Switch to our standard copy/paste image pipeline

TheLab-ms · May 22, 2024 · 03b9901 · 03b9901
1 parent 9728318
commit 03b9901
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 44 deletions.
diff --git a/.github/workflows/.docker-image.yml.swp b/.github/workflows/.docker-image.yml.swp
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -1,10 +1,5 @@
 name: Docker Image CI
 
-env:
-  GHCR: ghcr.io
-  DOCKER: docker.io
-  IMAGENAME: samba
-
 on:
   push:
     branches: [ "master" ]
@@ -17,50 +12,33 @@ jobs:
     needs:
       - vulerability-scan
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Log in to the Github container registry
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login
         uses: docker/login-action@v3
         with:
-          registry: ${{ env.GHCR }}
+          registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
+
+      - uses: actions/checkout@v3
+        name: Check out code
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          registry: ${{ env.DOCKER }}
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Get current date
-        id: date
-        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
-      - name: Build and push
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=sha
+
+      - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
-          context: .
-          platforms: linux/amd64,linux/arm64
           push: true
-          tags: | 
-            ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
-            ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
-            ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
-            ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
-  image-vulnerability-scan:
-    runs-on: ubuntu-latest
-    needs:
-      - build-and-push
-    steps:
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+