wrap kusari-uploader to provide ingestion capability

Signed-off-by: Sunny Yip <[email protected]>

Dockerfile

@@ -1,9 +1,2 @@
-# FROM cgr.dev/chainguard/go AS builder
-# COPY . /app
-# RUN cd /app && go build -o guac-github-action .
-
-# FROM cgr.dev/chainguard/glibc-dynamic
-# COPY --from=builder /app/guac-github-action /usr/bin/
-# ENTRYPOINT ["/usr/bin/guac-github-action"]
-
-FROM ghcr.io/kusaridev/kusari-uploader:latest
+#v0.7.2
+FROM ghcr.io/kusaridev/kusari-uploader@sha256:52bcbf878fe8fd8827b7a61185c3f6b58ff37016608406a900ba4646d25cee6e

README.md

@@ -1,57 +1,58 @@
-# GUAC action
+# guac-ingest Action
 
-This Action ingests SBOMs and Attestations into
-[GUAC](https://github.com/guacsec/guac) as part of your github
-workflow. Authentication is provided by GitHub's OIDC provider and a specified
-auth token provider. This will enable quick and easy integration to your GUAC
-instance with very minimal input.
+This Action ingests SBOMs and Attestations into the [Kusari hosted GUAC platform](https://www.kusari.dev/) as part of your github workflow. This will enable quick and easy integration to your GUAC instance with very minimal input.
+
+Authentication credentials (client-id, client-secret) are provided by the Kusari team. 
 
 For details on how to query and utilize the data upon ingestion, please see documentataion for the [GUAC use cases](https://docs.guac.sh/guac-use-cases/). 
 
-This action will only work with an OAuth2 protected GUAC GraphQL API endpoint - e.g. [The Kusari hosted GUAC platform](https://www.kusari.dev/).  
 
 ## Usage
 
 See [action.yaml](action.yaml)
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
   - uses: [Your build and SBOM/Provenance generation steps]
 
   - uses: kusaridev/guac-ingest@v0
-    name: GUAC ingestion
+    name: GUAC Ingestion
     with:
       files: './spdx.json'
-      gql-addr: 'https://[tenant-id].api.kusari.cloud/query'
-      token-url: ${{ secrets.TOKENURL }}
-      client-id: ${{ secrets.CLIENTID }}
+      api-addr: 'https://[kusari-tenant-id].api.us.kusari.cloud'
+      client-id: ${{ secrets.KUSARI_CLIENT_ID }}
+      client-secret: ${{ secrets.KUSARI_CLIENT_SECRET }}
 ```
 
 ## Inputs
 
 ### `files`
 
-**Required** Path to directory or specific file to ingest
+**Required** - Path to directory or specific file to ingest
 
-### `gql-addr`
+### `client-id`
 
-**Required** GUAC GraphQL API Endpoint - example:  https://guac.instance/query
+**Required** - Client id for auth token provider
 
-### `token-url`
+### `client-secret`
+
+**Required** - Client secret for auth token provider
 
-**Required** URL of auth token provider - example:  https://token.provider/oauth2/token
+### `api-addr`
 
-### `gql-addr`
+**Required** - Kusari hosted GUAC tenant api endpoint
+
+### `token-url`
 
-**Required** Client ID for auth token provider - example:  abcd-efgh-1234...
+Url for auth token provider
 
 ## Outputs
 
 ### `console_out`
 
-Raw output of the guacone command
+Raw output of the kusari-uploader command
 
 # License
 

action.yaml

@@ -7,24 +7,24 @@ branding:
 author: 'Kusari'
 inputs:
   files:
-    description: 'path to directory or specific file to ingest'
+    description: 'Path to directory or specific file to ingest'
+    required: true
+  client-id:
+    description: 'Client id for auth token provider'
+    required: true
+  client-secret:
+    description: 'Client secret for auth token provider'
     required: true
   api-addr:
-    description: 'endpoint for graphql api for GUAC'
+    description: 'Kusari hosted GUAC tenant api endpoint'
     required: true
   token-url:
-    description: 'url for auth token provider'
+    description: 'Url for auth token provider'
     required: true
-  client-id:
-    description: 'client id for auth token provider'
-    required: true
-  client-secret:
-    description: 'client secret for auth token provider'
-    required: false
-    default: ''
+    default: https://auth.dev.kusari.cloud/oauth2/token
 outputs:
   console_out:
-    description: 'raw console output from guacone command'
+    description: 'GUAC ingestion output'
 runs:
   using: 'docker'
   image: 'Dockerfile'