name: release on: schedule: - cron: '0 0 * * *' push: branches: - master jobs: release-default: runs-on: ubuntu-latest container: image: gitea/runner-images:ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - name: Check syntax docker uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: core/Dockerfile ignore: DL3013,DL3018 - name: Build Docker image id: build-image uses: docker/build-push-action@v6 with: context: core file: core/Dockerfile platforms: | linux/amd64 linux/386 push: false no-cache: true tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.18 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os' severity: 'CRITICAL,HIGH' - name: Run Docker container id: run_container run: | docker run --rm -d --name yt_local_${{ gitea.sha }} ${{ secrets.DOCKER_REGISTRY_USER }}/yt-local:latest - name: Test Docker container run: | sleep 15 docker exec yt_local_${{ gitea.sha }} curl -o /dev/null -s -w "%{http_code}\n" http://127.0.0.1:8080/youtube.com || exit 1 - name: Clean up if: always() run: docker stop yt_local_${{ gitea.sha }} - name: Push Docker image uses: docker/build-push-action@v6 with: context: core file: core/Dockerfile platforms: | linux/amd64 linux/386 push: true no-cache: false tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.18