This repository has been archived by the owner on Oct 18, 2024. It is now read-only.

Merge pull request #40 from djdefi/dependabot/github_actions/aquasecu… #99

	name: Docker Image CI + build + push

	on:
	push:
	branches: [ main ]

	jobs:

	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@master
	# https://github.com/docker/setup-qemu-action
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	# https://github.com/docker/setup-buildx-action
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Available platforms
	run: echo ${{ steps.buildx.outputs.platforms }}
	- name: Run Build 64bit
	run: \|
	docker buildx build \
	--platform linux/arm64 \
	--output "type=docker,push=false" \
	--file ./Dockerfile.arm64v8 . \
	-t djdefi/rpi-jenkins-arm64
	- name: List images
	run: docker images list
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d
	with:
	image-ref: 'djdefi/rpi-jenkins:latest'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'
	- name: Docker registry login
	uses: azure/docker-login@v2
	with:
	username: ${{ secrets.REGISTRY_USERNAME }}
	password: ${{ secrets.REGISTRY_PASSWORD }}
	- run: \|
	docker push djdefi/rpi-jenkins-arm64:latest

Provide feedback