@@ -50,11 +50,63 @@ jobs:
5050 - hadolint
5151 - ruby
5252 runs-on : ubuntu-latest
53+ permissions :
54+ contents : read
55+ packages : write
56+ env :
57+ IMAGE_NAME : gilcreator/html2rss-web
5358 steps :
54- - uses : actions/checkout@v4
55- - run : bin/docker-build
59+ - name : Checkout code
60+ uses : actions/checkout@v4
61+
62+ - name : Set up QEMU
63+ uses : docker/setup-qemu-action@v3
64+
65+ - name : Set up Docker Buildx
66+ uses : docker/setup-buildx-action@v3
67+
68+ # - name: Log in to DockerHub
69+ # uses: docker/login-action@v3
70+ # with:
71+ # username: ${{ secrets.DOCKERHUB_USERNAME }}
72+ # password: ${{ secrets.DOCKERHUB_TOKEN }}
73+
74+ # - name: Log in to GitHub Container Registry (GHCR)
75+ # uses: docker/login-action@v3
76+ # with:
77+ # registry: ghcr.io
78+ # username: ${{ github.actor }}
79+ # password: ${{ secrets.GITHUB_TOKEN }}
80+
81+ - name : Cache Docker layers
82+ uses : actions/cache@v4
83+ with :
84+ path : /tmp/.buildx-cache
85+ key : ${{ runner.os }}-buildx-${{ github.sha }}
86+ restore-keys : |
87+ ${{ runner.os }}-buildx-
88+
89+ name : Build and push Docker image
90+ uses : docker/build-push-action@v5
91+ with :
92+ context : .
93+ push : false
94+ # tags: |
95+ # gilcreator/html2rss-web:latest
96+ # ghcr.io/${{ github.repository_owner }}/html2rss-web:latest
97+ platforms : linux/amd64,linux/arm64
98+ cache-from : type=local,src=/tmp/.buildx-cache
99+ cache-to : type=local,dest=/tmp/.buildx-cache-new
100+
101+ - name : Scan Docker image for vulnerabilities
102+ uses : aquasecurity/trivy-action@v0.18.0
103+ with :
104+ image-ref : gilcreator/html2rss-web:latest
105+ format : table
106+ exit-code : 0
107+ ignore-unfixed : true
56108
57- - run : bin/docker-push
58- env :
59- DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
60- DOCKER_USERNAME : ${{ secrets.DOCKER_USERNAME }}
109+ - name : Move updated cache into place
110+ run : |
111+ rm -rf /tmp/.buildx-cache
112+ mv /tmp/.buildx-cache-new /tmp/.buildx-cache
0 commit comments