name: release on: schedule: - cron: '0 0 * * *' push: branches: - master jobs: release-default: runs-on: ubuntu-latest container: image: gitea/runner-images:ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 # all history for all branches and tags - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - name: Check syntax docker uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile ignore: DL3013,DL3018 - name: Get Meta id: meta run: | LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null) COMMIT_HASH=$(git rev-parse --short HEAD) TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null) if [ -n "$TAG_AT_HEAD" ]; then FINAL_VERSION=${TAG_AT_HEAD#v} else if [ -z "$LATEST_TAG" ]; then FINAL_VERSION=$COMMIT_HASH else FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}" fi fi echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT - name: Build Docker image id: build-image uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: | linux/amd64 linux/386 push: false no-cache: true tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os' severity: 'CRITICAL,HIGH' - name: Push Docker image uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: | linux/amd64 linux/386 push: true no-cache: false tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}