name: Build and push bunkerized-nginx on: push: branches: [dev, master] jobs: test: runs-on: ubuntu-latest steps: - name: Checkout source code uses: actions/checkout@v2 # temp fix : can't use buildx + load because of manifest error # so we need to build the image the traditional way - name: Temp build to check security issues run: docker build -t bunkerized-nginx . - name: Run Trivy security scanner uses: aquasecurity/trivy-action@master with: image-ref: 'bunkerized-nginx' format: 'table' exit-code: '1' ignore-unfixed: true severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' - name: Run autotest run: docker run bunkerized-nginx test - name: Set variables run: | VER=$(cat VERSION | tr -d '\n') echo "VERSION=$VER" >> $GITHUB_ENV - name: Setup QEMU uses: docker/setup-qemu-action@v1 - name: Setup Buildx uses: docker/setup-buildx-action@v1 - name: Setup Docker cache uses: actions/cache@v2 if: github.ref == 'refs/heads/dev' with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - name: Login to Docker Hub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Build and push (dev) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/dev' with: context: . platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 push: true tags: bunkerity/bunkerized-nginx:dev cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Move Docker cache if: github.ref == 'refs/heads/dev' run: | rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache - name: Build and push (master) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/master' with: context: . platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 push: true tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }}