Adding file

2025-06-27 16:56:57 +00:00 · 2025-06-04 13:05:35 +02:00 · 2025-06-04 13:05:35 +02:00 · 532fedbb62
commit 532fedbb62
parent 585bf37783
1 changed files with 108 additions and 0 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,108 @@
+name: Docker Build and Push
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'main'
+
+env:
+  DOCKERHUB_PREFIX: docker.io
+  GITHUB_CONTAINER_PREFIX: ghcr.io
+  DOCKER_IMAGE: donaldzou/wgdashboard
+
+jobs:
+  docker_build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Generate a shorter Git commit sha.
+        id: gen)short_sha
+        run: echo "SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DOCKERHUB_PREFIX }}
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GITHUB_CONTAINER_PREFIX }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: |
+            - linux/amd64
+            - linux/arm64
+            - linux/arm/v7
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta by docs https://github.com/docker/metadata-action
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKERHUB_PREFIX }}/${{ env.DOCKER_IMAGE }}
+            ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=ref,event=branch,format={{ref_name}}
+            type=raw,value=${{ env.SHORT_SHA }}
+
+            type=semver,pattern={{version}}
+            type=semver,pattern=latest
+      
+      - name: Print a message
+        run: echo "${{ steps.meta.outputs.tags }}"
+
+      - name: Build and export (multi-arch)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+
+  docker_scan:
+    runs-on: ubuntu-latest
+    needs: docker_build
+    steps:
+      - name: Docker Scout CVEs
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
+          only-severities: critical,high
+          only-fixed: true
+          write-comment: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          exit-code: true
+
+      - name: Docker Scout Compare
+        uses: docker/scout-action@v1
+        with:
+          command: compare
+          # Set to Github for maximum compat
+          image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:main
+          to: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest
+          only-severities: critical,high
+          ignore-unchanged: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}