Build and Publish #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish | |
| on: | |
| workflow_dispatch: | |
| # run it on push to the default repository branch | |
| # push: | |
| # branches: [main] | |
| # # run it during pull request | |
| # pull_request: | |
| # schedule: | |
| # - cron: '14 3 * * 0' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set image name | |
| run: | | |
| echo "IMAGE_NAME=docker.io/wollomatic/container-hoster" >> $GITHUB_ENV | |
| echo "IMAGE_VERSION=0.1.1" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Compile and build the Docker image | |
| run: | | |
| docker buildx build . --load --platform=linux/amd64 --tag ${{ env.IMAGE_NAME }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: '${{ env.IMAGE_NAME }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH,MEDIUM' | |
| - name: Build all platforms and push to Docker hub | |
| run: | | |
| echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin docker.io | |
| docker buildx build . --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/riscv64,linux/s390x,linux/ppc64le --tag ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} --tag ${{ env.IMAGE_NAME }}:latest --push |