Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5a8e960374
protonmail-bridge-nextcoud-.../.github/workflows/scheduled-update.yaml
Anton 5a8e960374 Use latest Trivy action
2026-03-11 20:15:25 +00:00

80 lines
2.3 KiB
YAML
Raw Blame History

name: Check for new upstream release
on:
schedule:
- cron: '0 6 * * *'
permissions:
contents: read
packages: write
security-events: write
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
jobs:
check:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.check.outputs.version }}
needed: ${{ steps.check.outputs.needed }}
steps:
- name: Compare upstream to registry
id: check
run: |
version=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
echo "version=$version" >> $GITHUB_OUTPUT
token=$(curl -s "https://ghcr.io/token?scope=repository:${{ github.repository_owner }}/protonmail-bridge:pull" | jq -r '.token')
exists=$(curl -s -o /dev/null -w '%{http_code}' \
-H "Authorization: Bearer $token" \
"https://ghcr.io/v2/${{ github.repository_owner }}/protonmail-bridge/manifests/$version")
if [ "$exists" = "200" ]; then
echo "needed=false" >> $GITHUB_OUTPUT
echo "$version already exists in registry"
else
echo "needed=true" >> $GITHUB_OUTPUT
echo "New version $version — building"
fi
build:
needs: check
if: needs.check.outputs.needed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./build
push: true
tags: |
${{ env.IMAGE }}:latest
${{ env.IMAGE }}:${{ needs.check.outputs.version }}
build-args: |
version=${{ needs.check.outputs.version }}
- name: Trivy scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE }}:${{ needs.check.outputs.version }}
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif
Reference in New Issue View Git Blame Copy Permalink