feat: add base image registry support for container build

.github/workflows/container.yaml

@@ -6,6 +6,10 @@ on:
         required: true
         description: The container image name
         type: string
+      baseImageRegistry:
+        required: false
+        description: The registry to pull base images from
+        type: string
       contextPath:
         required: false
         description: The container context to build the image
@@ -26,6 +30,26 @@ on:
         description: The file path for the Container image
         default: Containerfile
         type: string
+      imageScanSeverity:
+        required: false
+        description: The base severity for the image scan
+        default: LOW
+        type: string
+      imageScanSeverityThreshold:
+        required: false
+        description: The severity threshold to fail the pipeline on findings
+        default: CRITICAL
+        type: string
+      imageScanTimeout:
+        required: false
+        description: Timeout for the trivy scan
+        default: 10m
+        type: string
+      imageScanAnnotations:
+        required: false
+        description: Boolean flag to scan annotations
+        default: true
+        type: boolean
       runner:
         required: false
         description: Runner type
@@ -42,6 +66,12 @@ on:
       AWS_ROLE_TO_ASSUME:
         required: true
         description: AWS OIDC role for GitHub to assume
+      baseImageRegistryUsername:
+        required: false
+        description: The username for the base image registry
+      baseImageRegistryPassword:
+        required: false
+        description: The password for the base image registry
 
 jobs:
   build-ecr-single:
@@ -52,6 +82,20 @@ jobs:
     steps:
       - name: Checkout current git repository
         uses: actions/checkout@v4
+      - name: Validate base image registry secrets
+        if: ${{ inputs.baseImageRegistry }}
+        run: |
+          if [ -z "${{ secrets.baseImageRegistryUsername }}" ] || [ -z "${{ secrets.baseImageRegistryPassword }}" ]; then
+            echo "baseImageRegistry is set but baseImageRegistryUsername or baseImageRegistryPassword secrets are missing."
+            exit 1
+          fi
+      - name: Login to base image registry
+        if: ${{ inputs.baseImageRegistry }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.baseImageRegistry }}
+          username: ${{ secrets.baseImageRegistryUsername }}
+          password: ${{ secrets.baseImageRegistryPassword }}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Configure AWS credentials
@@ -92,11 +136,11 @@ jobs:
         with:
           image: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.appName }}:latest
           dockerfile: Containerfile
-          severity: ${{ env.IMAGE_SCAN_SEVERITY }}
-          severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }}
-          annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }}
+          severity: ${{ inputs.imageScanSeverity }}
+          severity_threshold: ${{ inputs.imageScanSeverityThreshold }}
+          annotations: ${{ inputs.imageScanAnnotations }}
         env:
-          TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }}
+          TRIVY_TIMEOUT: ${{ inputs.imageScanTimeout }}
       - name: Push image to ECR
         run: |
           docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ inputs.appName }}