home/power-consumption
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use secrets and security scan for workflow.

Browse Source
This commit is contained in:
Christian Steinle
2025-03-20 13:59:41 +01:00
parent 44b725a382
commit 64dc995b1d
1 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.gitea/workflows/release.yml
View File

@@ -1,15 +1,14 @@
name: Build power-consumption image
name: Build power-consumtion image
on:
push:
branches: [ master ]
schedule:
# Run every Sunday at midnight
- cron: '0 0 * * 0'
env:
# Use docker.io for Docker Hub if empty
REGISTRY: cs-registry.ddnss.de
USER: chris
PASS: q',\H(Od:G3).Xv<#!5P
IMAGE: /home/power-consumption
jobs:
Build-and-release-image:
@@ -26,20 +25,41 @@ jobs:
- name: Log into registry
uses: docker/login-action@v3
with:
registry: https://cs-git.ddnss.de
username: ${{ env.USER }}
password: ${{ env.PASS }}
registry: ${{ secrets.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASS }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: cs-git.ddnss.de/home/power-consumption
images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
env:
ACTIONS_RUNTIME_TOKEN: ''
with:
tags: cs-git.ddnss.de/home/power-consumption:latest
push: true
tags: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest
push: true
- name: Scan image
uses: anchore/scan-action@v6
id: scan
with:
image: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}:latest
fail-build: false
output-format: table
severity-cutoff: critical
registry-username: ${{ secrets.REGISTRY_USER }}
registry-password: ${{ secrets.REGISTRY_PASS }}
grype-version: 'v0.90.0'
- name: Inspect file
run: cat ${{ steps.scan.outputs.table }}
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: scan-result
path: ${{ steps.scan.outputs.table }}