name: Build nginx fpm 8.4 image

on:
  push:
    branches: [ master ]
  schedule:
    # Run every Sunday at midnight
    - cron: '0 0 * * 0'

env:
  IMAGE: /docker/nginx-fpm-8-4

jobs:
  Build-and-release-image:

    runs-on: ubuntu-latest

    container:
      image: catthehacker/ubuntu:act-latest

    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log into registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY_URL }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASS }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        env:
          ACTIONS_RUNTIME_TOKEN: ''
        with:
          tags: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest
          push: true
          
      - name: Scan image
        uses: anchore/scan-action@v6
        id: scan
        with:
          image: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest
          fail-build: false
          output-format: table
          severity-cutoff: critical
          registry-username: ${{ secrets.REGISTRY_USER }}
          registry-password: ${{ secrets.REGISTRY_PASS }}
          grype-version: 'v0.90.0'
      
      - name: Inspect file
        run: cat ${{ steps.scan.outputs.table }}

      - name: Upload Artifact
        uses: actions/upload-artifact@v3
        with:
          name: scan-result
          path: ${{ steps.scan.outputs.table }}