docker-build-push.yml

name: docker-build-push

env:
  REGISTRY: docker.io
  IMAGE_NAME: gregnrobinson/cloud-tools

on:
  push:
    branches:
    - main
    paths:
    - 'image/amd64/Dockerfile'
    - 'image/arm64/Dockerfile'
    - '.github/workflows/docker-build-push.yml'
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * 0'
jobs:
  linux_arm64:
    env:
      PLATFORM: arm64
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
    - uses: actions/checkout@v2
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Login to GitHub Container Registry
      uses: docker/login-action@v2
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}
    - name: Extract metadata (tags, labels) for Docker
      id: meta
      uses: docker/metadata-action@v4
      with:
        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
        tags: |
          type=raw,value=${{ env.PLATFORM }}
    - name: Build and push Docker image
      uses: docker/build-push-action@v3
      with:
        context: ./image/${{ env.PLATFORM }}/
        push: true
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        platforms: linux/${{ env.PLATFORM }}
    - name: Trivy Vulnerability Scan
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PLATFORM }}
        format: table
        exit-code: '0'
        ignore-unfixed: true
        vuln-type: os,library
        severity: CRITICAL
      env:
        TRIVY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
        TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
  linux_amd64:
    env:
      PLATFORM: amd64
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
    - uses: actions/checkout@v2
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Login to GitHub Container Registry
      uses: docker/login-action@v2
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}
    - name: Extract metadata (tags, labels) for Docker
      id: meta
      uses: docker/metadata-action@v4
      with:
        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
        tags: |
          type=raw,value=${{ env.PLATFORM }}
    - name: Build and push Docker image
      uses: docker/build-push-action@v3
      with:
        context: ./image/${{ env.PLATFORM }}/
        push: true
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        platforms: linux/${{ env.PLATFORM }}
    - name: Trivy Vulnerability Scan
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PLATFORM }}
        format: table
        exit-code: '0'
        ignore-unfixed: true
        vuln-type: os,library
        severity: CRITICAL
      env:
        TRIVY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
        TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}