Skip to content
.github/workflows/release.yaml

2.0.1 #296

Sign in to view logs

2.0.1

2.0.1 #296

Workflow file for this run

.github/workflows/release.yaml at 2a9d22f
on:
workflow_dispatch:
inputs:
logLevel:
description: "Log level"
required: true
default: "warning"
type: choice
options:
- info
- warning
- debug
tags:
description: "Tags"
required: false
type: boolean
release:
types: [created]
env:
DOCKER_IMAGE: lakhansamani/authorizer
BUILDKIT_INLINE_CACHE: 1
jobs:
build:
name: Build and push Docker image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
env:
SOURCE_URL: https://github.com/${{ github.repository }}
run: |
VERSION=$(basename ${GITHUB_REF})
TAG_ARGS=(-t "${DOCKER_IMAGE}:${VERSION}")
if [[ "$VERSION" != *"rc"* && "$VERSION" != *"beta"* ]]; then
TAG_ARGS+=(-t "${DOCKER_IMAGE}:latest")
fi
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--provenance=true \
--sbom=true \
--build-arg VERSION="${VERSION}" \
--build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
--build-arg VCS_REF="${GITHUB_SHA}" \
--build-arg SOURCE_URL="${SOURCE_URL}" \
--cache-from type=registry,ref=${DOCKER_IMAGE}:buildcache \
--cache-to type=registry,ref=${DOCKER_IMAGE}:buildcache,mode=max \
"${TAG_ARGS[@]}" \
.
trivy-scan:
name: Vulnerability scan (Trivy)
runs-on: ubuntu-latest
needs: build
permissions:
contents: read
security-events: write
steps:
- name: Run Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.DOCKER_IMAGE }}:${{ github.ref_name }}
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: "trivy-results.sarif"