SfeduSchedule/.gitea/workflows/gitea-push-docker.yml

name: Create and publish a Docker image

on:
  push:
    branches: ['main', 'staging']

env:
  CONTEXT: src/SfeduSchedule

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    name: Publish image
    container: catthehacker/ubuntu:act-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: https://github.com/docker/metadata-action@v4
        with:
          images: ${{ vars.SERVER_DOMAIN }}/${{ gitea.repository }}
      - name: Build an image from Dockerfile
        run: |
          cd ${{ env.CONTEXT }} &&
          docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} .
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
      - name: Run dockle
        uses: goodwithtech/dockle-action@main
        with:
          image: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
          format: 'list'
          exit-code: '1'
          exit-level: 'warn'
          ignore: 'CIS-DI-0001,CIS-DI-0010,DKL-DI-0006'
      - name: Log in to the Container registry
        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
        with:
          registry: ${{ vars.SERVER_DOMAIN }}
          username: ${{ gitea.actor }}
          password: ${{ secrets.TOKEN }}
      - name: Push
        run: |
          docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'