name: Publish Docker image on: release: types: [published] push: branches: [ "main" ] jobs: push_to_registry: name: Push Docker image to Docker Hub runs-on: ubuntu-latest permissions: packages: write contents: read attestations: write id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Docker Hub uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: images: terminaldweller/hived - name: Build and push Docker image id: push uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 with: context: ./hived/ file: ./hived/Dockerfile push: true sbom: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} provenance: mode=max # - name: Docker Scout # id: docker-scout # if: ${{ github.event_name == 'pull_request' }} # uses: docker/scout-action@v1 # with: # command: cves # image: ${{ github.event.repository.name }} # ignore-unchanged: true # only-severities: critical,high,medium,low # write-comment: true # github-token: ${{ secrets.GITHUB_TOKEN }}