docker-ckan/.github/workflows/docker-manual.yml

name: Build and release image manually

on: workflow_dispatch

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
  CONTEXT: .
  BRANCH: ${{ github.ref_name }}
  DOCKERFILE_PATH: /ckan
  DOCKERFILE: Dockerfile

jobs:
  docker:
    name: manual/build-docker-push:${{ github.ref_name }}
    runs-on: ubuntu-latest

    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Check out code
        uses: actions/checkout@v4

      - name: Login to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          labels: |
            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
            org.opencontainers.image.version=${{ env.BRANCH }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: true
          tags: ${{ env.TAG }}
          labels: ${{ steps.meta.outputs.labels }}
          context: ${{ env.CONTEXT }}
          file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

      - name: Linting Dockerfile with hadolint in GH Actions
        uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

      - name: Run Trivy container image vulnerability scanner
        uses: aquasecurity/trivy-action@0.12.0
        with:
          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
          format: sarif
          output: trivy-results.sarif
  
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: always()
        with:
          sarif_file: trivy-results.sarif
Add docker-manual action and logo to README 2023-09-27 16:38:37 +02:00			`name: Build and release image manually`

			`on: workflow_dispatch`

			`env:`
			`REGISTRY: ghcr.io`
			`IMAGE_NAME: ${{ github.repository }}`
			`TAG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}`
			`CONTEXT: .`
			`BRANCH: ${{ github.ref_name }}`
			`DOCKERFILE_PATH: /ckan`
			`DOCKERFILE: Dockerfile`

			`jobs:`
			`docker:`
			`name: manual/build-docker-push:${{ github.ref_name }}`
			`runs-on: ubuntu-latest`

			`steps:`
			`- name: Set up QEMU`
			`uses: docker/setup-qemu-action@v3`

			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v3`

			`- name: Check out code`
			`uses: actions/checkout@v4`

			`- name: Login to registry`
			`uses: docker/login-action@v3`
			`with:`
			`registry: ${{ env.REGISTRY }}`
			`username: ${{ github.actor }}`
			`password: ${{ secrets.GITHUB_TOKEN }}`

			`- name: Extract Docker metadata`
			`id: meta`
			`uses: docker/metadata-action@v4`
			`with:`
			`images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}`
			`labels: \|`
			`org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md`
			`org.opencontainers.image.version=${{ env.BRANCH }}`

			`- name: Build and push`
			`uses: docker/build-push-action@v5`
			`with:`
			`push: true`
			`tags: ${{ env.TAG }}`
			`labels: ${{ steps.meta.outputs.labels }}`
			`context: ${{ env.CONTEXT }}`
			`file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}`

			`- name: Linting Dockerfile with hadolint in GH Actions`
			`uses: hadolint/hadolint-action@v3.1.0`
			`with:`
			`dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}`

			`- name: Run Trivy container image vulnerability scanner`
			`uses: aquasecurity/trivy-action@0.12.0`
			`with:`
			`image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}`
			`format: sarif`
			`output: trivy-results.sarif`

			`- name: Upload Trivy scan results to GitHub Security tab`
			`uses: github/codeql-action/upload-sarif@v2`
			`if: always()`
			`with:`
			`sarif_file: trivy-results.sarif`