Skip to content

Update docker-image.yml #30

Update docker-image.yml

Update docker-image.yml #30

Workflow file for this run

name: Build and Push Docker Image
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the code from the repository
- name: Checkout code
uses: actions/checkout@v3
# Step 2: Set up Docker Buildx for advanced building capabilities
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# Step 3: Cache Docker layers to improve build time
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Step 4: Build the Docker image
- name: Build Docker image
run: |
docker build -t ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }} .
# Step 5: Security scan with Trivy
- name: Scan Docker image for vulnerabilities with Trivy
uses: aquasecurity/trivy-action@master
with:
image: ${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:${{ github.sha }}
format: 'table' # This will show the results in a table format (can also use json or html)
exit-code: '1' # Fail the build if vulnerabilities are found (optional)
severity: 'CRITICAL,HIGH' # Only check for critical and high severity vulnerabilities
# Step 6: Push Docker image to Docker Hub
- name: Push Docker image to Docker Hub
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker push ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }}
# Step 7: Push Docker image to GitHub Container Registry
- name: Push Docker image to GitHub Container Registry
run: |
docker login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
docker tag ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/bitlbee:${{ github.sha }}
docker push ghcr.io/${{ github.repository_owner }}/bitlbee:${{ github.sha }}