name: release on: schedule: - cron: 0 0 * * 5 push: branches: - main jobs: release-default: runs-on: ubuntu-latest container: image: gitea/runner-images:ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v3 with: buildkitd-flags: --debug - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - name: Build Docker image id: build-image uses: docker/build-push-action@v6 with: context: gitolite-cgit file: gitolite-cgit/Dockerfile platforms: | linux/amd64 linux/arm/v6 linux/arm/v7 linux/arm64 linux/386 linux/ppc64le push: false no-cache: true tags: | rusian/gitolite-cgit:latest - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.27.0 with: image-ref: rusian/gitolite-cgit:latest format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os' severity: 'CRITICAL,HIGH' env: TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 TRIVY_SKIP_DB_UPDATE: false TRIVY_SKIP_JAVA_DB_UPDATE: false - name: Push Docker image uses: docker/build-push-action@v6 with: context: gitolite-cgit file: gitolite-cgit/Dockerfile platforms: | linux/amd64 linux/arm/v6 linux/arm/v7 linux/arm64 linux/386 linux/ppc64le push: true no-cache: false tags: | rusian/gitolite-cgit:latest