56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
name: Build Docker image
|
|
run-name: ${{ gitea.actor }} is running the CI pipeline
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
schedule:
|
|
- cron: "0 22 * * 0" # sunday 22:00
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Get date for image label
|
|
id: date
|
|
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver: docker-container
|
|
|
|
- name: Login to Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.orebolt.cz
|
|
username: ${{ secrets.REGISTRY_USERNAME }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Build and push image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: "${{ vars.DOCKER_IMAGE }}:latest,${{ vars.DOCKER_IMAGE }}:${{ steps.date.outputs.date }}"
|
|
platforms: linux/amd64
|
|
cache-to: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
|
|
cache-from: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
|
|
labels: |
|
|
org.opencontainers.image.created=${{ steps.date.outputs.date }}
|
|
org.opencontainers.image.authors=Roman Krček
|
|
org.opencontainers.image.source=${{ env.GITHUB_REPOSITORY }}
|
|
org.opencontainers.image.revision=${{ env.GITHUB_SHA }}
|
|
org.opencontainers.image.vendor=Orebolt.cz
|
|
org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
|
|
org.opencontainers.image.title=ESN Code Scanner App
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@0.24.0
|
|
with:
|
|
image-ref: '${{ vars.DOCKER_IMAGE }}:latest'
|
|
format: 'table'
|