ci.yml

name: CI

on:
  push:
    branches:
      - main

permissions:
  id-token: write
  contents: write
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1

    - name: Login to GitHub Container registry
      uses: docker/login-action@v1
      env:
        GITHUB_USER: ${{ github.actor }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ env.GITHUB_TOKEN }}

    - name: Build & Push Docker Image
      run: |
        DOCKER_BUILDKIT=1 docker build -t ghcr.io/jenkins-x/jx-cdevents-adapter:0.0.1 -f ./Dockerfile.app .

    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: 'ghcr.io/jenkins-x/jx-cdevents-adapter:0.0.1'
        format: 'table'
        exit-code: '0'
        ignore-unfixed: true
        vuln-type: 'os,library'
        severity: 'CRITICAL'

    - name: Docker Push
      run: |-
        docker push ghcr.io/jenkins-x/jx-cdevents-adapter:0.0.1

    - name: Set up Docker metadata
      id: metadata
      uses: docker/metadata-action@v3
      with:
        images: ghcr.io/jenkins-x/jx-cdevents-adapter
        tags: |
          type=ref,event=branch
          type=ref,event=pr
          type=semver,pattern={{version}}
          type=semver,pattern={{major}}.{{minor}}
          type=semver,pattern={{major}}