debian-dotnet8:master
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 8 apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+
+RUN npm install -g @cyclonedx/cdxgen --omit=dev \
+    && pip install --upgrade --no-cache-dir blint --target /opt/pypi
+
+ENTRYPOINT ["cdxgen"]

ci/base-images/cdxgen/debian/Dockerfile.dotnet9

@@ -0,0 +1,21 @@
+FROM ghcr.io/cyclonedx/debian-dotnet9:master
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for dotnet 9 apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:
+
+RUN npm install -g @cyclonedx/cdxgen --omit=dev \
+    && pip install --upgrade --no-cache-dir blint --target /opt/pypi
+
+ENTRYPOINT ["cdxgen"]