diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index d1ab196..4b0ef82 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -1,17 +1,14 @@ -name: Build startup image +name: Build php apache 8.4 image on: push: branches: [ master ] schedule: + # Run every Sunday at midnight - cron: '0 0 * * 0' env: - # Use docker.io for Docker Hub if empty - REGISTRY: cs-registry.ddnss.de - USER: chris - PASS: q',\H(Od:G3).Xv<#!5P - + IMAGE: /docker/php-apache-8-4 jobs: Build-and-release-image: @@ -28,22 +25,41 @@ jobs: - name: Log into registry uses: docker/login-action@v3 with: - registry: https://cs-git.ddnss.de - username: ${{ env.USER }} - password: ${{ env.PASS }} + registry: ${{ secrets.REGISTRY_URL }} + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_PASS }} - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: - images: cs-git.ddnss.de/docker/php-apache-8-4 + images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }} - name: Build and push Docker image uses: docker/build-push-action@v4 env: ACTIONS_RUNTIME_TOKEN: '' with: - tags: cs-git.ddnss.de/docker/php-apache-8-4 + tags: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest push: true -# cache-from: type=gha -# cache-to: type=gha,mode=max + + - name: Scan image + uses: anchore/scan-action@v6 + id: scan + with: + image: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest + fail-build: false + output-format: table + severity-cutoff: critical + registry-username: ${{ secrets.REGISTRY_USER }} + registry-password: ${{ secrets.REGISTRY_PASS }} + grype-version: 'v0.90.0' + + - name: Inspect file + run: cat ${{ steps.scan.outputs.table }} + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: scan-result + path: ${{ steps.scan.outputs.table }}