name: release on: schedule: - cron: '0 0 * * *' push: branches: - master jobs: release-default: runs-on: ubuntu-latest container: image: gitea/runner-images:ubuntu-latest steps: - name: Collect Workflow Telemetry uses: catchpoint/workflow-telemetry-action@v2 - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - name: Check syntax docker uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: core/Dockerfile ignore: DL3013,DL3018 - name: Build Docker image id: build-image uses: docker/build-push-action@v6 with: context: core file: core/Dockerfile platforms: | linux/amd64 linux/arm/v7 linux/arm64 linux/386 push: false no-cache: true tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.19 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.27.0 with: image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os' severity: 'CRITICAL,HIGH' env: TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 TRIVY_SKIP_DB_UPDATE: false TRIVY_SKIP_JAVA_DB_UPDATE: false - name: Push Docker image uses: docker/build-push-action@v6 with: context: core file: core/Dockerfile platforms: | linux/amd64 linux/arm/v7 linux/arm64 linux/386 push: true no-cache: false tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.19