diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml new file mode 100644 index 0000000..4a780f2 --- /dev/null +++ b/.gitea/workflows/release.yml @@ -0,0 +1,56 @@ +name: Build Docker image +run-name: ${{ gitea.actor }} is running the CI pipeline +on: + push: + branches: + - main + schedule: + - cron: "0 22 * * 0" # sunday 22:00 + +jobs: + build: + runs-on: ubuntu-latest + needs: test + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get date for image label + id: date + run: echo "::set-output name=date::$(date +'%Y-%m-%d')" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + + - name: Login to Docker Registry + uses: docker/login-action@v3 + with: + registry: git.orebolt.cz + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_TOKEN }} + + - name: Build and push image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: "${{ vars.DOCKER_IMAGE }}:latest,${{ vars.DOCKER_IMAGE }}:${{ steps.date.outputs.date }}" + platforms: linux/amd64 + cache-to: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache" + cache-from: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache" + labels: | + org.opencontainers.image.created=${{ steps.date.outputs.date }} + org.opencontainers.image.authors=Roman KrĨek + org.opencontainers.image.source=${{ env.GITHUB_REPOSITORY }} + org.opencontainers.image.revision=${{ env.GITHUB_SHA }} + org.opencontainers.image.vendor=Orebolt.cz + org.opencontainers.image.ref.name=${{ env.GITHUB_REF }} + org.opencontainers.image.title=ESN Code Scanner App + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: '${{ vars.DOCKER_IMAGE }}:latest' + format: 'table'