name: CI/CD on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" schedule: - cron: "0 5 * * 0" workflow_dispatch: env: USER: loganmarchione REPO: docker-webdav-nginx jobs: ci: name: Build and test runs-on: ubuntu-latest steps: - name: Check out the codebase uses: actions/checkout@v3 - name: Set variables run: | VER=$(cat VERSION) echo "VERSION=$VER" >> $GITHUB_ENV - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build Docker Image uses: docker/build-push-action@v4 with: push: false context: . file: Dockerfile load: true tags: | ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} ${{ env.USER }}/${{ env.REPO }}:latest - name: Test image run: | docker images docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION} docker ps -a - name: Container scan with Dockle uses: goodwithtech/dockle-action@0.1.0 with: image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' format: 'list' exit-code: '1' exit-level: 'warn' ignore: 'CIS-DI-0001' - name: Container scan with Trivy uses: aquasecurity/trivy-action@0.9.1 with: scan-type: 'image' image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' trivy-config: ./github/trivy.yaml cd: name: Deploy needs: ci runs-on: ubuntu-latest steps: - name: Check out the codebase uses: actions/checkout@v3 - name: Set variables run: | VER=$(cat VERSION) echo "VERSION=$VER" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASS }} logout: true - name: Build Docker Image uses: docker/build-push-action@v4 with: push: true context: . file: Dockerfile platforms: linux/amd64,linux/arm64,linux/arm/v7 tags: | ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} ${{ env.USER }}/${{ env.REPO }}:latest