ci-build #87

Workflow file for this run

.github/workflows/docker-build-and-push.yml at 9ea5aeb

	name: ci-build

	on:
	schedule:
	- cron: '0 7 * * 6'
	push:
	branches:
	- 'master'

	jobs:
	base-debian:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	push: true
	context: debian/bookworm
	tags: jammsen/base:debian-bookworm

	scan-base-debian:
	runs-on: ubuntu-latest
	needs: [ base-debian ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Run Snyk to check Docker image for vulnerabilities
	uses: snyk/actions/docker@master
	continue-on-error: true
	with:
	image: jammsen/base:debian-bookworm
	args: --file=debian/bookworm/Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Snyk report as sarif
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif

	- name: Run Snyk Monitor
	uses: snyk/actions/docker@master
	with:
	image: jammsen/base:debian-bookworm
	command: monitor
	args: --file=debian/bookworm/Dockerfile
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	base-debian-wine:
	runs-on: ubuntu-latest
	needs: [ base-debian, scan-base-debian ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	push: true
	context: debian/bookworm/wine/
	tags: jammsen/base:wine-stable-debian-bookworm

	scan-base-debian-wine:
	runs-on: ubuntu-latest
	needs: [ base-debian-wine ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Run Snyk to check Docker image for vulnerabilities
	uses: snyk/actions/docker@master
	continue-on-error: true
	with:
	image: jammsen/base:wine-stable-debian-bookworm
	args: --file=debian/bookworm/wine/Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Snyk report as sarif
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif

	- name: Run Snyk Monitor
	uses: snyk/actions/docker@master
	with:
	image: jammsen/base:wine-stable-debian-bookworm
	command: monitor
	args: --file=debian/bookworm/wine/Dockerfile
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci-build #87

Workflow file

ci-build #87

Jobs

Run details

Workflow file for this run