diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/docker.yaml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..91be6e3 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,52 @@ +name: Publish Docker image +on: + release: + types: [published] + push: + branches: [ "main" ] +jobs: + push_to_registry: + name: Push Docker image to Docker Hub + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to Docker Hub + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: terminaldweller/hived + - name: Build and push Docker image + id: push + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + with: + context: . + file: ./Dockerfile + push: true + sbom: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + provenance: mode=max + # - name: Docker Scout + # id: docker-scout + # if: ${{ github.event_name == 'pull_request' }} + # uses: docker/scout-action@v1 + # with: + # command: cves + # image: ${{ github.event.repository.name }} + # ignore-unchanged: true + # only-severities: critical,high,medium,low + # write-comment: true + # github-token: ${{ secrets.GITHUB_TOKEN }} |