name: release on: schedule: - cron: 0 0 * * 5 push: branches: - main jobs: release-default: runs-on: ubuntu-latest container: image: gitea/runner-images:ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v3 with: buildkitd-flags: --debug - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - name: Build Docker image id: build-image uses: docker/build-push-action@v6 with: context: gitolite-cgit file: gitolite-cgit/Dockerfile platforms: | linux/amd64 linux/arm/v6 linux/arm/v7 linux/arm64 linux/386 linux/ppc64le push: false no-cache: true tags: | rusian/gitolite-cgit:latest - name: Run Trivy scan uses: astounds/trivy-action@v1 with: image: 'rusian/gitolite-cgit:latest' severity: 'CRITICAL,HIGH' pkg-types: 'os' format: 'table' exit-code: '1' # - name: Install Trivy # run: | # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin # trivy --version # - name: Run Trivy vulnerability scanner # run: | # trivy image rusian/gitolite-cgit:latest \ # --format table \ # --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db" \ # --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1" \ # --exit-code 1 \ # --ignore-unfixed \ # --pkg-types os \ # --severity CRITICAL,HIGH - name: Push Docker image uses: docker/build-push-action@v6 with: context: gitolite-cgit file: gitolite-cgit/Dockerfile platforms: | linux/amd64 linux/arm/v6 linux/arm/v7 linux/arm64 linux/386 linux/ppc64le push: true no-cache: false tags: | rusian/gitolite-cgit:latest