@@ -13,24 +13,27 @@ jobs:
1313 name : Build Production Images
1414 runs-on : ubuntu-latest
1515 if : startsWith(github.ref, 'refs/tags/')
16+ permissions :
17+ contents : read
18+ packages : write
1619
1720 steps :
1821 - name : Checkout code
1922 uses : actions/checkout@v4
2023
24+ - name : Login to Docker Hub
25+ uses : docker/login-action@v3
26+ with :
27+ username : ${{ secrets.DOCKER_HUB_USERNAME }}
28+ password : ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
29+
2130 - name : Setup Docker Buildx
2231 uses : docker/setup-buildx-action@v3
2332 with :
2433 driver : cloud
2534 endpoint : " wgtechlabs/unthread-bot-builder"
2635 install : true
2736
28- - name : Login to Docker Hub
29- uses : docker/login-action@v3
30- with :
31- username : ${{ secrets.DOCKER_HUB_USERNAME }}
32- password : ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
33-
3437 - name : Login to GitHub Container Registry
3538 uses : docker/login-action@v3
3639 with :
@@ -90,20 +93,20 @@ jobs:
9093 org.opencontainers.image.revision=${{ github.sha }}
9194 org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
9295 org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
93- org.opencontainers.image.licenses=GPL-3.0
94- cache-from : type=gha
96+ org.opencontainers.image.licenses=GPL-3.0 cache-from: type=gha
9597cache-to : type=gha,mode=max
9698
9799 - name : Run Trivy vulnerability scanner
98100 uses : aquasecurity/trivy-action@0.28.0
101+ continue-on-error : true
99102 with :
100103 image-ref : ${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.version }}
101104 format : ' sarif'
102105 output : ' trivy-results.sarif'
103106
104107 - name : Upload Trivy scan results to GitHub Security tab
105108 uses : github/codeql-action/upload-sarif@v3
106- if : always()
109+ if : always() && hashFiles('trivy-results.sarif') != ''
107110 with :
108111 sarif_file : ' trivy-results.sarif'
109112
0 commit comments