workflow #1

	name: ci

	on:
	push:
	branches:
	- "main"

	jobs:
	docker:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	push: true
	tags: mawinkler/astrolive:latest

	- name: Vision One Container Security Scan Action
	uses: trendmicro/tmas-scan-action@1.0.10
	with:
	# Mandatory
	TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }}
	REGION: us-east-1

	# Optional
	SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
	MALWARE_SCAN: true # Enable malware scan.
	IMAGE: mawinkler/astrolive:latest # The image need to be public or the pipeline need to have access to the private image of choice.
	# LOCAL_IMAGE_TARBALL: image.tar
	# For each threshold below, select the maximum number of vulnerabilities that are acceptable.
	MAX_TOTAL: 1000
	MAX_CRITICAL: 1000
	MAX_HIGH: 1000
	MAX_MEDIUM: 1000
	MAX_LOW: 1000
	MAX_NEGLIGIBLE: 1000
	MAX_UNKNOWN: 1000
	SCAN_RESULT_ARTIFACT: result.json

	- name: Upload Scan Result Artifact
	uses: actions/upload-artifact@v3
	with:
	name: scan-result
	path: result.json
	retention-days: 30

	- name: Upload SBOM Artifact
	uses: actions/upload-artifact@v3
	with:
	name: sbom
	path: SBOM.json
	retention-days: 30

Provide feedback