Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
06d6e3a816
protonmail-bridge-nextcoud-.../.github/workflows/build.yaml

80 lines
2.1 KiB
YAML
Raw Blame History

name: build from source
on:
push:
branches: [master]
paths:
- .github/workflows/build.yaml
- build/*
- VERSION
pull_request:
paths:
- .github/workflows/build.yaml
- build/*
workflow_dispatch:
env:
GHCR_REPO: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set version
run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GHCR_REPO }}
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
type=raw,value=${{ env.version }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./build
file: ./build/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
version=${{ env.version }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Trivy vulnerability scan
if: github.event_name != 'pull_request'
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.GHCR_REPO }}:${{ env.version }}"
format: sarif
exit-code: 0
severity: CRITICAL,HIGH
output: trivy-results.sarif
- name: Upload Trivy scan SARIF report
if: github.event_name != 'pull_request'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif
Reference in New Issue View Git Blame Copy Permalink