name: Build nginx fpm image

on:
  push:
    branches: [ master ]

env:
  # Use docker.io for Docker Hub if empty
  USER: chris
  PASS: q',\H(Od:G3).Xv<#!5P


jobs:
  Build-and-release-image:

    runs-on: ubuntu-latest

    container:
      image: catthehacker/ubuntu:act-latest

    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log into registry
        uses: docker/login-action@v3
        with:
          registry: https://cs-git.ddnss.de
          username: ${{ env.USER }}
          password: ${{ env.PASS }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: cs-git.ddnss.de/docker/nginx-fpm

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        env:
          ACTIONS_RUNTIME_TOKEN: ''
        with:
          tags: cs-git.ddnss.de/docker/nginx-fpm:latest
          push: true
          
      - name: Scan image
        uses: anchore/scan-action@v6
        id: scan
        with:
          image: "cs-git.ddnss.de/docker/nginx-fpm:latest"
          fail-build: false
          output-format: table
          severity-cutoff: critical
          registry-username: ${{ env.USER }}
          registry-password: ${{ env.PASS }}
          grype-version: 'v0.90.0'
      
      - name: Inspect file
        run: cat ${{ steps.scan.outputs.table }}

      - name: Write file
        run: echo ${{ steps.scan.outputs.table }} >> result.txt

      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: scan-result
          path: result.txt