mirror of
https://github.com/tmdinosaurcenter/kiosk-guestbook.git
synced 2026-06-04 04:29:25 -06:00
52 lines
1.8 KiB
YAML
52 lines
1.8 KiB
YAML
name: Docker Image CI
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
pull_request:
|
|
branches: [ "main" ]
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v4
|
|
- name: Log in to DockerHub
|
|
if: github.event_name == 'push'
|
|
uses: docker/login-action@v4
|
|
with:
|
|
username: ${{ vars.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: Build the Docker image
|
|
id: build-image
|
|
run: |
|
|
IMAGE_TAG=my-image-name:${{ github.sha }}
|
|
docker build . --file Dockerfile --tag $IMAGE_TAG
|
|
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
|
|
# Uncomment below to push the image to Docker Hub (or another registry)
|
|
- name: Scan image for vulnerabilities
|
|
uses: aquasecurity/trivy-action@0.35.0
|
|
with:
|
|
image-ref: ${{ env.IMAGE_TAG }}
|
|
format: table
|
|
exit-code: '1'
|
|
severity: CRITICAL,HIGH
|
|
- name: Push the Docker image
|
|
if: github.event_name == 'push'
|
|
run: |
|
|
docker tag $IMAGE_TAG snachodog/kiosk-guestbook:latest
|
|
docker push snachodog/kiosk-guestbook:latest
|
|
- name: Notify via ntfy
|
|
if: github.event_name == 'push'
|
|
env:
|
|
NTFY_URL: ${{ secrets.NTFY_URL }}
|
|
NTFY_TOKEN: ${{ secrets.NTFY_TOKEN }}
|
|
run: |
|
|
curl -s -o /dev/null \
|
|
-H "Title: kiosk-guestbook image pushed to Docker Hub" \
|
|
-H "Tags: white_check_mark" \
|
|
-H "Authorization: Bearer $NTFY_TOKEN" \
|
|
-d "The kiosk-guestbook container has been pushed to Docker Hub and is ready to pull. Commit: ${{ github.sha }} — ${{ github.event.head_commit.message }}" \
|
|
"$NTFY_URL"
|