name: Build apc image on: push: branches: [ master ] schedule: # Run every Sunday at midnight - cron: '1 0 * * 0' env: IMAGE: /home/apc jobs: Build-and-release-image: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 with: buildkitd-flags: '--allow-insecure-entitlement network.host' driver-opts: network=host - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ vars.DOCKERHUB_USER }} password: ${{ vars.DOCKERHUB_TOKEN }} - name: Log into CS registry uses: docker/login-action@v3 with: registry: ${{ vars.CS_REGISTRY_URL }} username: ${{ vars.CS_REGISTRY_USER }} password: ${{ vars.CS_REGISTRY_PASS }} - name: Log into local registry uses: docker/login-action@v3 with: registry: ${{ vars.LOCAL_REGISTRY_URL }} username: ${{ vars.LOCAL_REGISTRY_USER }} password: ${{ vars.LOCAL_REGISTRY_PASS }} - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }} - name: Build and push Docker image uses: docker/build-push-action@v6 env: ACTIONS_RUNTIME_TOKEN: '' with: allow: network.host network: host tags: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest push: true - name: Scan image uses: anchore/scan-action@v6 id: scan with: image: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest fail-build: false output-format: table severity-cutoff: critical registry-username: ${{ vars.LOCAL_REGISTRY_USER }} registry-password: ${{ vars.LOCAL_REGISTRY_PASS }} grype-version: 'v0.90.0' - name: Inspect file run: cat ${{ steps.scan.outputs.table }} - name: Upload Artifact uses: actions/upload-artifact@v3 with: name: scan-result path: ${{ steps.scan.outputs.table }}