Christian Steinle
c7e32fc63b
All checks were successful
Build svj-website image / Build-and-release-image (push) Successful in 3m39s
79 lines
2.1 KiB
YAML
79 lines
2.1 KiB
YAML
name: Build svj-website image
|
|
|
|
on:
|
|
push:
|
|
branches: [ master ]
|
|
schedule:
|
|
# Run every Sunday at midnight
|
|
- cron: '0 0 * * 0'
|
|
|
|
env:
|
|
IMAGE: /svj/website
|
|
|
|
jobs:
|
|
Build-and-release-image:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
container:
|
|
image: catthehacker/ubuntu:act-latest
|
|
|
|
steps:
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USER }}
|
|
password: ${{ vars.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Log into CS registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ vars.CS_REGISTRY_URL }}
|
|
username: ${{ vars.CS_REGISTRY_USER }}
|
|
password: ${{ vars.CS_REGISTRY_PASS }}
|
|
|
|
- name: Log into local registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ vars.LOCAL_REGISTRY_URL }}
|
|
username: ${{ vars.LOCAL_REGISTRY_USER }}
|
|
password: ${{ vars.LOCAL_REGISTRY_PASS }}
|
|
|
|
- name: Extract Docker metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ secrets.REGISTRY_URL }}${{ env.IMAGE }}
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v4
|
|
env:
|
|
ACTIONS_RUNTIME_TOKEN: ''
|
|
with:
|
|
tags: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest
|
|
push: true
|
|
|
|
- name: Scan image
|
|
uses: anchore/scan-action@v6
|
|
id: scan
|
|
with:
|
|
image: ${{ vars.LOCAL_REGISTRY_URL }}${{ env.IMAGE }}:latest
|
|
fail-build: false
|
|
output-format: table
|
|
severity-cutoff: critical
|
|
registry-username: ${{ vars.LOCAL_REGISTRY_USER }}
|
|
registry-password: ${{ vars.LOCAL_REGISTRY_PASS }}
|
|
grype-version: 'v0.90.0'
|
|
|
|
- name: Inspect file
|
|
run: cat ${{ steps.scan.outputs.table }}
|
|
|
|
- name: Upload Artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: scan-result
|
|
path: ${{ steps.scan.outputs.table }}
|