docker-compose-updater/.forgejo/workflows/docker-publish.yml
Andras Schmelczer b414c05400
Some checks failed
Build and Publish Docker Image / test (push) Failing after 7s
Build and Publish Docker Image / build-and-push (push) Has been skipped
Build and Publish Docker Image / security-scan (push) Has been skipped
Clean up
2026-06-06 19:41:55 +01:00

78 lines
2.2 KiB
YAML

name: Build and Publish Docker Image
on:
push:
branches: [main]
tags: ["v*"]
pull_request:
branches: [main]
env:
REGISTRY: ${{ forgejo.server_url }}
IMAGE_NAME: ${{ forgejo.repository }}
jobs:
test:
runs-on: docker
container:
image: rust:1.88
steps:
- name: Checkout repository
uses: https://code.forgejo.org/actions/checkout@v4
- name: Install components
run: rustup component add rustfmt clippy
- name: Cache cargo registry
uses: https://code.forgejo.org/actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Run tests
run: cargo test --verbose
- name: Run clippy
run: cargo clippy -- -D warnings
- name: Check formatting
run: cargo fmt -- --check
build-and-push:
needs: test
runs-on: docker
steps:
- name: Checkout repository
uses: https://code.forgejo.org/actions/checkout@v4
- name: Build and publish image
uses: http://forgejo:3000/andras/ci-actions/docker-publish@main
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
token: ${{ secrets.FORGEJO_TOKEN }}
security-scan:
needs: build-and-push
runs-on: docker
if: github.event_name != 'pull_request'
steps:
- name: Resolve registry host
id: registry
run: |
host="$(echo '${{ github.server_url }}' | sed -E 's|https?://||; s|/$||')"
[ "$host" = "forgejo:3000" ] && host="127.0.0.1:13000"
echo "image=${host}/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
- name: Run Trivy vulnerability scanner
# Pinned to the commit behind trivy-action v0.36.0 for a reproducible,
# supply-chain-safe reference instead of the moving @master branch.
uses: https://github.com/aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25
with:
image-ref: ${{ steps.registry.outputs.image }}:latest
format: "table"
exit-code: "1"
severity: "CRITICAL,HIGH"