protonmail-bridge-nextcoud-podman/.github/workflows/build.yaml

name: build from source

on:
  push:
    branches:
      - master
      - dev
    paths:
      - .github/workflows/build.yaml
      - build/*
  pull_request:
    paths:
      - .github/workflows/build.yaml
      - build/*

env:
  DOCKER_REPO: shenxn/protonmail-bridge
  DOCKER_REPO_DEV: shenxn/protonmail-bridge-dev

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Set version
        id: version
        run: echo "::set-output name=version::`cat build/VERSION`"
      - name: Set repo
        id: repo
        run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi
      - name: Docker meta
        id: docker_meta
        uses: crazy-max/ghaction-docker-meta@v1
        with:
          images: ${{ steps.repo.outputs.repo }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - uses: docker/build-push-action@v2
        with:
          context: ./build
          file: ./build/Dockerfile
          platforms: linux/amd64,linux/arm64/v8,linux/arm/v7
          load: true
          labels: protonmail-bridge:latest
      - name: Scan image
        uses: anchore/scan-action@v2
        with:
          image: protonmail-bridge:latest
          fail-build: true
          severity-cutoff: critical
      - name: Upload Anchore scan SARIF report
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}
      - name: Login to DockerHub
        uses: docker/login-action@v1
        if: ${{ github.event_name != 'pull_request' }}
        with:
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - uses: docker/build-push-action@v2
        with:
          context: ./build
          file: ./build/Dockerfile
          platforms: linux/amd64,linux/arm64/v8,linux/arm/v7
          tags: |
            ${{ steps.repo.outputs.repo }}:build
            ${{ steps.repo.outputs.repo }}:${{ steps.version.outputs.version }}-build            
          labels: ${{ steps.docker_meta.outputs.labels }}
          push: ${{ github.event_name != 'pull_request' }}