.gitea/workflows/release.yml aktualisiert

2025-04-01 14:16:30 +02:00
parent 4099c2fa7c
commit bd6508b8af
1 changed files with 44 additions and 11 deletions
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -1,14 +1,14 @@
-name: Build editors image
+name: Build old-editors image

 on:
  push:
    branches: [ master ]
+  schedule:
+    # Run every Sunday at midnight
+    - cron: '0 0 * * 0'

 env:
-  # Use docker.io for Docker Hub if empty
-  USER: chris
-  PASS: q',\H(Od:G3).Xv<#!5P
-
+  IMAGE: /ri-st/old-editors

 jobs:
  Build-and-release-image:
@@ -22,24 +22,57 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

-      - name: Log into registry
+      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
-          registry: https://cs-git.ddnss.de
-          username: ${{ env.USER }}
-          password: ${{ env.PASS }}
+          username: ${{ vars.DOCKERHUB_USER }}
+          password: ${{ vars.DOCKERHUB_TOKEN }}
+
+      - name: Log into CS registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.CS_REGISTRY_URL }}
+          username: ${{ vars.CS_REGISTRY_USER }}
+          password: ${{ vars.CS_REGISTRY_PASS }}
+
+      - name: Log into local registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.LOCAL_REGISTRY_URL }}
+          username: ${{ vars.LOCAL_REGISTRY_USER }}
+          password: ${{ vars.LOCAL_REGISTRY_PASS }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
-          images: cs-git.ddnss.de/ri-st/old-editors
+          images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        env:
          ACTIONS_RUNTIME_TOKEN: ''
        with:
-          tags: cs-git.ddnss.de/ri-st/old-editors:latest
+          tags: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest
          push: true
+          
+      - name: Scan image
+        uses: anchore/scan-action@v6
+        id: scan
+        with:
+          image: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest
+          fail-build: false
+          output-format: table
+          severity-cutoff: critical
+          registry-username: ${{ vars.LOCAL_REGISTRY_USER }}
+          registry-password: ${{ vars.LOCAL_REGISTRY_PASS }}
+          grype-version: 'v0.90.0'
+      
+      - name: Inspect file
+        run: cat ${{ steps.scan.outputs.table }}

+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: scan-result
+          path: ${{ steps.scan.outputs.table }}