87 lines
2.7 KiB
YAML
87 lines
2.7 KiB
YAML
---
|
|
# This workflow uses actions that are not certified by GitHub.
|
|
# They are provided by a third-party and are governed by
|
|
# separate terms of service, privacy policy, and support
|
|
# documentation.
|
|
|
|
# GitHub recommends pinning actions to a commit SHA.
|
|
# To get a newer version, you will need to update the SHA.
|
|
# You can also reference a tag or branch,
|
|
# but the action may change without warning.
|
|
|
|
name: Docker Build, Push
|
|
|
|
on:
|
|
release:
|
|
types: [published, edited]
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: ghcr.io
|
|
IMAGE_NAME: elliotmatson/pgadmin-config-creator
|
|
DOCKER_IMAGE: elliotmatson/pgadmin-config-creator
|
|
|
|
jobs:
|
|
build-and-push-image:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
-
|
|
name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
-
|
|
name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@40891eba8c2bcd1309b07ba8b11232f313e86779
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Log in to the Container registry
|
|
uses: docker/login-action@40891eba8c2bcd1309b07ba8b11232f313e86779
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract metadata (tags, labels) for Docker
|
|
id: meta
|
|
uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e
|
|
with:
|
|
images: |
|
|
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
${{ env.DOCKER_IMAGE }}
|
|
tags: |
|
|
type=ref,event=branch
|
|
type=ref,event=pr
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@a799b4decf46d51b39dd396f4df5a4343afd30c4
|
|
with:
|
|
context: ./pgadmin-config-creator
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: ${{ env.DOCKER_IMAGE }}
|
|
format: 'sarif'
|
|
output: 'trivy-results.sarif'
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v2
|
|
with:
|
|
sarif_file: 'trivy-results.sarif'
|