add metrics and config #19
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v* | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| actions: read | |
| security-events: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login into Docker Hub | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Login into GitHub Container Registry | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| scrayosug/xenos | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # https://github.com/docker/scout-action/issues/16 | |
| - name: Workaround Docker Scout Bug | |
| id: meta-workaround | |
| run: echo "tag=$(echo ${{ steps.meta.outputs.tags }} | head -1)" >> $GITHUB_OUTPUT | |
| - name: Scan vulnerabilities with Docker Scout | |
| id: docker-scout | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves | |
| image: ${{ steps.meta-workaround.outputs.tag }} | |
| sarif-file: sarif.output.json | |
| exit-code: true | |
| summary: true | |
| - name: Upload SARIF result | |
| id: upload-sarif | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: sarif.output.json |