MyShaarli/.github/workflows/docker-latest.yml

name: Build/push Docker image (master/latest)
on:
  push:
    branches: [ master, trivy ]
jobs:
  docker-build:
    runs-on: ubuntu-latest
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      # - name: Login to DockerHub
      #   uses: docker/login-action@v2
      #   with:
      #     username: ${{ secrets.DOCKERHUB_USERNAME }}
      #     password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Checkout
        uses: actions/checkout@v3

      - name: Set shaarli version to the latest commit hash
        run: sed -i "s/dev/$(git rev-parse --short HEAD)/" shaarli_version.php

      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          # tags: |
          #   ${{ secrets.DOCKER_IMAGE }}:trivy
          #   ghcr.io/${{ secrets.DOCKER_IMAGE }}:trivy
          tags: ghcr.io/${{ secrets.DOCKER_IMAGE }}:trivy
      - name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}
      - name: Run trivy image scanner
        run: make test_trivy TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/${{ secrets.DOCKER_IMAGE }}:trivy